Securing Cisco Networks with Snort Rule Writing Best Practices (SSFRULES)

After completing this course, you should be able to:

• Describe the Snort rule development process
• Describe the Snort basic rule syntax and usage
• Describe how traffic is processed by Snort
• Describe several advanced rule options used by Snort
• Describe OpenAppID features and functionality
• Describe how to monitor the performance of Snort and how to tune rules

• Module 1: Introduction to Snort Rule Development
• Module 2: Snort Rule Syntax and Usage
• Module 3: Traffic Flow Through Snort Rules
• Module 4: Advanced Rule Options
• Module 5: OpenAppID Detection
• Module 6: Tuning Snort

• Lab 1: Connecting to the Lab Environment
• Lab 2: Introducing Snort Rule Development
• Lab 3: Basic Rule Syntax and Usage
• Lab 4: Advanced Rule Options
• Lab 5: OpenAppID
• Lab 6: Tuning Snort

Lab Topology:

• Basic understanding of networking and network protocols
• Basic knowledge of Linux command-line utilities
• Basic knowledge of text editing utilities commonly found in Linux
• Basic knowledge of network security concepts
• Basic knowledge of a Snort-based IDS/IPS system

This course is designed for technical professionals who need to know how to deploy Open Source Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), as well as write Snort rules.

The primary audience for this course includes:

• Security Administrators
• Security Consultants
• Network Administrators
• System Engineers
• Technical Support Personnel using Open Source IDS and IPS
• Resellers