SSFSNORT - Securing Cisco Networks with Open Source Snort



This lab-intensive course introduces you to the open source Snort� technology as well as rule writing. You will learn how to build and manage a Snort system using open source tools, plug-ins, as well as the Snort rule language to help manage, tune, and deliver feedback on suspicious network activity.

This course combines lecture materials and hands-on labs throughout to make sure that you are able to construct a solid, secure Snort installation and write Snort rules using proper syntax and structure.


  • Security administrators
  • Security consultants
  • Network administrators
  • System engineers
  • Technical support personnel using open source IDS and IPS
  • Channel partners and resellers


  • Technical understanding of TCP/IP networking and network architecture
  • Proficiency with Linux and UNIX text editing tools (vi editor is suggested but not required)

Learning Objectives

  • What Snort is and its basic architectural components
  • Snort's dynamic plug-in capabilities
  • Different modes of Snort operation
  • Perform installation and configuration of the Snort system
  • Install and configure Snorby
  • Configure and tune the Snort pre-processors
  • Rule maintenance and techniques to keep rules current
  • Create Snort rules using both simple and advanced rule-writing techniques
  • Monitor performance of a Snort deployment

1. Intrusion Sensing Technology, Challenges, and Sensor Deployment

2. Introduction to Snort Technology

3. Snort Installation

4. Configuring Snort for Database Output and Graphical Analysis

5. Operating Snort

6. Snort Configuration

7. Configuring Snort Preprocessors

8. Keeping Rules Up to Date

9. Building a Distributed Snort Installation

10. Basic Rule Syntax and Usage

11. Building a Snort IPS Installation

12. Rule Optimization

13. Using PCRE in Rules

14. Basic Snort Tuning

15. Using Byte_Jump/Test/Extract Rule Options

16. Protocol Modeling Concepts and Using Flowbits in Rule Writing

17. Case Studies in Rule Writing and Packet Analysis