SSFSNORT - Securing Cisco Networks with Open Source Snort v3.0

Course outline

Detecting Intrusions with Snort 3.0

• History of Snort
• IDS
• IPS
• IDS vs. IPS
• Examining Attack Vectors
• Application vs. Service Recognition

Sniffing the Network

• Protocol Analyzers
• Configuring Global Preferences
• Capture and Display Filters
• Capturing Packets
• Decrypting Secure Sockets Layer (SSL) Encrypted Packets

Architecting Nextgen Detection

• Snort 3.0 Design
• Modular Design Support
• Plug Holes with Plugins
• Process Packets
• Detect Interesting Traffic with Rules
• Output Data

Choosing a Snort Platform

• Provisioning and Placing Snort
• Installing Snort on Linux

Operating Snort 3.0

• Topic 1: Start Snort
• Monitor the System for Intrusion Attempts
• Define Traffic to Monitor
• Log Intrusion Attempts
• Actions to Take When Snort Detects an Intrusion Attempt
• License Snort and Subscriptions

Examining Snort 3.0 Configuration

• Introducing Key Features
• Configure Sensors
• Lua Configuration Wizard

Managing Snort

• Pulled Pork
• Barnyard2
• Elasticsearch, Logstash, and Kibana (ELK)

Analyzing Rule Syntax and Usage

• Anatomy of Snort Rules
• Understand Rule Headers
• Apply Rule Options
• Shared Object Rules
• Optimize Rules
• Analyze Statistics

Use Distributed Snort 3.0

• Design a Distributed Snort System
• Sensor Placement
• Sensor Hardware Requirements
• Necessary Software
• Snort Configuration
• Monitor with Snort

Examining Lua

• Introduction to Lua
• Get Started with Lua

Lab outline

• Capture and Analyze Packets
• Initiate the Snort Installation
• Complete an Installation of Snort
• Configure and Run Snort
• Tweak the Installation
• Rapid Deployment with Lua
• Integrate Snort Optimizers
• Analyze Rule Syntax
• Hello World Lua Style