In this video from our Snort IDS Blast Course we will show you how to go about configuring Snort IDS. The course and the video are a few years old, but some things never change! The skills you learn here will be useful when you're dealing with IDS systems today. Dive in!
In this course, we will use the Security Onion operating system. Security Onion is based on Ubuntu Linux distro. It contains the Snort IDS, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. We will use the Snort IDS application for the majority of this blast course.
The target learning objective for this course is to introduce the student with to the Snort IDS. We will start with configuring Snort IDS to work properly. We will learn how to setup IP and Port variables for ease of management followed by being acquainted with basic Snort rules. We will then move to define our own custom rules. Finally, we will advance our learning by crafting complex Snort rules to enhance our network IDS capabilities and streamline processing power. This course is streamlined for advanced users who wish to add to their knowledge about IDS capabilities using Snort.
What will you learn?
The student will learn different methodologies of dissecting IP packets with the Snort IDS. By doing so, it allows the student to implement granular control over what will gain or be denied access to the internal or external network.
What skills will you gain?
The student will learn how to effectively implement an IDS solution that preserves processing power, trim log file output to what is only necessary as well as setup log trap threshold for IDS alerts.
What should you know before you join?
The student needs to understand how to compute in hexadecimal format, ASCII format and binary calculations. The student also needs to be familiar with IP subletting (both classful and classless).
What will you need:
- Host workstation capable of handling at least three VM's simultaneously with atleast 2048MB of VM memory – 1 Kali Linux, 1 Windows 7 and Security Onion for the Operating Systems
- Security Onion - https://github.com/Security-Onion-Solutions/security-onion/wiki/Installation
- 3 Virtual Ethernet Interfaces on the Security Onion. Eth0 in non-promiscuous mode. Eth1 and Eth2 in promiscuous mode
- A light FTP server installed on the Windows 7 VM
Ray holds a bachelor’s degree in computer information systems and a master’s degree in organizational leadership. His current certifications are CISSP, CEH, CCNA, N+ and the PMP. Ray freelances as an online IT instructor that includes CISSP, CEH and CCNA courses. He has also taught for various organizations on hacking with the Metasploit framework, scripting with Python and Ruby as well as other tools used for hacking. He occasionally provides IT security consultancy for various organizations. Ray resides in Augusta, Georgia USA. He has over 15 years of military and civilian IT security and project management experience.