IT Jobs asking about Snort and IDS/IPS usage

johndabomb44

So I've seen a lot of postings where I live for Cyber Security Engineers/Analysts what have you about knowing an IDS/IPS such as Snort.


I was wondering a few things from people who work in Cyber Security and use Snort or the people who hire the people who work in Cyber Security and would hire someone if they knew all of these things about Snort.


- Are there any courses somewhere on the Internet (free or cheap) that would teach you Snort and be worthwhile?
- If you were hiring someone and Snort or any IDS knowledge is a requirement, what is/are the best things that candidate should know?


Thank you all so much for your help.

devilbones

It depends. Are you going to be installing and configuring? Are you going to be writing rules to evaluate traffic? Are you going to be analyzing the results? You can set up a lab with snort, attack one of your vulnerable VMs and then see what pops up.

johndabomb44

devilbones wrote: »

It depends. Are you going to be installing and configuring? Are you going to be writing rules to evaluate traffic? Are you going to be analyzing the results? You can set up a lab with snort, attack one of your vulnerable VMs and then see what pops up.

Well both but mainly writing rules and evaluating traffic, the balls to the wall CSA stuff. I can write a rule and do all of those things you suggested (and have) but I don't know exactly what to focus on or what interviewers may ask about Snort other than "Have you used/ Are you famliar with Snort?"

cyberguypr

CySA+. Now go update that signature.

mactex

My advice would be either spin up some linux VMs and install Snort and test against PCAPS or install scapy and and create some packets to throw at it. Otherwise, I recommend spinning up security onion and learning through that. Plenty of videos and/or blogs on Snort basics out there.