Site Currently Down For Maintenance
Catalog > All Topics

Securing Cisco Networks with Snort Rule Writing Best Practices (SSFRULES v2.0)

Cisco
3 Days
Download Course Outline
$3,000.00
Request a Quote
30 Learning Credits
Share
Related Topics
Schedule
Export to CSV
  • No schedule events found for this course.
      • PC
        Private Class
        Privately train a group of your employees at your facility, virtually, or any of our locations.
    Request
  • LCLive Classroom
    Live Classroom
    Learn and interact with your instructor and peers in-person in our classrooms.
  • VCVirtual Classroom
    Virtual Classroom
    Attend any of our instructor-led classes virtually regardless of your physical location.
  • PCPrivate Class
    Private Class
    Privately train a group of your employees at your facility, virtually, or any of our locations.
  • GTRGuaranteed to Run
    Guaranteed to Run
    GTR classes are guaranteed to run as promised and delivered.
Course Summary
Show All

Description

Securing Cisco® Networks with Snort Rule Writing Best Practices (SSFRULES) is an instructor-led, lab-intensive, course that introduces users of open source Snort or Sourcefire FireSIGHT1 systems to the Snort rules language and rule-writing best practices.

You will focus exclusively on the Snort rules language and rule writing. Starting from rule syntax and structure to advanced rule option usage, you will analyze exploit packet captures and put the rule writing theories learned to work by implementing rule language features to trigger alerts on the offending network traffic.

This course also provides instruction and lab exercises on how to detect certain types of attacks, such as buffer overflows, using various rule writing techniques. You will test your rule writing skills with two challenges: a theoretical challenge that tests your knowledge of rule syntax and usage, and a practical challenge in which you analyze and research an exploiting event, so you can defend your installations against attacks

This course combines lecture materials and hands-on labs throughout to make sure that you are able to successfully understand and implement open source rules.

Objectives

After completing this course the student should be able to:

  • Describe the Snort rule development process
  • Describe the Snort basic rule syntax and usage
  • Describe how traffic is processed by Snort
  • Describe several advanced rule options used by Snort
  • Describe OpenAppID features and functionality
  • Describe how to monitor the performance of Snort and how to tune rules

 

Prerequisites

The knowledge and skills that a learner must have before attending this course are as follows:

  • Technical understanding of TCP/IP networking and network architecture
  • Working knowledge of how to use and operate Cisco and Sourcefire systems or open source Snort
  • Working knowledge of command-line text editing tools, such as the vi editor
  • Basic rule-writing experience is suggested

Who Should Attend

This course is designed for technical professionals who need to know how to write rules and understand open source Snort language.

The primary audience for this course includes:

  • Security administrators
  • Security consultants
  • Network administrators
  • System engineers
  • Technical support personnel using open source IDS and IPS
  • Channel partners and resellers

Outline

Module 1: Introduction to Snort Rule Development

Module 2: Snort Rule Syntax and Usage

Module 3: Traffic Flow Through Snort Rules

Module 4: Advanced Rule Options

Module 5: OpenAppID Detection

Module 6 Tuning Snort

Lab Outline

Lab 1: Connecting to the Lab Environment
Lab 2: Introducing Snort Rule Development
Lab 3: Basic Rule Syntax and Usage
Lab 4: Advanced Rule Options
Lab 5: OpenAppID
Lab 6: Tuning Snort

Related Topics