SSFRules | Securing Cisco Networks with Snort Rule Writing Best Practices
 
The Securing Cisco Networks with Snort Rule Writing Best Practices (SSF Rules) v2.1 course shows you how to write rules for Snort, an open-source intrusion detection and prevention system. Through a combination of expert-instruction and hands-on practice, this course provides you with the knowledge and skills to develop and test custom rules, standard and advanced rules-writing techniques, how to integrate OpenAppID into rules, rules filtering, rules tuning, and more. The hands-on labs give you practice in creating and testing Snort rules.
 
Objectives
After taking this course, you should be able to:
Describe the Snort rule development process
Describe the Snort basic rule syntax and usage
Describe how traffic is processed by Snort
Describe several advanced rule options used by Snort
Describe OpenAppID features and functionality
Describe how to monitor the performance of Snort and how to tune rules
 
How you'll benefit
This course will help you:
Gain an understanding of characteristics of a typical Snort rule development environment
Gain hands-on practices on creating rules for Snort
Gain knowledge in Snort rule development, Snort rule language, standard and advanced rule options
 
Who should enroll
This course is for technical professionals to gain skills in writing rules for Snort-based Intrusion Detection Systems (IDS) and intrusion prevention systems (IPS). The primary audience includes:
Security administrators
Security consultants
Network administrators
System engineers
Technical support personnel using open source IDS and IPS
Channel partners and resellers
 
Technology
Security
 
Prerequisites
To fully benefit from this course, you should have:
Basic understanding of networking and network protocols
Basic knowledge of Linux command-line utilities
Basic knowledge of text editing utilities commonly found in Linux
Basic knowledge of network security concepts
Basic knowledge of a Snort-based IDS/IPS system
 
Course Outline
Introduction to Snort Rule Development
Snort Rule Syntax and Usage
Traffic Flow Through Snort Rules
Advanced Rule Options
OpenAppID Detection
Tuning Snort
Lab outline
Connecting to the Lab Environment
Introducing Snort Rule Development
Basic Rule Syntax and Usage
Advanced Rule Options
OpenAppID
Tuning Snort
 
Descargue el temario para conocer el detalle completo de los contenidos
 
Debido a las constantes actualizaciones de los contenidos de los cursos por parte del fabricante, el contenido de este temario puede variar con respecto al publicado en el sitio oficial, sin embargo, Netec siempre entregará la versión actualizada de éste