uCertify

IDS and IPS with Snort 3

(IDS-IPS.AJ1)
Lessons
Lab
AI Tutor (Add-on)
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Introduction

  • Who this course is for
  • What this course covers
  • To get the most out of this course
  • Conventions used
2

Introduction to Intrusion Detection and Prevention

  • The need for information security
  • Defense-in-depth strategy
  • The role of network IDS and IPS
  • Types of intrusion detection
  • The state of the art in IDS/IPS
  • IDS/IPS metrics
  • Evasions and attacks
  • Summary
3

The History and Evolution of Snort

  • The beginning of Snort
  • Snort 1 – key features and limitations
  • Snort 2 – key features, improvements, and limitations
  • The need for Snort 3
  • Summary
4

Snort 3 – System Architecture and Functionality

  • Design goals
  • Key components
  • Snort 3 system architecture
  • Summary
5

Installing Snort 3

  • Choosing an OS for installing Snort 3
  • Snort 3 installation process
  • Installing Snort 3 on CentOS
  • Installing Snort 3 on Kali (Debian)
  • Summary
6

Configuring Snort 3

  • Configuring Snort 3 – how?
  • Configuring Snort 3 – what?
  • Configuring your environment
  • Optimal configuration and tuning
  • Managing multiple policies and configurations
  • Summary
7

Data Acquisition

  • The functionality of the DAQ layer
  • The performance of the DAQ Layer
  • Packet capture in Snort
  • The Snort 3 implementation of the DAQ layer
  • Configuring DAQ
  • Summary
8

Packet Decoding

  • OSI layering and packet structure
  • The role of packet decoding (Codecs)
  • Packet decoding in Snort 3
  • EthCodec – a layer 2 codec
  • IPv4Codec – a layer 3 codec
  • TcpCodec – a layer 4 codec
  • Code structure and other codecs
  • Summary
9

Inspectors

  • The role of inspectors
  • Types of inspectors
  • Snort 3 inspectors
  • Summary
10

Stream Inspectors

  • Relevant protocols for the stream inspector
  • The stream inspectors
  • Summary
11

HTTP Inspector

  • Basics of HTTP
  • HTTP inspector
  • HTTP inspector configuration
  • Summary
12

DCE/RPC Inspectors

  • A DCE/RPC overview
  • DCE/RPC inspectors
  • DCE/RPC rule options
  • Summary
13

IP Reputation

  • Background
  • Configuration of the IP reputation inspector module
  • Functionality of the IP reputation inspector
  • IP reputation inspector – alerts and pegs
  • Summary
14

Rules

  • Snort rule – the structure
  • Rule header
  • Rule options
  • Recommendations for writing good rules
  • Summary
15

Alert Subsystem

  • Post-inspection processing
  • Alert formats
  • Summary
16

OpenAppID

  • The OpenAppID feature
  • Design and architecture
  • Summary
17

Miscellaneous Topics on Snort 3

  • Snort 2 to Snort 3 migration
  • Troubleshooting Snort 3
  • Summary

1

Introduction to Intrusion Detection and Prevention

  • Analyzing Malware Using VirusTotal
  • Performing Static Analysis with Ghidra
  • Using Syslog to Centralize Network Logs
  • Using the Metasploit RDP Post-Exploitation Module
  • Simulating a DoS Attack
  • Analyzing a Phishing Attack
  • Performing Reconnaissance on a Network
  • Configuring iptables to Allow or Deny Traffic
  • Detecting File and System Changes with a HIDS
  • Creating Basic WAF Rules for a Web Application
  • Capturing Suspicious Traffic Using a Network-based IDS
2

The History and Evolution of Snort

  • Understanding Snort
3

Installing Snort 3

  • Installing Snort 3
4

Alert Subsystem

  • Viewing Snort Alerts in Unified2 and Syslog Formats

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact Us Now

IDS and IPS with Snort 3

$167.99

Pre-Order Now

Related Courses

All Courses