Securing Cisco Networks with Open Source Snort (SSFSNORT) – Outline

Детальна програма курсу

  • Module 1:Intrusion Sensing technology, Challenges, and SensorDeployment
  • Module 2:Introduction to Snort Technology
  • Module 3:Snort Installation
  • Module 4:Cofiguring Snort for Database Output and Graphical Analaysis
  • Module 5: Operating Snort
  • Module 6: Snort Configuration
  • Module 7: Configuring Snort Preprossors
  • Module8: Keeping Rules Up to Date
  • Module 9: Budilidng a Distributed Snort Instalation
  • Module 10: Basic Rule Syntax and Usage
  • Module 11: Buildling a Snort IPS Installation
  • Module 12: Rule Optimization
  • Module 13: Using PCRE in Rules
  • Module 14: Basic Snort Tuning
  • Module 15: Using Byte_Jump/Test/Extract Rule Options
  • Module 16: Protocol Modeling Concepts and Using Flowbits in Rule Writing
  • Module 17: Case Studies in Rule Writing and Packet Analysis

Lab Outline

  • Lab 1:Install Snort and Its Components (Module 3)
  • Lab 2:Barnyard2 Installation (Module 4)
  • Lab 3:Barnyard and Snorby Configuration (Module 4)
  • Lab 4:Operating Snort (Module 5)
  • Lab 5:Configuring Your IDS/IPS Installation (Module 6)
  • Lab 6:Portscan Configuration (Module 7)
  • Lab 7:Stream Reassembly(Module 7)
  • Lab 8:Pulled Pork Installation, Configuration, and Usage (Module 8)
  • Lab 9: Building a Distributed Snort Installation (Module 9)
  • Lab 10: Wrighting Custom Rules (Module 10)
  • Lab 11: Building an Inline IPS (Module 11)
  • Lab 12: Using the Drop Action (Module 11)
  • Lab 13: Using the Replace Action (Module 11)
  • Lab 14: Optimizing Rules (Module 12)
  • Lab 15: Using and Testing PCRE in Rules (Module 13)
  • Lab 16:Using Event Filtering (Module 14)
  • Lab 17: Using Supression (Module 14)
  • Lab 18: Configuring Rule Profiling (Module 14)
  • Lab 19: Detecting SADMIND Trust with Byte_Jump and Byte_Test (Module 15)
  • Lab 20: Using the Bitwise AND Operation in Byte_Test (Module 15)
  • Lab 21: Detecting ZenWorks Directory Traversal with Byte_Extract (Module 15)
  • Lab 22: Writing Flowbits Rules (Module 16)
  • Lab 23: Research and Packet Analysis (Module 17)
  • Lab 24: Revisiting the Kaminsky Vulnerability (Module 17)