Securing Cisco Networks with Open Source SNORT (SSFSNORT)

Securing Cisco® Networks with Open Source Snort™ is an instructor-led course offered by Learning Services High-Touch Delivery. It is a lab-intensive course that introduces students to the open source Snort technology as well as rule writing. You will learn how to build and manage a Snort system using open source tools, plug-ins, and the Snort rule language to help manage, tune, and deliver feedback on suspicious network activity. This course combines lecture materials and hands-on labs throughout to make sure that you are able to construct a solid, secure Snort installation and write Snort rules using proper syntax and structure.

Retail Price: $4,155.00

Next Date: Request Date

Course Days: 4


Request a Date

Request Custom Course


About This Course

Securing Cisco® Networks with Open Source Snort™ is an instructor-led course offered by Learning Services High-Touch Delivery. It is a lab-intensive course that introduces students to the open source Snort technology as well as rule writing. You will learn how to build and manage a Snort system using open source tools, plug-ins, and the Snort rule language to help manage, tune, and deliver feedback on suspicious network activity.
 
This course combines lecture materials and hands-on labs throughout to make sure that you are able to construct a solid, secure Snort installation and write Snort rules using proper syntax and structure.

Audience Profile

Primary audience for this course are:

  • Security Administrators
  • Security Consultants
  • Network Administrators
  • System Engineers
  • Technical Support Personnel using Open Source IDS and IPS
  • Resellers

At Course Completion

Upon course completion, students should be able to:

  • Understand what Snort is and its basic architectural components
  • Understand Snort’s dynamic plug-in capapbilities
  • Understand the different modes of Snort operation
  • Perform installation and configuration of the Snort system
  • Install and configure Snorby
  • Configure and tune the Snort pre-processors
  • Understand rule maintenance and techniques to keep rules current
  • Create Snort rules using both simple and advanced rule-writing techniques
  • Monitor performance of a Snort deployment

Pre-requisites

Before attending this course, students should have the following:

  • Technical understanding of TCP/IP networking and network architecture
  • Proficiency with Linux and UNIX text editing tools (vi editor is suggested but not required)

Course Outline

Module 1: Intrusion Sensing technology, Challenges, and Sensor Deployment
Module 2: Introduction to Snort Technology
Module 3: Snort Installation
Module 4: Configuring Snort for Database Output and Graphical Analysis
Module 5: Operating Snort
Module 6: Snort Configuration
Module 7: Configuring Snort Preprocessors
Module 8: Keeping Rules Up-to-date
Module 9: Building a Distributed Snort Installation
Module 10: Basic Rule Syntax and Usage
Module 11: Building a Snort IPS Installation
Module 12: Rule Optimization
Module 13: Using Perl Compatible Regular Expressions (PCRE) in Rules
Module 14: Basic Snort Tuning
Module 15: Using Byte_Jump, Byte_Test and Byte_Extract Rule Options
Module 16: Protocol Modeling Concepts and Using Flowbits in Rule Writing
Module 17: Case Studies in Rule Writing and Packet Analysis



Sorry! It looks like we haven’t updated our dates for the class you selected yet. There’s a quick way to find out. Contact us at 502.265.3057 or email info@training4it.com


Request a Date