| | |  | Secure Communications | Home » » Managing Security with Snort and IDS Tools | | | | | | | Description: | | Intrusion detection is not for the faint at heart. But, if you are a network administrator chances are you're under increasing pressure to ensure that mission-critical systems are safe--in fact impenetrable--from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is a vital but daunting challenge. Because of this, a plethora of complex, sophisticated, and pricy software solutions are now available. In terms of raw power and features, SNORT, the most commonly used Open Source Intrusion Detection System, (IDS) has begun to eclipse many expensive proprietary IDSes. In terms of documentation or ease of use, however, SNORT can seem overwhelming. Which output plugin to use? How do you to email alerts to yourself? Most importantly, how do you sort through the immense amount of information Snort makes available to you? Many intrusion detection books are long on theory but short on specifics and practical examples. Not Managing Security with Snort and IDS Tools. This new book is a thorough, exceptionally practical guide to managing network security using Snort 2.1 (the latest release) and dozens of other high-quality open source other open source intrusion detection programs. Managing Security with Snort and IDS Tools covers reliable methods for detecting network intruders, from using simple packet sniffers to more sophisticated IDS (Intrusion Detection Systems) applications and the GUI interfaces for managing them. A comprehensive but concise guide for monitoring illegal entry attempts, this invaluable new book explains how to shut down and secure workstations, servers, firewalls, routers, sensors and other network devices. Step-by-step instructions are provided to quickly get up and running with Snort. Each chapter includes links for the programs discussed, and additional links at the end of the book give administrators access to numerous web sites for additional information and instructional material that will satisfy even the most serious security enthusiasts. Managing Security with Snort and IDS Tools maps out a proactive--and effective--approach to keeping your systems safe from attack.
| | | Features: | |
• ISBN13: 9780596006617
• Condition: New
• Notes: BRAND NEW FROM PUBLISHER! 100% Satisfaction Guarantee. Tracking provided on most orders. Buy with Confidence! Millions of books sold!
| | | Product Details: | | | Author:
| Christopher Gerg | | Paperback:
| 304 pages | | Publisher:
| O'Reilly Media | | Publication Date:
| 2004-08 | | Language:
| English | | ISBN:
| 0596006616 | | Product Length:
| 9.14 inches | | Product Width:
| 7.14 inches | | Product Height:
| 0.77 inches | | Product Weight:
| 1.05 pounds | | Package Length:
| 9.06 inches | | Package Width:
| 7.01 inches | | Package Height:
| 0.79 inches | | Package Weight:
| 0.97 pounds | | Average Customer Rating:
|  based on 9 reviews |
| | | | Customer Reviews: | |
Average Customer Review:
 ( 9 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
12 of 13 found the following review helpful:
 One of the better discourses on SnortDec 27, 2004
By Harold McFarland
This is basically a book about intrusion detection using all open source tools. It starts with an introductory chapter that explains the problem of defining an intrusion and why it is becoming more and more of a problem. It follows up with a chapter on network traffic analysis including packet sniffing and using tcpdump and ethereal. Then comes the meat of the text - installing Snort. Of course to really understand how to use Snort you have to understand how attacks occur and the common methods used. The authors provide a really nice chapter on this subject. After that come five chapters on configuring, deploying, and managing Snort rules, intrusion prevention strategies, and tuning. Once Snort is up and running the authors examine the use of ACID and SnortCenter as Snort IDS management consoles. Either of these products drastically decreases the burden of analyzing what has happened and is happening on the intrusion detection forefront. The book ends with additional tools for Snort IDS management and implementation strategies for high-bandwidth situations.
There are other very good books on Snort but one of the things that makes this one particularly valuable is that it also looks at other open source tools and provides a good basic background on intrusion detection theory. Managing Security with Snort and IDS Tools is highly recommended for those in charge of intrusion detection and prevention in a network environment and planning to implement a system their self.
12 of 14 found the following review helpful:
 educate yourself in IDSAug 31, 2004
By W Boudville
Welcome to Snort! More broadly, this book works well as a practical explanation of the general field of Intrusion Detection Systems. Key affiliated tools are covered, like tcpdump and Ethereal. Which are also free and open source, just like Snort. There is a general and I think understandable bias in this book towards such tools. The authors claim, and you must have heard this before, that such tools are often more likely to be bug free and mature than proprietary tools.
If you work your way through the chapters, then you can get a good education in the main ideas like setting up prevention strategies and how to look for evidence of attacks. Instantiated via using Snort. But if you're smart, you can generalise this. Plus, keep an eye out for any useful techniques that Snort currently lacks. If you find these, perhaps you can build a high value tool off them? Don't take Snort as the last word in these matters.
9 of 10 found the following review helpful:
Excellent description of SnortOct 09, 2004
By Eric Wuehler
Up to this point, I've only use simple firewalls for my home network. Not that I think there's anything really worth hacking on my home network, but I thought I'd spend a little time learning about intrusion detection. This book is great for several reasons. First, it is well put together and easy to follow. Second, it describes in detail the open source project Snort. Finally, it satisfied my curiosity about IDS (Intrusion detection systems) - I'm not an expert, but I now understand the concepts.
Even though the book did not mention OS X specifically, it was easy to get snort compiled and installed on my Mac. There were a few tweaks I had to do, but if you're familiar with "configure; make; make install", it should be a snap. (Likewise, fink or darwinports can get you going with Snort as well). Any other flavor of Unix/Linux would be that much easier to install.
Beyond just describing how to install and configure Snort, the book does go into some detail about how networks are attacked and how Snort goes about alerting you to possible intrusive behavior. There are also numerous reference to web sites and other books to find more information. It also goes into detail on various other tools that augment and complement Snort.
Very well done.
3 of 3 found the following review helpful:
Snort made easy!Mar 10, 2006
By Sean E. Connelly
"Just a bithead - CCIE#17085"
O'Reilly's "Managing Security with Snort and IDS Tools" by Cox and Greg is a practical book that succinctly describes the basic functionality and utility of implanting Snort. The book does an excellent job at discussing the different configuration parameters when deploying Snort.
In particular, I was impressed by:
* Page 35 - A 5-page list detailing the different options available via the command-line.
* Page 69 - Details some of the techniques used to evade IDSs.
* Chapter 5's description of preprocessor configurations was a valuable tool to a newbie of UNIX.
* Chapter 10 description of ACID as a Snort IDS Management Console.
The only area I wish the authors expanded on was in Chapter 7 "Creating Your Own Rules". This area can easily be supplemented from documentation on the web.
The book has a natural bias toward elevating open source tools (I am fan of open source tools). Appreciating that fact, I must admit I have used this book when I have been describing the value of open source tools. Overall, I think "Managing Security with Snort and IDS Tools" is a valuable addition to anyone's Snort arsenal.
I give this book 4 pings out of 5:
!!!.!
Great info on how to use SNORT properlyNov 22, 2008
By J. Page
"tdrss"
O'reilly's books are awesome... and this is no different. Anything and everything on how to use SNORT properly is listed here. Rules and syntax are easy to implement. One downside comment; the title mentions SNORT and IDS tools; it dealt with SNORT heavily, and I didn't get a good coverage of "other" IDS tools... maybe O'reilly has something else in the works?
See all 9 customer reviews on Amazon.com
| | |
|
