Description
This one day course will cover advanced configuration of Snort and its output mechanisms as well as advanced rule writing techniques. Three areas will be covered.
Advanced configuration. Learn to squeeze the most performance out of Snort's preprocessors and configure the system for large network environments.
Advanced rule writing. Learn to write Snort rules that unleash the full power of Snort's detection engine. Regular expressions, protocol decoding and detection of vulnerability access (not exploits!) will be covered.
Output management. Snort generates tons of data, learn how to manage it effectively to get the most out of your deployment!
Prerequisites
Working knowledge of Snort - must be able to put Snort into IDS mode, configure basic rules/preprocessors/output mechanisms
Basic command line proficiency on host OS (Windows/UNIX)
Basic proficiency with vi/vim, emacs degenerates need not apply
Ok, just kidding about that last one...
Martin Roesch
Marty is a respected authority on intrusion detection technology and forensics, and today works at Sourcefire where he is the founder and CTO. Martin, who has 17 years industry experience in network security and embedded systems engineering, is also the author and lead developer of the Snort Intrusion Detection System.
Over the past eight years, Martin has developed various network security tools and technologies, including intrusion detection systems, honeypots, network scanners, and policy enforcement systems for organizations such as GTE Internetworking, Stanford Telecommunications, Inc., and the Department of Defense. He has applied his knowledge of network security to penetration testing and network forensics for numerous government and large corporate customers. Martin has been interviewed as an industry expert in multiple technology publications, as well as print and online news services such as MSNBC, Wall Street Journal, CNET, ZDNet, and numerous books. Snort has been featured in Scientific American, on A&E;'s Secret Places: Inside the FBI, and in several books, such as Network Intrusion Detection: An Analysts Handbook, Intrusion Signatures and Analysis, Maximum Security, Hacking Exposed, and others.
Martin holds a B.S. in Electrical and Computer Engineering from Clarkson University.