Securing Networks with Open-Source Snort Bootcamp

Engineers that require an in-depth knowledge of Open-Source Snort.

Attendees will learn how to define the use and placement IDS/IPS components, identify Snort features and requirements, compile and install Snort, define, and use different modes of Snort and install and utilize Snort supporting software.

Detecting Intrusions with Snort 3.0

• • History of Snort
  • IDS
  • IPS
  • IDS vs. IPS
  • Examining Attack Vectors
  • Application vs. Service Recognition

Sniffing the Network

• • Protocol Analyzers
  • Configuring Global Preferences
  • Capture and Display Filters
  • Capturing Packets
  • Decrypting Secure Sockets Layer (SSL) Encrypted Packets

Architecting Nextgen Detection

• • Snort 3.0 Design
  • Modular Design Support
  • Plug Holes with Plugins
  • Process Packets
  • Detect Interesting Traffic with Rules
  • Output Data

Choosing a Snort Platform

• • Provisioning and Placing Snort
  • Installing Snort on Linux

Operating Snort 3.0

• • Topic 1: Start Snort
  • Monitor the System for Intrusion Attempts
  • Define Traffic to Monitor
  • Log Intrusion Attempts
  • Actions to Take When Snort Detects an Intrusion Attempt
  • License Snort and Subscriptions

Examining Snort 3.0 Configuration

• • Introducing Key Features
  • Configure Sensors
  • Lua Configuration Wizard

Managing Snort

• • Pulled Pork
  • Barnyard2
  • Elasticsearch, Logstash, and Kibana (ELK)

Analyzing Rule Syntax and Usage

• • Anatomy of Snort Rules
  • Understand Rule Headers
  • Apply Rule Options
  • Shared Object Rules
  • Optimize Rules
  • Analyze Statistics

Use Distributed Snort 3.0

• • Design a Distributed Snort System
  • Sensor Placement
  • Sensor Hardware Requirements
  • Necessary Software
  • Snort Configuration
  • Monitor with Snort

Examining Lua

• • Introduction to Lua
  • Get Started with Lua

It is highly recommended to attend Securing Networks with Cisco Firepower Next Generation Firewall Bootcamp.