Securing Cisco Networks with Open Source Snort® (SSFSNORT)
More Information:
- Learning Style: Virtual
- Provider: Cisco
- Difficulty: Intermediate
- Course Duration: 4 Days
- CLC: 40 Units
- Course Info: Download PDF
- Certificate: See Sample
Need Training for 5 or More People?
Customized to your team's need:
- Annual Subscriptions
- Private Training
- Flexible Pricing
- Enterprise LMS
- Dedicated Customer Success Manager
Course Information
About this course:
In this four-day course, Securing Cisco Networks with Open Source Snort®, students will learn how to build and manage a Snort® system using open source tools, plug-ins, as well as the Snort® rule language to help manage, tune, and deliver feedback on suspicious network activity.
This lab-intensive course introduces you to the open source Snort® technology, as well as rule writing. Among other powerful features, you become familiar with:
- How to build and manage a Snort® system
- How to update rules
- Snort® rules language
- The capabilities of Snort® when deployed passively and inline
The course begins by introducing the Snort® technology and progresses through the installation and operation of Snort®. You will discover the various output types that Snort® provides and learn about automated rule management including how to deploy and configure Pulled Pork, inline operations, and how to create custom Snort® rules, including advanced rule-writing techniques and OpenAppID.
This course combines lecture materials and hands-on labs that give you practice in deploying and managing Snort®.
Course Objective:
Upon completing this course, the learner will be able to meet these overall objectives:
- Snort technology and identify the resources that are available for maintaining a Snort deployment
- Install Snort on a Linux-based operating system
- Snort operation modes and their command-line options
- Snort intrusion detection output options
- Download and deploy a new rule set to Snort
- Configure the snort.conf file
- Configure Snort for inline operation and configure the inline-only features
- Snort basic rule syntax and usage
- How traffic is processed by the Snort engine
- Several advanced rule options used by Snort
- OpenAppID features and functionality
- How to monitor of Snort performance and how to tune rules
Audience:
The primary audience for this course is as follows:
- Security administrators
- Security consultants
- Network administrators
- System engineers
- Technical support personnel using open source IDS and IPS
- Channel partners and resellers
Prerequisite:
The knowledge and skills that the learner should have before attending this course are as follows:
- Networking and network protocols
- Linux command line utilities
- Text-editing utilities commonly found in Linux
- Network security concepts