LinuxCBT NIDS Edition feat. Snort encompasses: 1. Network Intrusion Detection System (NIDS) Security.

LinuxCBT NIDS Edition feat. Snort is unparalleled in content, depth and expertise. It entails 13.5-hours, or over 1-day of classroom training. LinuxCBT NIDS Edition feat. Snort prepares you or your organization for successfully securing GNU/Linux & Open Source-based solutions. As a by-product, many of the covered concepts, utilities and tricks are applicable to heterogeneous computing environments, ensuring your coverage of the fundamentals of securing corporate infrastructures.

Let LinuxCBT NIDS Edition feat. Snort cost-effectively sharpen your GNU/Linux & Open Source Security skills!

Recommended Prerequisites for:

• Any LinuxCBT Operating System Course (Classic/EL-4/SUSE/Debian Editions)
  • Open mind & determination to master Linux and related open-source applications
  • Basic understanding of networking concepts
  • Access to a PC to follow the exercises

Network Intrusion Detection System (NIDS) Security - Module V

• Snort NIDS - Installation
  • Peruse the LinuxCBT Security Edition classroom network topology
  • Download Snort
  • Import G/PGP public key and verify package integrity
  • Identify & download key Snort dependencies
  • Install current libpcap - Packet Capture Library
  • Establish security configuration baseline
• Snort NIDS - Sniffer Mode
  • Discuss sniffer mode concepts & applications
  • Sniff IP packet headers - layer-3/4
  • Sniff data-link headers - layer-2
  • Sniff application payload - layer-7
  • Sniff application/ip packet headers/data-link headers - all layers except physical
  • Examine packets & packet loss
  • Sniff traffic traversing interesting interfaces
  • Sniff clear-text traffic
  • Sniff encrypted streams
• Snort NIDS - Logging Mode
  • Discuss logging mode concepts & applications
  • Log traffic using default PCAP/TCPDump format
  • Log traffic using ASCII mode & examine output
  • Discuss directory structure created by ASCII logging mode
  • Control verbosity of ASCII logging mode & examine output
  • Enhance packet logging analysis by defaulting to binary logging
  • Discuss default nomenclature for binary/TCPDump files
  • Alter binary output options
  • Use Snort NIDS to read binary/TCPDump files
• Snort NIDS - Berkeley Packet Filters (BPFs)
  • Explain the advantages to utilizing BPFs
  • Discuss BPF directional, type, and protocol qualifiers
  • Identify clear-text based network applications and define appropriate BPFs
  • Execute Snort NIDS in sniffer mode with BPFs enabled to match interesting traffic
  • Log to the active pseudo-terminal console and examine the packet flows
  • Combine BPF qualifiers to increase packet-matching capabilities
  • Use logical operators to define more flexible BPFs
  • Read binary TCPDump files using Snort & BPFs
  • Execute Snort NIDS in logging/daemon mode
• Snort NIDS - Cisco Switch Configuration
  • Examine the current network configuration
  • Identify Snort NIDS sensors and centralized DBMS Server
  • Create multiple VLANs on the Cisco Switch
  • Secure the Cisco Switch configuration
  • Isolate internal and external hosts, sensors and DBMS systems
  • Configure SPAN - Port Mirroring for internal and external Snort NIDS Sensors
  • Examine internal and external packet flows
• Snort NIDS - Network Intrusion Detection System (NIDS) Mode
  • Discuss NIDS concepts & applications
  • Prepare /etc/snort - configuration directory for NIDS operation
  • Explore the snort.conf NIDS configuration file
  • Discuss all snort.conf sections
  • Download & install community rules
  • Execute Snort in NIDS mode with TCPDump compliant output plugin
  • Download & install Snort Vulnerability Research Team (VRT) rules
  • Compare & contrast community rules to VRT rules
• Snort NIDS - Output Plugin - Barnyard Configuration
  • Discuss features & benefits
  • Configure Syslog based logging and examine results
  • Configure Snort to log sequentially to multiple output locations
  • Implement unified binary output logging to enhance performance
  • Discuss concepts & features associated with post-processing Snort logs
  • Download and install current barnyard post-processor
  • Use barnyard to post-process logs to multiple output destinations
• Snort NIDS - BASE - MySQL® Implementation
  • Discuss benefits of centralized console reporting for 1 or more Snort sensors
  • Re-compile Snort on both sensors to support MySQL logging
  • Configure MySQL on Database Management System (DBMS) Host
  • Implement Snort database schema on DBMS Host
  • Configure Snort to log output to MySQL DBMS Host
  • Confirm output logging to the MySQL DBMS Host
  • Prepare DBMS Host for BASE console installation
  • Install BASE and complete schema extension
  • Peruse BASE interface
• Snort® NIDS - Rules Configuration & Updates
  • Discuss the concept of rules as related to Snort NIDS
  • Examine Snort rule syntax
  • Peruse pre-defined Snort rules
  • Download & configure oinkmaster to automatically update Snort rules
  • Confirm oinkmaster operation
• top