Got a question? Call 1800 853 276   |   

Securing Cisco Networks with Open Source Snort (CLS-SSFSNORT)

  • Length 4 days
  • Price $5830 inc GST
  • Version v3.0
Course overview
View dates &
book now
  • Register interest

Why study this course

The Securing Cisco Networks with Open Source Snort(SSFSNORT) course shows you how to deploy Snort®in small to enterprise-scale implementations.

You will learn how to install, configure, and operate Snort in Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) modes. You’ll practice installing and configuring Snort, utilize additional software tools and define rules to configure and improve the Snort environment, and more

This course combines lecture materials and hands-on labs throughout to make sure that you are able to construct a solid, secure Snort installation and write Snort rules using proper syntax and structure. This course prepares you to take the Securing Cisco Networks with Open Source Snort exam (exam ID 500-280).

Request Course Information

By submitting an enquiry, you agree to our privacy policy and receiving email and other forms of communication from us. You can opt-out at any time.

What you’ll learn

Upon completion of this course, you should be able to:

  • Define the use and placement IDS/IPS components

  • Identify Snort features and requirements

  • Compile and install Snort

  • Define and use different modes of Snort

  • Install and utilize Snort supporting software

Cisco at DDLS

DDLS is a Platinum Learning Partner and we are the largest provider of authorised Cisco training in Australia, offering a wider range of Cisco courses, run more often than any of our competitors. DDLS has won awards such as ANZ Learning Partner of the Year (twice!) and APJC Top Quality Learning Partner of the Year.

Stay ahead of the technology curve

Don’t let your tech outpace the skills of your people

Quality instructors and content

Expert instructors with real world experience and the latest vendor- approved in-depth course content.

Partner-Preferred Supplier

Chosen and awarded by the world’s leading vendors as preferred training partner.

Ahead of the technology curve

No matter your chosen technologies or platforms, we can help you stay one step ahead.

Who is the course for?

This course will help you:

  • Learning how to implement Snort, an open-source, rule-based, intrusion detection and prevention system

  • Gain leading-edge skills for high-demand responsibilities focused on security

The primary audience for this course includes:

  • Security administrators

  • Security consultants

  • Network administrators

  • System engineers

  • Technical support personnel

  • Channel partners and resellers

Course subjects

Detecting Intrusions with Snort 3.0◦History of Snort

  • IDS

  • IPS

  • IDS vs.IPS

  • Examining Attack Vectors

  • Application vs.Service Recognition

Sniffing the Network◦Protocol Analyzers

  • Configuring Global Preferences

  • Capture and Display Filters

  • Capturing Packets

  • Decrypting Secure Sockets Layer (SSL) Encrypted Packets

Architecting Nextgen Detection

  • Snort 3.0 Design

  • Modular Design Support

  • Plug Holes with Plugins

  • Process Packets

  • Detect Interesting Traffic with Rules

  • Output Data

Choosing a Snort Platform

  • Provisioning and Placing Snort

  • Installing Snort on Linux

Operating Snort 3.0

  • Topic 1: Start Snort

  • Monitor the System for Intrusion Attempts

  • Define Traffic to Monitor◦Log Intrusion Attempts

  • Actions to Take When Snort Detects an Intrusion Attempt

  • License Snort and Subscriptions

Examining Snort 3.0 Configuration◦Introducing Key Features

  • Configure Sensors

  • Lua Configuration Wizard

Managing Snort

  • Pulled Pork

  • Barnyard2

  • Elasticsearch, Logstash, and Kibana (ELK)

Analyzing Rule Syntax and Usage

  • Anatomy of Snort Rules◦Understand Rule Headers

  • Apply Rule Options

  • Shared Object Rules◦Optimize Rules

  • Analyze Statistics

Use Distributed Snort 3.0

  • Design a Distributed Snort System

  • Sensor Placement

  • Sensor Hardware Requirements

  • Necessary Software

  • Snort Configuration◦Monitor with Snort

Examining Lua

  • Introduction to Lua

  • Get Started with Lua

Lab Outline

  • Capture and Analyze Packets

  • Initiate the Snort Installation

  • Complete an Installation of Snort

  • Configure and Run Snort

  • Tweak the Installation

  • Rapid Deployment with Lua

  • Integrate Snort Optimizers

  • Analyze Rule Syntax

  • Hello World Lua Style


To fully benefit from this course, you should have the following knowledge and skills:

  • Technical understanding of TCP/IP networking and network architecture

  • Basic familiarity with firewall and IPS concepts

This is the recommended Cisco course that may help you meet these prerequisites:


This course has pre-reading or other preparation requirements which should be completed before you commence your course with us.

Please click here to view.

Terms & Conditions

The supply of this course by DDLS is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in this course, as enrolment in the course is conditional on acceptance of these terms and conditions.

Request Course Information

By submitting an enquiry, you agree to our privacy policy and receiving email and other forms of communication from us. You can opt-out at any time.