Securing Cisco Networks with Open Source Snort (SSFSNORT) v3.0 is a 4-day course that shows you how to deploy Snort® in small to enterprise-scale implementations. You will learn how to install, configure, and operate Snort in Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) modes. You’ll practice installing and configuring Snort, utilize additional software tools and define rules to configure and improve the Snort environment, and more. The course qualifies for 32 Cisco Continuing Education credits (CE) towards recertification. This course will help you: Learning how to implement Snort, an open-source, rule-based, intrusion detection and prevention system. Gain leading-edge skills for high-demand responsibilities focused on security.

starstarstarstarstar_half

* Actual course outline may vary depending on offering center. Contact your sales representative for more information.

Learning Objectives

Upon completing this course, the learner will be able to meet these overall objectives:
Define the use and placement IDS/IPS components.
Identify Snort features and requirements.
Compile and install Snort.
Define and use different modes of Snort.
Install and utilize Snort supporting software.

1

  • MODULE 1: DETECTING INTRUSIONS WITH SNORT 3.0

  • History of Snort

    IDS

    IPS

    IDS vs. IPS

    Examining Attack Vectors

    Application vs. Service Recognition

2

  • MODULE 2: SNIFFING THE NETWORK

  • Protocol Analyzers

    Configuring Global Preferences

    Capture and Display Filters

    Capturing Packets

    Decrypting Secure Sockets Layer (SSL) Encrypted Packets

3

  • MODULE 3: ARCHITECTING NEXTGEN DETECTION

  • Snort 3.0 Design

    Modular Design Support

    Plug Holes with Plugins

    Process Packets

    Detect Interesting Traffic with Rules

    Output Data

4

  • MODULE 4: CHOOSING A SNORT PLATFORM

  • Provisioning and Placing Snort

    Installing Snort on Linux

5

  • MODULE 5: OPERATING SNORT 3.0

  • Start Snort

    Monitor the System for Intrusion Attempts

    Define Traffic to Monitor

    Log Intrusion Attempts

    Actions to Take When Snort Detects an Intrusion Attempt

    License Snort and Subscriptions

6

  • MODULE 6: EXAMINING SNORT 3.0 CONFIGURATION

  • Introducing Key Features

    Configure Sensors

    Lua Configuration Wizard

7

  • MODULE 7: MANAGING SNORT

  • Pulled Pork

    Barnyard2

    Elasticsearch, Logstash, and Kibana (ELK)

8

  • MODULE 8: ANALYZING RULE SYNTAX AND USAGE

  • Anatomy of Snort Rules

    Understand Rule Headers

    Apply Rule Options

    Shared Object Rules

    Optimize Rules

    Analyze Statistics

9

  • MODULE 9: USE DISTRIBUTED SNORT 3.0

  • Design a Distributed Snort System

    Sensor Placement

    Sensor Hardware Requirements

    Necessary Software

    Snort Configuration

    Monitor with Snort

10

  • MODULE 10: EXAMINING LUA

  • Introduction to Lua

    Get Started with Lua

Audience

The primary audience for this course is as follows: Security administrators Security consultants Network administrators System engineers Technical support personnel Channel partners and resellers

Language

English

Prerequisites

The knowledge and skills that the learner should have before attending this course are as follows: Technical understanding of TCP/IP networking and network architecture Basic familiarity with firewall and IPS concepts This is the recommended Cisco course that may help you meet these prerequisites: Implementing and Administering Cisco Solutions (CCNA)

$3,600

Length: 4.0 days (32 hours)

Level:

Not Your Location? Change

Course Schedule:

To request a custom delivery, please chat with an expert.

Loading...