Securing Cisco Networks with Snort Rule Writing Best Practices

Session Detail:    Virtual 3 Day

This course also provides instruction and lab exercises on how to detect certain types of attacks, such as buffer overflows, utilizing various rule-writing techniques. You will test your rule-writing skills in two challenges: a theoretical challenge that tests knowledge of rule syntax and usage, and a practical challenge in which we present an exploit for you to analyze and research so you can defend your installations against the attack. This course combines lecture materials and hands-on labs throughout to make sure that you are able to successfully understand and implement open source rules.

About this Course

This course also provides instruction and lab exercises on how to detect certain types of attacks, such as buffer overflows, utilizing various rule-writing techniques. You will test your rule-writing skills in two challenges: a theoretical challenge that tests knowledge of rule syntax and usage, and a practical challenge in which we present an exploit for you to analyze and research so you can defend your installations against the attack.

This course combines lecture materials and hands-on labs throughout to make sure that you are able to successfully understand and implement open source rules.

Audience Profile

Primary audience for this course are:

  • Security administrators
  • Security consultants
  • Network administrators
  • System engineers
  • Technical support personnel
  • Channel partners and resellers

At Course Completion

Upon course completion, students should be able to:

  • Understand rule structure, rule syntax, rule options, and their usage
  • Configure and create Snort rules
  • Understand the rule optimization process to create efficient rules
  • Understand preprocessors and how data is presented to the rule engine
  • Create and implement functional Regular Expressions in Snort rules
  • Design and apply rules using byte_jump/test/extract rule options
  • Understand the concepts behind protocol modeling to write rules that perform better

Prerequisites

Before attending the following, students should have the following knowledge or experience:

  • Technical understanding of TCP/IP networking and network architecture
  • Working knowledge of how to use and operate Cisco and Sourcefire systems or open source Snort
  • Working knowledge of command-line text editing tools, such as the vi editor
  • Basic rule-writing experience is suggested

Session Outline

Class Outline

Module 1: Welcome to the Cisco and Sourcefire Virtual Network

Module 2: Basic Rule Syntax and Usage

Module 3: Rule Optimization

Module 4: Using Perl Compatible Regular Expressions (PCRE) in Rules

Module 5: Using Byte_Jump, Byte_Test and Byte_Extract Rule Options

Module 6: Protocol Modeling Concepts and Using Flowbits in Rule Writing

Module 7: Case Sudies in Rule Writing and Packet Analysis

Module 8: Rule Performance Monitoring

Module 9: Rule Writing Practical Labs, Exercises, and Challenges

Need to train your team?

All of our sessions can be customized to meet your team’s specific need. Build the perfect program by picking and choosing topics from any of the courses in our catalog. A personalized private session gives you the ultimate flexibility and helps maximize your team’s valuable time!

Requesting Team Training
DateTimeTypePriceAdd To Cart

Securing Cisco Networks with Snort Rule Writing Best Practices

3 Day
Virtual

$3,115.00

Chat with a Coach

Chat with a Coach

Have a more immediate need? Why spend the next hour searching online for answers when you can spend just 15 minutes with one of our experts and get accurate and personalized answers to all of your questions. 

$9.99 | 15 Minutes

Book Now