Детальна програма курсу
- Module 1:Intrusion Sensing technology, Challenges, and SensorDeployment
- Module 2:Introduction to Snort Technology
- Module 3:Snort Installation
- Module 4:Cofiguring Snort for Database Output and Graphical Analaysis
- Module 5: Operating Snort
- Module 6: Snort Configuration
- Module 7: Configuring Snort Preprossors
- Module8: Keeping Rules Up to Date
- Module 9: Budilidng a Distributed Snort Instalation
- Module 10: Basic Rule Syntax and Usage
- Module 11: Buildling a Snort IPS Installation
- Module 12: Rule Optimization
- Module 13: Using PCRE in Rules
- Module 14: Basic Snort Tuning
- Module 15: Using Byte_Jump/Test/Extract Rule Options
- Module 16: Protocol Modeling Concepts and Using Flowbits in Rule Writing
- Module 17: Case Studies in Rule Writing and Packet Analysis
Lab Outline
- Lab 1:Install Snort and Its Components (Module 3)
- Lab 2:Barnyard2 Installation (Module 4)
- Lab 3:Barnyard and Snorby Configuration (Module 4)
- Lab 4:Operating Snort (Module 5)
- Lab 5:Configuring Your IDS/IPS Installation (Module 6)
- Lab 6:Portscan Configuration (Module 7)
- Lab 7:Stream Reassembly(Module 7)
- Lab 8:Pulled Pork Installation, Configuration, and Usage (Module 8)
- Lab 9: Building a Distributed Snort Installation (Module 9)
- Lab 10: Wrighting Custom Rules (Module 10)
- Lab 11: Building an Inline IPS (Module 11)
- Lab 12: Using the Drop Action (Module 11)
- Lab 13: Using the Replace Action (Module 11)
- Lab 14: Optimizing Rules (Module 12)
- Lab 15: Using and Testing PCRE in Rules (Module 13)
- Lab 16:Using Event Filtering (Module 14)
- Lab 17: Using Supression (Module 14)
- Lab 18: Configuring Rule Profiling (Module 14)
- Lab 19: Detecting SADMIND Trust with Byte_Jump and Byte_Test (Module 15)
- Lab 20: Using the Bitwise AND Operation in Byte_Test (Module 15)
- Lab 21: Detecting ZenWorks Directory Traversal with Byte_Extract (Module 15)
- Lab 22: Writing Flowbits Rules (Module 16)
- Lab 23: Research and Packet Analysis (Module 17)
- Lab 24: Revisiting the Kaminsky Vulnerability (Module 17)