You are using an outdated browser. For a faster, safer browsing experience, upgrade for free today.

NIDS Edition

Video Player is loading.
Advertisement
Current Time 0:00
Duration 0:00
Loaded: 0%
Stream Type LIVE
Remaining Time 0:00
1x
  • Chapters
  • descriptions off, selected
  • captions off, selected
    x
    ZOOM HELP
    Use ZOOM slider or mouse wheel to ZOOM in video.
    Drag zoomed area using your mouse.
    100%

    Details

    Release Info

    Network Intrusion Detection | Prevention Systems assist with sensibly categorizing packet-flows and determining whether they pose clear-and-present dangers. Additional connectivity permits packet-lock-offs via IPTables, por-ejemplo. Simply understanging your flows makes considerable contributions to Security-elevation. Snort is the BOSS NIDS. Peruse and use it.

    Release Syllabus

    Snort® Network Intrusion Detection System

    Network Intrusion Detection System (NIDS) Security - Module V

    • Snort® NIDS - Installation
      • Peruse the LinuxCBT Security Edition classroom network topology
      • Download Snort
      • Import G/PGP public key and verify package integrity
      • Identify & download key Snort dependencies
      • Install current libpcap - Packet Capture Library
      • Establish security configuration baseline
    •  
    • Snort NIDS - Sniffer Mode
      • Discuss sniffer mode concepts & applications
      • Sniff IP packet headers - layer-3/4
      • Sniff data-link headers - layer-2
      • Sniff application payload - layer-7
      • Sniff application/ip packet headers/data-link headers - all layers except physical
      • Examine packets & packet loss
      • Sniff traffic traversing interesting interfaces
      • Sniff clear-text traffic
      • Sniff encrypted streams
    •  
    • Snort® NIDS - Logging Mode
      • Discuss logging mode concepts & applications
      • Log traffic using default PCAP/TCPDump format
      • Log traffic using ASCII mode & examine output
      • Discuss directory structure created by ASCII logging mode
      • Control verbosity of ASCII logging mode & examine output
      • Enhance packet logging analysis by defaulting to binary logging
      • Discuss default nomenclature for binary/TCPDump files
      • Alter binary output options
      • Use Snort NIDS to read binary/TCPDump files
    •  
    • Snort® NIDS - Berkeley Packet Filters (BPFs)
      • Explain the advantages to utilizing BPFs
      • Discuss BPF directional, type, and protocol qualifiers
      • Identify clear-text based network applications and define appropriate BPFs
      • Execute Snort NIDS in sniffer mode with BPFs enabled to match interesting traffic
      • Log to the active pseudo-terminal console and examine the packet flows
      • Combine BPF qualifiers to increase packet-matching capabilities
      • Use logical operators to define more flexible BPFs
      • Read binary TCPDump files using Snort & BPFs
      • Execute Snort NIDS in logging/daemon mode
    •  
    • Snort® NIDS - Cisco Switch Configuration
      • Examine the current network configuration
      • Identify Snort NIDS sensors and centralized DBMS Server
      • Create multiple VLANs on the Cisco Switch
      • Secure the Cisco Switch configuration
      • Isolate internal and external hosts, sensors and DBMS systems
      • Configure SPAN - Port Mirroring for internal and external Snort NIDS Sensors
      • Examine internal and external packet flows
    •  
    • Snort® NIDS - Network Intrusion Detection System (NIDS) Mode
      • Discuss NIDS concepts & applications
      • Prepare /etc/snort - configuration directory for NIDS operation
      • Explore the snort.conf NIDS configuration file
      • Discuss all snort.conf sections
      • Download & install community rules
      • Execute Snort in NIDS mode with TCPDump compliant output plugin
      • Download & install Snort Vulnerability Research Team (VRT) rules
      • Compare & contrast community rules to VRT rules
    •  
    • Snort® NIDS - Output Plugin - Barnyard Configuration
      • Discuss features & benefits
      • Configure Syslog based logging and examine results
      • Configure Snort to log sequentially to multiple output locations
      • Implement unified binary output logging to enhance performance
      • Discuss concepts & features associated with post-processing Snort logs
      • Download and install current barnyard post-processor
      • Use barnyard to post-process logs to multiple output destinations
    •  
    • Snort NIDS® - BASE - MySQL® Implementation
      • Discuss benefits of centralized console reporting for 1 or more Snort sensors
      • Re-compile Snort on both sensors to support MySQL logging
      • Configure MySQL on Database Management System (DBMS) Host
      • Implement Snort database schema on DBMS Host
      • Configure Snort to log output to MySQL DBMS Host
      • Confirm output logging to the MySQL DBMS Host
      • Prepare DBMS Host for BASE console installation
      • Install BASE and complete schema extension
      • Peruse BASE interface
    •  
    • Snort® NIDS - Rules Configuration & Updates
      • Discuss the concept of rules as related to Snort NIDS
      • Examine Snort rule syntax
      • Peruse pre-defined Snort rules
      • Download & configure oinkmaster to automatically update Snort rules
      • Confirm oinkmaster operation
    •  
    • Snort® NIDS - Ubuntu Installation
      • Identify components
      • Install requisite libraries and helper applicaitons
      • Compile and debug as needed
      • Examine footprint
      • Discuss results
    •  

    Tokyo Time

    16:9

    Rate

    1.25x

    Watched

    1

    Completed

    1 of 5