uCertify

IDS and IPS

(WU-CYB6030.AJ1)
Lessons
Lab
AI Tutor (Add-on)
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Introduction to Intrusion Detection and Prevention

  • The need for information security
  • Defense-in-depth strategy
  • The role of network IDS and IPS
  • Types of intrusion detection
  • The state of the art in IDS/IPS
  • IDS/IPS metrics
  • Evasions and attacks
2

History and Evolution of Snort and the Snort 3 System Architecture

  • The beginning of Snort
  • Snort 1 – key features and limitations
  • Snort 2 – key features, improvements, and limitations
  • The need for Snort 3
  • Design goals
  • Key components
  • Snort 3 system architecture
3

Installing and Configuring Snort3

  • Choosing an OS for installing Snort 3
  • Snort 3 installation process
  • Installing Snort 3 on CentOS
  • Installing Snort 3 on Kali (Debian)
  • Configuring Snort 3 – how?
  • Configuring Snort 3 – what?
  • Configuring your environment
  • Optimal configuration and tuning
  • Managing multiple policies and configurations
4

Data Acquisition, Packet Decoding, and Inspectors

  • The functionality of the DAQ layer
  • The performance of the DAQ Layer
  • Packet capture in Snort
  • The Snort 3 implementation of the DAQ layer
  • Configuring DAQ
  • OSI layering and packet structure
  • The role of packet decoding (Codecs)
  • Packet decoding in Snort 3
  • EthCodec – a layer 2 codec
  • IPv4Codec – a layer 3 codec
  • TcpCodec – a layer 4 codec
  • Code structure and other codecs
  • The role of inspectors
  • Types of inspectors
  • Snort 3 inspectors
5

Stream, HTTP, and DCE/RPC Inspectors

  • Relevant protocols for the stream inspector
  • The stream inspectors
  • Basics of HTTP
  • HTTP inspector
  • HTTP inspector configuration
  • A DCE/RPC overview
  • DCE/RPC inspectors
  • DCE/RPC rule options
6

IP Reputation, Rules, and Alert Subsystem

  • Background
  • Configuration of the IP reputation inspector module
  • Functionality of the IP reputation inspector
  • IP reputation inspector – alerts and pegs
  • Snort rule – the structure
  • Rule header
  • Rule options
  • Recommendations for writing good rules
  • Post-inspection processing
  • Alert formats
7

OpenAppID and Misc Topics on Snort3

  • The OpenAppID feature
  • Design and architecture
  • Snort 2 to Snort 3 migration
  • Troubleshooting Snort 3

1

Introduction to Intrusion Detection and Prevention

  • Performing Static Analysis with Ghidra
  • Using Syslog to Centralize Network Logs
  • Using the Metasploit RDP Post-Exploitation Module
  • Simulating a DoS Attack
  • Analyzing a Phishing Attack
  • Performing Reconnaissance on a Network
  • Configuring iptables to Allow or Deny Traffic
  • Creating Basic WAF Rules for a Web Application
  • Capturing Suspicious Traffic Using a Network-based IDS
  • Configuring Firewall Rules and Monitoring Network Logs Using pfSense
  • Viewing Linux Event Logs
  • Analyzing Malware Using VirusTotal
2

History and Evolution of Snort and the Snort 3 System Architecture

  • Configuring Snort 2
3

Installing and Configuring Snort3

  • Configuring Snort 3
4

Data Acquisition, Packet Decoding, and Inspectors

  • Decoding Ethernet Frames in Snort 3
  • Analyzing TCP Segments in Snort 3
  • Exploring Snort 3 Inspectors
5

Stream, HTTP, and DCE/RPC Inspectors

  • Capturing and Analyzing Network Traffic Using Wireshark
6

IP Reputation, Rules, and Alert Subsystem

  • Configuring the IP Reputation Inspector in Snort 3
  • Viewing Snort Alerts in Unified2 Format

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact Us Now

Related Courses

All Courses
We use cookies for improving site experience and analytics. Learn More