SSFSNORT - Securing Cisco Networks with Open Source Snort v2.1

This lab-intensive course introduces you to the open source Snort technology, as well as rule writing. Among other powerful features, you become familiar with:

• How to build and manage a Snort system
• How to update rules
• Snort rules language
• The capabilities of Snort when deployed passively and inline

The course begins by introducing the Snort technology and progresses through the installation and operation of Snort. You will discover the various output types that Snort provides and learn about automated rule management including how to deploy and configure Pulled Pork, inline operations, and how to create custom Snort rules, including advanced rule-writing techniques and OpenAppID.

This course combines lecture materials and hands-on labs that give you practice in deploying and managing Snort.

This course is eligible for 32 Continuing Education Credits (ILT & ELT Modality).

1. Intrusion Sensing Technology, Challenges, and Sensor Deployment

2. Introduction to Snort Technology

3. Snort Installation

4. Configuring Snort for Database Output and Graphical Analysis

5. Operating Snort

6. Snort Configuration

7. Configuring Snort Preprocessors

8. Keeping Rules Up to Date

9. Building a Distributed Snort Installation

10. Basic Rule Syntax and Usage

11. Building a Snort IPS Installation

12. Rule Optimization

13. Using PCRE in Rules

14. Basic Snort Tuning

15. Using Byte_Jump/Test/Extract Rule Options

16. Protocol Modeling Concepts and Using Flowbits in Rule Writing

17. Case Studies in Rule Writing and Packet Analysis

Basic understanding of:

• Networking and network protocols
• Linux command line utilities
• Text-editing utilities commonly found in Linux
• Network security concepts

• Security administrators
• Security consultants
• Network administrators
• System engineers
• Technical support personnel using open source IDS and IPS
• Channel partners and resellers