Sourcefire Classroom Training
SNORT® I
Overview
This three-day class is for those who want to learn how to build a Snort® sensor from scratch using many of the open source tools and plug-ins available to help manage, tune and deliver feedback on suspicious activity in your networks. It also takes an in-depth look at Snort® rules and Snort® rules language syntax. Hands-on labs with fully documented instructions help students construct solid, secure Snort® installations and understand the inner workings of the premier open source IDS/IPS available today. Students will also learn how to fine tune and configure Snort® in addition to creating high-performance rules and learning how to use Snort®’s rich set of features to monitor their sensor's performance.
Target Audience
This is a must course for Network Administrators, security administrators, security consultants and other security professionals responsible for deploying open source IDS/IPS sensors in their organizations.
Prerequisites
This course assumes that students have a technical understanding of TCP/IP networking and network architecture. Proficiency with Linux and UNIX text editing tools (vi editor) is suggested, not required.
Course Outline
- Introduction to Snort®
- Snort® architecture
- Snort® sensor deployment
- Snort® installation
- Snort® configuration and operation
- Snort® output processing
- Rule management
- Snort® rule writing and general syntax
- Tuning preprocessors and rule tuning
- Snort® tuning
- Using advanced rule options: byte_jump/byte_test and PCRE
|
