Intrusion Detection with Snort
Jack Koziol

ISBN-10: 157870281X
ISBN-13: 9781578702817

Publisher: Sams Publishing
Copyright: 2003
Format: Paper; 360 pp
Published: 05/20/2003

Suggested retail price: $45.00
Buy from myPearsonStore

PLEASE PROVIDE COURSE INFORMATION

PLEASE PROVIDE

A thorough, definitive guide to installing, configuring, and maintaining the leading open-source intrusion detection system.

  • Snort is the most widely used open-source security system for small to medium businesses, with over 100,000 installations worldwide.
  • Author is the information security officer at a bank in Chicago, where he architected a Snort-based intrusion detection system.
  • Book covers basic maintenance and deployment, as well as the majority of snort.org's common help requests.



1. Intrusion Detection Primer.

IDSs Come in Different Flavors. Methods of Detecting Intrusions. Origin of Attacks. Orchestrating an Attack. The IDS Reality. Summary.



2. Network Intrusion Detection with Snort.

Snort's Specifications. Detecting Suspicious Traffic via Signatures. Detecting Suspicious Traffic via Heuristics. Gathering Intrusion Data. Alerting via Output Plug-ins. Prioritizing Alerts. Distributed Snort Architecture. Securing Snort. Shortcomings. Summary.



3. Dissecting Snort.

Feeding Snort Packets with Libpcap. Preprocessors. The Detection Engine. Output Plugins. Summary.



4. Planning for the Snort Installation.

Defining an IDS Policy. Deciding What to Monitor. Designing Your Snort Architecture. Planning for Maintenance. Incident Response Plan. Responding to an Incident. Restoring to a Normal State. Summary.



5. The Foundation-Hardware and Operating Systems.

Hardware Performance Metrics. Picking a Platform. The Monitoring Segment. Distributing Traffic to Multiple Sensors. Summary.



6. Building the Server.

Installation Guide Notes. Red Hat Linux 7.3. Post-Installation Tasks. Installing the Snort Server Components. Summary.



7. Building the Sensor.

Installation Guide Notes. Installing the Snort Sensor Components. Installing Snort. Implementing Barnyard. Summary.



8. Building the Analyst's Console.

Windows. Linux. Testing the Console. Working with ACID. Summary.



9. Additional Installation Methods.

The Hybrid Server/Sensor. Snort on OpenBSD. Snort on Windows. Summary.



10. Tuning and Reducing False Positives.

Pre-Tuning Activities. Tuning the Network for Snort. Filtering Traffic with Snort. Tuning the Preprocessors. Refining the Ruleset. Organize Your Rules. Designing a Targeted Ruleset. Tuning MySQL. Tuning ACID. Summary.



11. Real-Time Alerting.

An Overview of Real-Time Alerting with Snort. Prioritization of Alerts. Alerting with the Hybrid. Alerting with Distributed Snort.



12. Basic Rule Writing.

Fundamental Rule Writing Concepts. Rule Syntax. Writing Rules. Summary.



13. Upgrading and Maintaining Snort.

Choosing a Snort Management Application. IDS Policy Manager. SnortCenter. Upgrading Snort. Summary.



14. Advanced Topics in Intrusion Prevention.

A Warning Concerning Intrusion Prevention. Planning an Intrusion Prevention Strategy. Snort Inline Patch. SnortSam. Summary.



Appendix A. Troubleshooting.

Snort Issues. ACID Issues. IDS Strategy.



Appendix B. Rule Documentation.


Index.

Jack Koziol is the Information Security Officer at a major Chicago-area financial institution, responsible for security enterprise-wide. Previously, he has held information security positions at an online health care company and a point-of-care Internet-based pharmacy. Jack has written for Information Security magazine, and released several whitepapers on intrusion detection. He teaches the CISSP and "Hack and Defend" courses.

Jack has architected, maintained, and managed Snort and other IDS technologies in large production environments since 1998. He has also written Snort signature sets designed for specific applications.

With over 100,000 installations, the Snort open-source network instrusion detection system is combined with other free tools to deliver IDS defense to medium - to small-sized companies, changing the tradition of intrusion detection being affordable only for large companies with large budgets.

Until now, Snort users had to rely on the official guide available on snort.org. That guide is aimed at relatively experience snort administrators and covers thousands of rules and known exploits.

The lack of usable information made using Snort a frustrating experience. The average Snort user needs to learn how to actually get their systems up-and-running.

Snort Intrusion Detection provides readers with practical guidance on how to put Snort to work. Opening with a primer to intrusion detection and Snort, the book takes the reader through planning an installation to building the server and sensor, tuning the system, implementing the system and analyzing traffic, writing rules, upgrading the system, and extending Snort.

View a Sample Chapter PDF: /samplechapter/157870281X.pdf

Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students, contact your Pearson Higher Education representative for pricing and ordering information.

Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students contact your Pearson Higher Education representative.


Copyright ©2008 Pearson Education. All rights reserved. Legal Notice | Privacy Policy | Permissions