Snort IDS – Workshop eBook

Download
File
Snort IDS Blast.pdf

Dear readers,

We present a new e-book, containing workshop materials from SNORT IDS BLAST COURSE. We would like to share them with those of you who do not participate in the course itself (we recommend you do that though). This e-book will be added to the course as a free download, for those of you who want to learn offline. All materials here were written by our wonderful instructor, Raymond Blockmon!

Enjoy!

Hakin9 Magazine
Editorial Team


If you are not a subscriber and want to buy this magazine click here


 Download Preview


TABLE OF CONTENT


Introduction


Module 1: Setting up and getting acquainted with the Snort IDS


 

    1. Task 1: Setup IP variables with the internal and external network


    1. Task 2: Setup Port variables with internal and external network


    1. Task 3: Setup log messages


    1. Module Challenge



 Module 2: Setting up basic Snort rules


    1. Task 1: Setup a Snort incoming packet rule to alert the network administrator


    1. Task 2: Setup a Snort rule to alert for a packet connecting to an FTP server


    1. Task 3: Setup a Snort rule to alert for FTP traffic searching for a specific file


    1. Module Challenge



Module 3: Configure Detect Offset (DOE) End Pointer (EP) and Byte Offset


 

    1. Task 1: Dissecting an incoming packet using DOE EP with a content match


    1. Task 2: Creating Snort rule using DOE EP with Offset modifier


    1. Task 3: Setup Snort Rule DOE EP with Offset and Depth content


    1. Module Challenge


    1. Bonus



Course Conclusion


COURSE DESCRIPTION:

In this course, we will use the Security Onion operating system. Security Onion is based on Ubuntu Linux distro. It contains the Snort IDS, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. We will use the Snort IDS application  for the majority of this blast course.

The target learning objective for this course is to introduce the student with to the Snort IDS.  We will  learn how to setup IP and Port variables for ease of management followed by being acquainted with basic Snort rules. We will then move to define our own custom rules. Finally, we will advance our learning by crafting complex Snort rules to enhance our network IDS capabilities and streamline processing power. This course is streamlined for advanced users who wish to add to their knowledge about IDS capabilities using Snort.

The course session will last for three weeks, but the course is self-paced – you can learn when you want!


VISIT COURSE PAGE: SNORT IDS BLAST COURSE


If you are not a subscriber and want to buy this magazine click here


This eBook contains the advance knowledge of Snort, If you want to gain more basic information, check Mastering in Intrusion Detection System [SNORT].  You will learn what is Snort and how it works.


Download
File
Snort IDS Blast.pdf

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.