Skip to main Content

Securing Cisco Networks with Open Source Snort

  • Course Code SSFSNORT
  • Duration 4 days
  • Version 3.0

Course Delivery

Additional Payment Options

  • GTC 42 inc. VAT

    GTC, Global Knowledge Training Credit, please contact Global Knowledge for more details

  • CLC 36 excl. VAT

Virtual Learning Price

SAR15,000.00

excl. VAT

Request Group Training Add to Cart

Jump to:

Course Delivery

This course is available in the following formats:

  • Public Classroom

    Traditional Classroom Learning

  • Virtual Learning

    Learning that is virtual

Request this course in a different delivery format.

Download Course Details

Course Overview

Top

The Securing Cisco Networks with Open Source Snort course shows you how to deploy Snort® in small to enterprise-scale implementations. You will learn how to install, configure, and operate Snort in Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) modes. You’ll practice installing and configuring Snort, utilize additional software tools and define rules to configure and improve the Snort environment, and more

Course Schedule

Top
    • Delivery Format: Virtual Learning
    • Date: 20-23 January, 2025
    • Location: Virtual
    Request Space
View Entire Schedule Dates in Other Countries

Target Audience

Top

This course is designed for technical professionals who need to know how to deploy open source intrusion detection systems (IDS) and intrusion prevention systems (IPS), and write Snort rules.

 

Show me more

Course Objectives

Top

After completing this course, you should be able to:

  • Define the use and placement IDS/IPS components.
  • Identify Snort features and requirements.
  • Compile and install Snort.
  • Define and use different modes of Snort.
  • Install and utilize Snort supporting software
Show me more

Course Content

Top

Detecting Intrusions with Snort 3.0

  • History of Snort
  • IDS
  • IPS
  • IDS vs. IPS
  • Examining Attack Vectors
  • Application vs. Service Recognition

Sniffing the Network

  • Protocol Analyzers
  • Configuring Global Preferences
  • Capture and Display Filters
  • Capturing Packets
  • Decrypting Secure Sockets Layer (SSL) Encrypted Packets

Architecting Nextgen Detection

  • Snort 3.0 Design
  • Modular Design Support
  • Plug Holes with Plugins
  • Process Packets
  • Detect Interesting Traffic with Rules
  • Output Data

Choosing a Snort Platform

  • Provisioning and Placing Snort
  • Installing Snort on Linux

Operating Snort 3.0

  • Topic 1: Start Snort
  • Monitor the System for Intrusion Attempts
  • Define Traffic to Monitor
  • Log Intrusion Attempts
  • Actions to Take When Snort Detects an Intrusion Attempt
  • License Snort and Subscriptions

Examining Snort 3.0 Configuration

  • Introducing Key Features
  • Configure Sensors
  • Lua Configuration Wizard

Managing Snort

  • Pulled Pork
  • Barnyard2
  • Elasticsearch, Logstash, and Kibana (ELK)

Analyzing Rule Syntax and Usage

  • Anatomy of Snort Rules
  • Understand Rule Headers
  • Apply Rule Options
  • Shared Object Rules
  • Optimize Rules
  • Analyze Statistics

Use Distributed Snort 3.0

  • Design a Distributed Snort System
  • Sensor Placement
  • Sensor Hardware Requirements
  • Necessary Software
  • Snort Configuration
  • Monitor with Snort

Examining Lua

  • Introduction to Lua
  • Get Started with Lua
Labs
  • Capture and Analyze Packets
  • Initiate the Snort Installation
  • Complete an Installation of Snort
  • Configure and Run Snort
  • Tweak the Installation
  • Rapid Deployment with Lua
  • Integrate Snort Optimizers
  • Analyze Rule Syntax
  • Hello World Lua Style
Show me more

Course Prerequisites

Top

Attendees should meet the following prerequisites:

  • Technical understanding of TCP/IP networking and network architecture
  • Basic familiarity with firewall and IPS concepts
Show me more

Test Certification

Top

Recommended as preparation for exams:

  • There are no exams currently aligned to this course
Show me more