uCertify

IDS and IPS with Snort 3

(IDS-IPS.AJ1)
Lessons
Lab
AI Tutor (Add-on)
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Introduction

  • Who this course is for
  • What this course covers
  • To get the most out of this course
  • Conventions used
2

Introduction to Intrusion Detection and Prevention

  • The need for information security
  • Defense-in-depth strategy
  • The role of network IDS and IPS
  • Types of intrusion detection
  • The state of the art in IDS/IPS
  • IDS/IPS metrics
  • Evasions and attacks
  • Summary
3

The History and Evolution of Snort

  • The beginning of Snort
  • Snort 1 – key features and limitations
  • Snort 2 – key features, improvements, and limitations
  • The need for Snort 3
  • Summary
4

Snort 3 – System Architecture and Functionality

  • Design goals
  • Key components
  • Snort 3 system architecture
  • Summary
5

Installing Snort 3

  • Choosing an OS for installing Snort 3
  • Snort 3 installation process
  • Installing Snort 3 on CentOS
  • Installing Snort 3 on Kali (Debian)
  • Summary
6

Configuring Snort 3

  • Configuring Snort 3 – how?
  • Configuring Snort 3 – what?
  • Configuring your environment
  • Optimal configuration and tuning
  • Managing multiple policies and configurations
  • Summary
7

Data Acquisition

  • The functionality of the DAQ layer
  • The performance of the DAQ Layer
  • Packet capture in Snort
  • The Snort 3 implementation of the DAQ layer
  • Configuring DAQ
  • Summary
8

Packet Decoding

  • OSI layering and packet structure
  • The role of packet decoding (Codecs)
  • Packet decoding in Snort 3
  • EthCodec – a layer 2 codec
  • IPv4Codec – a layer 3 codec
  • TcpCodec – a layer 4 codec
  • Code structure and other codecs
  • Summary
9

Inspectors

  • The role of inspectors
  • Types of inspectors
  • Snort 3 inspectors
  • Summary
10

Stream Inspectors

  • Relevant protocols for the stream inspector
  • The stream inspectors
  • Summary
11

HTTP Inspector

  • Basics of HTTP
  • HTTP inspector
  • HTTP inspector configuration
  • Summary
12

DCE/RPC Inspectors

  • A DCE/RPC overview
  • DCE/RPC inspectors
  • DCE/RPC rule options
  • Summary
13

IP Reputation

  • Background
  • Configuration of the IP reputation inspector module
  • Functionality of the IP reputation inspector
  • IP reputation inspector – alerts and pegs
  • Summary
14

Rules

  • Snort rule – the structure
  • Rule header
  • Rule options
  • Recommendations for writing good rules
  • Summary
15

Alert Subsystem

  • Post-inspection processing
  • Alert formats
  • Summary
16

OpenAppID

  • The OpenAppID feature
  • Design and architecture
  • Summary
17

Miscellaneous Topics on Snort 3

  • Snort 2 to Snort 3 migration
  • Troubleshooting Snort 3
  • Summary

1

Introduction to Intrusion Detection and Prevention

  • Analyzing Malware Using VirusTotal
  • Performing Static Analysis with Ghidra
  • Using Syslog to Centralize Network Logs
  • Using the Metasploit RDP Post-Exploitation Module
  • Simulating a DoS Attack
  • Analyzing a Phishing Attack
  • Performing Reconnaissance on a Network
  • Configuring iptables to Allow or Deny Traffic
  • Detecting File and System Changes with a HIDS
  • Creating Basic WAF Rules for a Web Application
  • Capturing Suspicious Traffic Using a Network-based IDS
2

The History and Evolution of Snort

  • Understanding Snort
3

Installing Snort 3

  • Installing Snort 3
4

Alert Subsystem

  • Viewing Snort Alerts in Unified2 and Syslog Formats

IDS and IPS with Snort 3

$167.99

Buy Now

Related Courses

All Courses