CI-SSFRules
CI-SSFRules
Securing Cisco Networks with Snort Rule Writing Best Practices
Price:
Duration:
USD 2,450 excl. VAT
3 Days
CLC's:
28
CE
24 Credits
Who Should Attend
This course is for technical professionals to gain skills in writing rules for Snort-based Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). The primary audience includes:
• Security administrators
• Security consultants
• Network administrators
• System engineers
• Technical support personnel using open source IDS and IPS
• Channel partners and resellers
Prerequisites
To fully benefit from this course, you should have:
• Basic understanding of networking and network protocols
• Basic knowledge of Linux command-line utilities
• Basic knowledge of text editing utilities commonly found in Linux
• Basic knowledge of network security concepts
• Basic knowledge of a Snort-based IDS/IPS system
What you will Learn
The Securing Cisco Networks with Snort Rule Writing Best Practices (SSF Rules) v2.1 course shows you how to write rules for Snort, an open-source intrusion detection and prevention system. Through a combination of expert-instruction and hands-on practice,
this course provides you with the knowledge and skills to develop and test custom rules, standard and advanced rules-writing techniques, how to integrate OpenAppID into rules, rules filtering, rules tuning, and more. The hands-on labs give you practice in creating and testing Snort rules
Course Objectives
After taking this course, you should be able to:
• Describe the Snort rule development process
• Describe the Snort basic rule syntax and usage
• Describe how traffic is processed by Snort
• Describe several advanced rule options used by Snort
• Describe OpenAppID features and functionality
• Describe how to monitor the performance of Snort and how to tune rules
Course Outline
• Introduction to Snort Rule Development
• Snort Rule Syntax and Usage
• Traffic Flow Through Snort Rules
• Advanced Rule Options
• OpenAppID Detection
• Tuning Snor