|
Course outline
Detecting Intrusions with Snort 3.0
- History of Snort
- IDS
- IPS
- IDS vs. IPS
- Examining Attack Vectors
- Application vs. Service Recognition
Sniffing the Network
- Protocol Analyzers
- Configuring Global Preferences
- Capture and Display Filters
- Capturing Packets
- Decrypting Secure Sockets Layer (SSL) Encrypted Packets
Architecting Nextgen Detection
- Snort 3.0 Design
- Modular Design Support
- Plug Holes with Plugins
- Process Packets
- Detect Interesting Traffic with Rules
- Output Data
Choosing a Snort Platform
- Provisioning and Placing Snort
- Installing Snort on Linux
Operating Snort 3.0
- Topic 1: Start Snort
- Monitor the System for Intrusion Attempts
- Define Traffic to Monitor
- Log Intrusion Attempts
- Actions to Take When Snort Detects an Intrusion Attempt
- License Snort and Subscriptions
Examining Snort 3.0 Configuration
- Introducing Key Features
- Configure Sensors
- Lua Configuration Wizard
Managing Snort
- Pulled Pork
- Barnyard2
- Elasticsearch, Logstash, and Kibana (ELK)
Analyzing Rule Syntax and Usage
- Anatomy of Snort Rules
- Understand Rule Headers
- Apply Rule Options
- Shared Object Rules
- Optimize Rules
- Analyze Statistics
Use Distributed Snort 3.0
- Design a Distributed Snort System
- Sensor Placement
- Sensor Hardware Requirements
- Necessary Software
- Snort Configuration
- Monitor with Snort
Examining Lua
- Introduction to Lua
- Get Started with Lua
Lab outline
- Capture and Analyze Packets
- Initiate the Snort Installation
- Complete an Installation of Snort
- Configure and Run Snort
- Tweak the Installation
- Rapid Deployment with Lua
- Integrate Snort Optimizers
- Analyze Rule Syntax
- Hello World Lua Style
|
