uCertify

IDS and IPS

(WU-CYB6030.AJ1)
Lessons
Lab
AI Tutor (Add-on)
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Introduction to Intrusion Detection and Prevention

  • The need for information security
  • Defense-in-depth strategy
  • The role of network IDS and IPS
  • Types of intrusion detection
  • The state of the art in IDS/IPS
  • IDS/IPS metrics
  • Evasions and attacks
2

History and Evolution of Snort and the Snort 3 System Architecture

  • The beginning of Snort
  • Snort 1 – key features and limitations
  • Snort 2 – key features, improvements, and limitations
  • The need for Snort 3
  • Design goals
  • Key components
  • Snort 3 system architecture
3

Installing and Configuring Snort3

  • Choosing an OS for installing Snort 3
  • Snort 3 installation process
  • Installing Snort 3 on CentOS
  • Installing Snort 3 on Kali (Debian)
  • Configuring Snort 3 – how?
  • Configuring Snort 3 – what?
  • Configuring your environment
  • Optimal configuration and tuning
  • Managing multiple policies and configurations
4

Data Acquisition, Packet Decoding, and Inspectors

  • The functionality of the DAQ layer
  • The performance of the DAQ Layer
  • Packet capture in Snort
  • The Snort 3 implementation of the DAQ layer
  • Configuring DAQ
  • OSI layering and packet structure
  • The role of packet decoding (Codecs)
  • Packet decoding in Snort 3
  • EthCodec – a layer 2 codec
  • IPv4Codec – a layer 3 codec
  • TcpCodec – a layer 4 codec
  • Code structure and other codecs
  • The role of inspectors
  • Types of inspectors
  • Snort 3 inspectors
5

Stream, HTTP, and DCE/RPC Inspectors

  • Relevant protocols for the stream inspector
  • The stream inspectors
  • Basics of HTTP
  • HTTP inspector
  • HTTP inspector configuration
  • A DCE/RPC overview
  • DCE/RPC inspectors
  • DCE/RPC rule options
6

IP Reputation, Rules, and Alert Subsystem

  • Background
  • Configuration of the IP reputation inspector module
  • Functionality of the IP reputation inspector
  • IP reputation inspector – alerts and pegs
  • Snort rule – the structure
  • Rule header
  • Rule options
  • Recommendations for writing good rules
  • Post-inspection processing
  • Alert formats
7

OpenAppID and Misc Topics on Snort3

  • The OpenAppID feature
  • Design and architecture
  • Snort 2 to Snort 3 migration
  • Troubleshooting Snort 3

1

Introduction to Intrusion Detection and Prevention

  • Performing Static Analysis with Ghidra
  • Using Syslog to Centralize Network Logs
  • Using the Metasploit RDP Post-Exploitation Module
  • Simulating a DoS Attack
  • Analyzing a Phishing Attack
  • Performing Reconnaissance on a Network
  • Configuring iptables to Allow or Deny Traffic
  • Creating Basic WAF Rules for a Web Application
  • Capturing Suspicious Traffic Using a Network-based IDS
  • Configuring Firewall Rules and Monitoring Network Logs Using pfSense
  • Viewing Linux Event Logs
  • Analyzing Malware Using VirusTotal
2

History and Evolution of Snort and the Snort 3 System Architecture

  • Configuring Snort 2
3

Installing and Configuring Snort3

  • Configuring Snort 3
4

Data Acquisition, Packet Decoding, and Inspectors

  • Decoding Ethernet Frames in Snort 3
  • Analyzing TCP Segments in Snort 3
  • Exploring Snort 3 Inspectors
5

Stream, HTTP, and DCE/RPC Inspectors

  • Capturing and Analyzing Network Traffic Using Wireshark
6

IP Reputation, Rules, and Alert Subsystem

  • Configuring the IP Reputation Inspector in Snort 3
  • Viewing Snort Alerts in Unified2 Format

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact Us Now

IDS and IPS

$239.99

Buy Now

Related Courses

All Courses
We use cookies for improving site experience and analytics. Learn More