| | |  | Intrusion Detection | Home » » Snort 2.0 Intrusion Detection | | | | | | | Description: | | The incredible low maintenance costs of Snort combined with its powerful security features make it one of the fastest growing IDSs within corporate IT departments.
Snort 2.0 Intrusion Detection is the first book dealing with the Snort IDS and is written by a member of Snort.org. Readers will receive valuable insight to the code base of Snort and in-depth tutorials of complex installation, configuration, and troubleshooting scenarios.
The primary reader will be an individual who has a working knowledge of the TCP/IP protocol, expertise in some arena of IT infrastructure, and is inquisitive about what has been attacking their IT network perimeter every 15 seconds.
The most up-to-date and comprehensive coverage for Snort 2.0!
Expert Advice from the Development Team and Step-by-Step Instructions for Installing, Configuring, and Troubleshooting the Snort 2.0 Intrusion Detection System
Free CD Contains the Latest Version of Snort and Popular Plug-Ins Including ACID, Barnyard, and Swatch | | | Product Details: | | | Author:
| Brian Caswell | | Paperback:
| 550 pages | | Publisher:
| Syngress | | Publication Date:
| 2003-02 | | Language:
| English | | ISBN:
| 1931836744 | | Product Width:
| 186.25 centimeters | | Product Height:
| 230.75 centimeters | | Product Weight:
| 2.1 pounds | | Package Length:
| 8.98 inches | | Package Width:
| 7.4 inches | | Package Height:
| 1.1 inches | | Package Weight:
| 2.16 pounds | | Average Customer Rating:
|  based on 19 reviews |
| | | | Customer Reviews: | |
Average Customer Review:
 ( 19 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
39 of 41 found the following review helpful:
The current leader in the Snort IDS book arms raceJul 16, 2003
By Richard Bejtlich
"TaoSecurity"
"Snort 2.0" offers content not found in other books on Snort, such as Tim Crothers' more generic "Implementing IDS" (4 stars) and Rafeeq Rehman's "Intrusion Detection with Snort." (3 stars) I've read the best IDS books, and used IDS technology, since 1998, and "Snort 2.0" is the first to give real insight into an IDS' inner workings. Thanks to the technical knowledge of the author team, "Snort 2.0" earns the reader's appreciation by explaining how and why the open source Snort IDS works its magic.
"Snort 2.0" starts well with a short history of Marty Roesch's favorite project, followed by solid explanations of the key elements of Snort's architecture in ch. 2. The actual workings of the Snort code is expanded upon in ch. 4 (modes), 5 (rules), and 6 (packet handling and preprocessors). One could read these sections and get a real sense of how the stream4 preprocessor works, for example. These sections are augmented by helpful tangents on compiling source code (ch. 3) and updates via CVS (ch. 9). This attention to detail and desire to include related information demonstrates a high level of commitment to the reader's education.
"Snort 2.0" has several technical errors or typos which prevented me from giving a 5 star review. p. 110's diagram of a TCP sessions should say "SYN, SYN-ACK, ACK", not "SYN, ACK, SYN-ACK". Later on that page, the author claims "The server replies with a SYN/ACK if the port is open, and a SYN/RST if the port is not listening." The correct closed response is "RST/ACK". p. 203 implies one can scan for open ports with the ACK flag set to evade stateless packet filters. This is wrong, as scanning with the ACK flag set only helps host discovery. I found the reprinting of multiple pages of C code unnecessary. I also wished the sections on building preprocessors had started from scratch, rather than explain an existing preprocessor.
Overall, I found "Snort 2.0" enlightening. The authors have a powerful understanding of the workings of Snort, and apply it in novel ways. "Policy-based IDS" in ch. 12 is one example, while the "rule categorization" chart in ch. 10 is another. Only the Wiley "Deploying Snort 2.0" book, due this fall, has a chance to displace "Snort 2.0" in the Snort-focused IDS book arena.
16 of 20 found the following review helpful:
 Too many mistakesOct 30, 2003
The technical content is ok, but I am extremely tired of reading books that contain so many grammatical mistakes that one gets irritated every time a page is turned. This publisher is notorious for this and emails I wrote to them were not answered. This is just not acceptable for an expensive book. Don't they have proofreaders?
8 of 9 found the following review helpful:
 Definitely worth the money.May 13, 2003
By Steven Diaz
I've been using Snort for some time. I really like it, but I've always found it a little difficult to keep up with all of the features and everything. If you spend a lot of time on the snort.org site and on the mail lists you can learn a lot from everybody. But I don't always have the time to monitor the list or go through the archives. It is great now having everything I need to know in one book. Brian Caswell is the guy who makes all of the releases and keeps everything on the site maintained and he definitely knows his stuff.
7 of 8 found the following review helpful:
Good for even the experienced Snort userApr 10, 2004
By Ted Thornton
I've been running Snort for since the earliest versions and spend a lot of time on the mail lists, working through problems with other users, etc. I got this book about 6 months ago, read it all the way through, and since then have been referring to it whenever I've had questions or problems with Snort. I was initially going to post a review after my initial reading, but wanted to see if I experienced any buyer's remorse after putting the book through it's paces a little bit more. Well, its' half a year later and I'm more impressed with it now than after my initial read. Every time I've had a question, I've found an answer in this book. I'm not quite sure what web site the reader from Maryland is visiting (it's certainly not the Snort site) where he found information anything like the Preproccesors chatper in this book. That chatper was obviously the result of some serious, independent research.
12 of 15 found the following review helpful:
 Useful but priceyJul 09, 2003
I recommend this book but ... there are numerous (sometimes confusing) copy-editing errors and the things I'm most interested in (using ACID, using unified logs and using ACID with unified logs) are the most confusing. Given the length (500 pages) I'm surprised at certain ommisions and puzzled why 20 pages are wasted on a program listing (the book comes with a comprehensive CD with includes the book in pdf format).
See all 19 customer reviews on Amazon.com
| | |
* Estimated shipping rate for US 48 states. Final rate calculated at checkout. |
