SNORT® IDS/IPS Technology + Rule Writing Best Practices

Überblick: Bei diesem kompaktem Kurs erhalten Sie das Wissen der beiden ansonsten auch getrennt buchbaren Kurse "Snort IDS/IPS" und "Rule Writing Best Practices". Dieser Kurs ist kompakter als die beiden einzelnen Kurse.

Die Schulung erfolgt in Deutsch mit den originalen englischen Unterlagen.

Voraussetzungen: This course assumes that students have a technical understanding of TCP/IP networking and network architecture. Proficiency with Linux and UNIX text editing tools (vi editor) is suggested, not required.

Inhalt:
* Introduction to Snort®
* Snort® architecture
* Snort® sensor deployment
* Snort® installation
* Snort® configuration and operation
* Snort® output processing
* Rule management
* Snort® rule writing and general syntax
* Tuning preprocessors and rule tuning
* Snort® tuning
* In depth analysis using Snort® and Base
* Configuring a Distributed Snort® Sensor Installation
* Database Maintenance
* Configuring Snort® In-Line
* Miscellaneous Detection Features: Host Attribute Table, SO Rules and Decoder/Preprocessor Alert Options
* Using High-Performance Packet Capture Drivers

Rule Writing Beste Practices

Überblick: This workshop is for Sourcefire 3D® System customers and open source Snort® users focusing exclusively on the Snort® rules language and rule writing. Starting from rule syntax and structure to advanced rule option usage, students will analyze exploit packet captures and put the rule writing theory they learn to work by implementing rule language features to trigger alerts on the offending network traffic. This instructor-led course also provides instruction and lab exercises on how to detect certain types of attacks such as buffer overflows utilizing various rule writing techniques. Students will be able to test their rule writing skills by way of two challenges: a theoretical challenge that tests their knowledge of rule syntax and usage, and a practical challenge in which an exploit is presented for students to analyze and research so they can defend their installations against the attack.

Die Schulung erfolgt in Deutsch mit den originalen englischen Unterlagen.

Voraussetzungen: Students must have a technical understanding of TCP/IP networking and network architecture. This course assumes students have a working knowledge of how to use and operate the Sourcefire 3D® System or open source Snort®. It also assumes a working knowledge of command line text editing tools, such as (vi). Basic rule writing experience is suggested, but not required.

Inhalt:
* Rule Syntax and Basic Language Usage
* Rule Optimization and The Fast Pattern Matcher
* PCRE in Snort Rules
* The Byte_Jump and Byte_Test Rule Options
* Flowbits Usage and Protocol Modeling
* IPS Mode Rule Options: Blocking Connections and Replacing Content
* Measuring Rule Performance
* Rule Writing Techniques: How To Detect Specific Types Of Exploits Such As Buffer Overflows
* Rule Writing Best Practices
* Theoretical Rule Writing Challenge
* Practical Rule Writing Challenge

Dauer: 5 Tage

Preis (Netto): 4.000,00 EUR Preis : 4760,00 EUR inkl 19% MwSt.