Introduction to Snort
​
​
​
​
​
​
​
​
​
​
​
​
The outline/syllabus for the course is as follows;
​
This three (3) day course is designed to introduce the IT security professional to the world's most effective and widely used Intrusion Detection System (IDS), Snort. When the students complete the course they will have;
(1) a fundamental understanding of the inner architecture of Snort;
(2) an ability to write their own custom Snort rules;
(3) configure Snort to output its alerts to a database for further analysis
(4) tune Snort for optimal performance
(5) how to install and configure Snort as an effective IDS/IPS
(6) choose an appropriate GUI interface for analysis
This course will be taught with hands-on labs using Snort in a Debian Linux environment.
Target Audience:
This course is designed for network administrators, security administrators, security consultants, and
other security professionals. Even those using other manufacturer's IDS's will gain from this course as it
will convey the basic inner workings of any IDS.
Prerequisites:
Although there are no prerequisites for this course, we have found that those with a solid understanding of TCP/IP protocol structure and Linux/Unix gain the most from the course. For those without this background, we spend part of the first day introducing these concepts and techniques to give the student adequate knowledge to complete the course.
​
​
​
Course Outline
Day 1
Introduction to Snort
Network Traffic Analysis
TCP/IP Fundamentals
Linux/Unix Fundamentals
Attack Vector Analysis
​
Installing, configuring SNORT
Configuration file
Upgrading
Sensor placement
Logging
Packet capture and analysis
Preprocessors
Day 2
Rule writing
Dynamic rules
Testing rules
Optimizing rules
Statistical analysis
Day 3
Management tools
Barnyard
Snorby
Performance Tuning and thresholding
Log and Alert analysis
Data Analysis Tools
Installing and Using Barnyard
​
To register for this course, go to our course registration page here.
​
​
​
The Introduction to Snort course is designed for the cyber security professional who is new to the world's most widely used NIDS/NIPS. Even if you aren't using Snort presently, this course is valuable in understanding how an Intrusion Detection System (IDS) works.