Course Overview
TOPThis lab-intensive course introduces you to the open source Snort technology, as well as rule writing. Among other powerful features, you become familiar with:
- How to build and manage a Snort system
- How to update rules
- Snort rules language
- The capabilities of Snort when deployed passively and inline
The course begins by introducing the Snort technology and progresses through the installation and operation of Snort. You will discover the various output types that Snort provides and learn about automated rule management including how to deploy and configure Pulled Pork, inline operations, and how to create custom Snort rules, including advanced rule-writing techniques and OpenAppID.
This course combines lecture materials and hands-on labs that give you practice in deploying and managing Snort.
This course is eligible for 32 Continuing Education Credits (ILT & ELT Modality).
Scheduled Classes
TOPOutline
TOP1. Intrusion Sensing Technology, Challenges, and Sensor Deployment
2. Introduction to Snort Technology
3. Snort Installation
4. Configuring Snort for Database Output and Graphical Analysis
5. Operating Snort
6. Snort Configuration
7. Configuring Snort Preprocessors
8. Keeping Rules Up to Date
9. Building a Distributed Snort Installation
10. Basic Rule Syntax and Usage
11. Building a Snort IPS Installation
12. Rule Optimization
13. Using PCRE in Rules
14. Basic Snort Tuning
15. Using Byte_Jump/Test/Extract Rule Options
16. Protocol Modeling Concepts and Using Flowbits in Rule Writing
17. Case Studies in Rule Writing and Packet Analysis
Prerequisites
TOPBasic understanding of:
- Networking and network protocols
- Linux command line utilities
- Text-editing utilities commonly found in Linux
- Network security concepts
Who Should Attend
TOP- Security administrators
- Security consultants
- Network administrators
- System engineers
- Technical support personnel using open source IDS and IPS
- Channel partners and resellers