Snort and Sourcefire training delivered in the UK
Sourcefire instructors educate security professionals around the world through instructor-led classroom training, custom courses that are unique to your environment and onsite training at the customer's premise. Each instructor-led class includes a reference course manual, hands-on training, lecture, labs, continental breakfast, lunch and beverages.
Benefits
Security professionals gain the following benefits through Sourcefire educational services:
- Retain top performers by giving them the tools and training to be effective, productive and expand their knowledge
- Reduce the costs of deployment and maintenance
- Maximize Sourcefire's product by becoming an expert on all features and functionality
- Recruit the best in the business by offering a career track that expands your intellectual capital
Continuing Professional Education (CPE) Credits:
As a "Trusted CPE Provider" for (ISC) 2 , students holding certifications as a System Security Certified Practitioner (SSCP) or Certified Information Systems Security Professional (CISSP) may earn one Continuing Professional Education (CPE) credit for each hour of education earned. To obtain credit, provide your CISSP number on the registration form.
Training Course Descriptions
The following courses are offered:
Course: Sourcefire 3D System Solution
Next Dates in UK:
Wokingham: 8-11 June 2010 (4 Days)
How to book: >>click here to request price and availability
Overview: >>click here to download a course description (pdf)
This four-day class covers the features and functionality of Sourcefire's 3D System including RNA, Intrusion Sensors and Defense Center. Also included in this offering is an overview of the Snort rules language so users of Sourcefire products can learn to customize rules, troubleshoot, and write optimized rules that perform well and provide the highest levels of security.
Target Audience:
Network Administrators, security administrators, security consultants and others that are responsible for deploying and supporting Sourcefire's products.
Prerequisites:
This course assumes that students have a technical understanding of TCP/IP networking and network architecture.
Course Outline:
- Introduction
- TCP/IP Overview
- IDS/IPS Basics. Techniques, Evasion and Counter Measures
- IDS/IPS Deployment and Network Architecture
- Sourcefire Intrusion Management System Overview
- Intrusion Sensor Configuration
- Defense Center Configuration
- RNA Sensor Configuration
- System Administration and Maintenance
|
- Policy Creation and Management
- Reporting
- Intrusion Protection Sensor Configuration
- Reporting
- Rules and Rule Optimization
- Rule Option Overview
- Advanced Rule Options: Byte_Test/Byte_Jump & PCRE
- Rule Writing Best Practices and Troubleshooting
|
Course: Snort ® IDS/IPS Technology
Next Dates:
Wokingham: 20-23 April 2010 (4 days)
Wokingham: 22-25 June 2010 (4 days)
How to book: >>click here to request price and availability
Overview: >>click here to download a course description (pdf)
This four-day class is for those who want to learn how to build a Snort IDS/IPS from scratch using many of the open source tools and plug-ins available to help manage, tune and deliver feedback on suspicious activity in your networks. Hands-on labs with fully documented instructions help students construct solid, secure Snort installations and understand the inner workings of the premier open source IDS/IPS available today. Students will also learn how to fine tune and configure Snort in addition to creating custom rules and learning techniques for optimizing rules.
Target Audience:
Network Administrators, security administrators, security consultants and others that are responsible for deploying open source intrusion prevention and detection sensors in their organizations.
Prerequisites:
This course assumes that students have a technical understanding of TCP/IP networking and network architecture. Proficiency with Linux and UNIX text editing tools (vi editor) is suggested, not required.
Course Outline:
- Introduction to Snort
- Snort architecture
- Snort sensor deployment
- Snort installation
- Snort configuration and operation
- Snort rules primer
- Snort preprocessor operation
- Snort optimization
Course: Snort ® Rule Writing Workshop
Next Dates:
Wokingham: 18-20 May 2010 (3 days)
How to book: >>click here to request price and availability
Overview: >>click here to download a course description (pdf)
This three-day workshop is for Sourcefire 3D System customers and open source Snort users focusing exclusively on the Snort® rules language and rule writing. Starting from rule syntax and structure to advanced rule option usage, students will analyze exploit packet captures and put the rule writing theory they learn to work by implementing rule language features to trigger alerts on the offending network traffic.
This instructor-led course also provides instruction and lab exercises on how to detect certain types of attacks such as buffer overflows utilizing various rule writing techniques. Students will be able to test their rule writing skills by way of two challenges: a theoretical challenge that tests their knowledge of rule syntax and usage, and a practical challenge in which an exploit is presented for students to analyze and research so they can defend their installations against the attack.
Target Audience:
This course is a must for Network Administrators, Security Administrators, Security Consultants and other security professionals that are responsible for deploying and supporting Sourcefire's 3DTM System and/or open source Snort® technology.
Prerequisites:
Students must have a technical understanding of TCP/IP networking and network architecture. This course assumes students have a working knowledge of how to use and operate the Sourcefire 3DTM System or open source Snort®. It also assumes a working knowledge of command line text editing tools, such as (vi). Basic rule writing experience is suggested, but not required.
Course Outline:
- Rule Syntax and Basic Language Usage
- Rule Optimization and The Fast Pattern Matcher PCRE in Snort Rules
- The Byte_Jump and Byte_Test Rule Options Flowbits Usage and Protocol Modeling
- IPS Mode Rule Options: Blocking Connections and Replacing Content Measuring Rule Performance
- Rule Writing Techniques: How To Detect Specific Types Of Exploits Such As Buffer Overflows Rule Writing Best Practices
- Theoretical Rule Writing Challenge
- Practical Rule Writing Challenge
More information on the Sourcefire education program can be found on Sourcefire's website - >> visit Sourcefire Education website To find out more about Sourcefire products in the UK and Ireland call Phoenix Datacom on +44 (0)1296 397711, send an email or use the Request More Info form. |
