LinuxCBT.com

Syllabus

Focus: Snort® Network Intrusion Detection System

Duration: 16-Hours

  • Network Intrusion Detection System (NIDS) Security - Module V

    • Snort® NIDS - Installation
      • Peruse the LinuxCBT Security Edition classroom network topology
      • Download Snort
      • Import G/PGP public key and verify package integrity
      • Identify & download key Snort dependencies
      • Install current libpcap - Packet Capture Library
      • Establish security configuration baseline
    •  
    • Snort NIDS - Sniffer Mode
      • Discuss sniffer mode concepts & applications
      • Sniff IP packet headers - layer-3/4
      • Sniff data-link headers - layer-2
      • Sniff application payload - layer-7
      • Sniff application/ip packet headers/data-link headers - all layers except physical
      • Examine packets & packet loss
      • Sniff traffic traversing interesting interfaces
      • Sniff clear-text traffic
      • Sniff encrypted streams
    •  
    • Snort® NIDS - Logging Mode
      • Discuss logging mode concepts & applications
      • Log traffic using default PCAP/TCPDump format
      • Log traffic using ASCII mode & examine output
      • Discuss directory structure created by ASCII logging mode
      • Control verbosity of ASCII logging mode & examine output
      • Enhance packet logging analysis by defaulting to binary logging
      • Discuss default nomenclature for binary/TCPDump files
      • Alter binary output options
      • Use Snort NIDS to read binary/TCPDump files
    •  
    • Snort® NIDS - Berkeley Packet Filters (BPFs)
      • Explain the advantages to utilizing BPFs
      • Discuss BPF directional, type, and protocol qualifiers
      • Identify clear-text based network applications and define appropriate BPFs
      • Execute Snort NIDS in sniffer mode with BPFs enabled to match interesting traffic
      • Log to the active pseudo-terminal console and examine the packet flows
      • Combine BPF qualifiers to increase packet-matching capabilities
      • Use logical operators to define more flexible BPFs
      • Read binary TCPDump files using Snort & BPFs
      • Execute Snort NIDS in logging/daemon mode
    •  
    • Snort® NIDS - Cisco Switch Configuration
      • Examine the current network configuration
      • Identify Snort NIDS sensors and centralized DBMS Server
      • Create multiple VLANs on the Cisco Switch
      • Secure the Cisco Switch configuration
      • Isolate internal and external hosts, sensors and DBMS systems
      • Configure SPAN - Port Mirroring for internal and external Snort NIDS Sensors
      • Examine internal and external packet flows
    •  
    • Snort® NIDS - Network Intrusion Detection System (NIDS) Mode
      • Discuss NIDS concepts & applications
      • Prepare /etc/snort - configuration directory for NIDS operation
      • Explore the snort.conf NIDS configuration file
      • Discuss all snort.conf sections
      • Download & install community rules
      • Execute Snort in NIDS mode with TCPDump compliant output plugin
      • Download & install Snort Vulnerability Research Team (VRT) rules
      • Compare & contrast community rules to VRT rules
    •  
    • Snort® NIDS - Output Plugin - Barnyard Configuration
      • Discuss features & benefits
      • Configure Syslog based logging and examine results
      • Configure Snort to log sequentially to multiple output locations
      • Implement unified binary output logging to enhance performance
      • Discuss concepts & features associated with post-processing Snort logs
      • Download and install current barnyard post-processor
      • Use barnyard to post-process logs to multiple output destinations
    •  
    • Snort NIDS® - BASE - MySQL® Implementation
      • Discuss benefits of centralized console reporting for 1 or more Snort sensors
      • Re-compile Snort on both sensors to support MySQL logging
      • Configure MySQL on Database Management System (DBMS) Host
      • Implement Snort database schema on DBMS Host
      • Configure Snort to log output to MySQL DBMS Host
      • Confirm output logging to the MySQL DBMS Host
      • Prepare DBMS Host for BASE console installation
      • Install BASE and complete schema extension
      • Peruse BASE interface
    •  
    • Snort® NIDS - Rules Configuration & Updates
      • Discuss the concept of rules as related to Snort NIDS
      • Examine Snort rule syntax
      • Peruse pre-defined Snort rules
      • Download & configure oinkmaster to automatically update Snort rules
      • Confirm oinkmaster operation
    •  
    • Snort® NIDS - Ubuntu Installation
      • Identify components
      • Install requisite libraries and helper applicaitons
      • Compile and debug as needed
      • Examine footprint
      • Discuss results
    •  

LinuxCBT NIDS Edition

  •  
DEMO