SSFRULES – Securing Cisco Networks with Snortï¿½ Rule Writing Best Practices

SSFRULES - Securing Cisco Networks with Snort Rule Writing Best Practices

COURSE OUTLINE:

Description

In this course, you will learn about the key features and characteristics of a typical Snort rule development environment. You will develop and test custom rules in a preinstalled Snort environment and identify how to use advanced rule-writing techniques. You will investigate how to include OpenAppID in your rules and also identify how to filter rules and monitor their performance.ï¿½

This course combines lecture materials and hands-on labs that give you practice in creating Snort rules.ï¿½

This lab-intensive course introduces you to Snort rule writing. Among other powerful features, you become familiar with:ï¿½

Snort rule development
Snort rule language
Standard and advanced rule options
OpenAppID
Tuning

Audience

Security administrators
Security consultants
Network administrators
System engineers
Technical support personnel
Channel partners and resellers

Prerequisites

Basic understanding of:

Networking and network protocols
Linux command-line utilities
Text-editing utilities commonly found in Linux
Network security concepts
Snort-based IDS/IPS system

Learning Objectives

Snort rule development process
Snort basic rule syntax and usage
How traffic is processed by Snort
Several advanced rule options used by Snort
OpenAppID features and functionality
How to monitor the performance of Snort and how to tune rules

Introduction to Snort Rule Development
Snort Rule Syntax and Usage
Traffic Flow Through Snort Rules
Advanced Rule Options
OpenAppID Detection
Tuning Snort

RELATED COURSES

Technical Training
Cisco

Implementing Cisco Unified Wireless Networking Essentials

Course topics include basic wireless components and terminology, wireless and antennae fundamentals, controller and AP options, utilizing configuration interfaces, monitoring tools, and an overview of endpoint security – including APs and client devices. Utilizing the skills learned in this course, participants will be able to design, install, configure, monitor and perform basic troubleshooting of a Cisco WLAN in small and medium-sized business and enterprise installations.

Technical Training
Cisco

Applying Cisco Business Architecture Discipline-DTBAS v1.1

As businesses undertake a digital transformation, working towards a journey to deliver on the promises of the digital business roadmap, it is incumbent upon the technology partners to suitably deliver value above and beyond the technology components. This journey from the Cisco side began in 2013 with the launch of the business outcomes sales approach, and is now evolving into a Business Architecture lead process, expanding the scope, and increasing the role of the Cisco Business Architect in the process.

Technical Training
Cisco

Optimizing Converged Cisco Networks

Students will learn the characteristics of real-time multi-media traffic, sich as voice, and you'll investigate the immportance of Quality of Service management on the network and learn about the application of wireless technologies to the enterprise. The management of Wireless LAN Controllers across the enterprise using Cisco's Wireless Control System is also explored.

Technical Training
Cisco

Implementing CiscoWorks LMS, Version 3.1 (CWLMS)

Implementing CiscoWorks LMS (CWLMS) version 3.1 teaches learners how to use the CiscoWorks applications
contained in the CiscoWorks LAN Management Solution (LMS) v3.1 bundle. The focus is on finding the correct
tools within CiscoWorks to document the network, log changes that occur, deploy global changes to devices,
monitor network performance, and manage network faults. The labs are designed so that learners share two
CiscoWorks servers set up in a multi-server trust environment