Managing Security with Snort & IDS Tools

Print $39.95

Print+Ebook $43.95

Ebook $31.99

(Mobi, PDF, ePub)

Safari Books Online

What is this?

Print £30.50

What is this?

Managing Security with Snort & IDS Tools

By: Kerry J. Cox, Christopher Gerg
Publisher:: O'Reilly Media
Released:: August 2004
Pages:: 288

Description

This practical guide to managing network security covers reliable methods for detecting network intruders, from using simple packet sniffers to more sophisticated IDS (Intrusion Detection Systems) applications and the GUI interfaces for managing them. A comprehensive resource for monitoring illegal entry attempts, Managing Security with Snort and IDS Tools provides step-by-step instructions on getting up and running with Snort 2.1, and how to shut down and secure workstations, servers, firewalls, routers, sensors and other network devices.

Full Description

Intrusion detection is not for the faint at heart. But, if you are a network administrator chances are you're under increasing pressure to ensure that mission-critical systems are safe--in fact impenetrable--from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is a vital but daunting challenge. Because of this, a plethora of complex, sophisticated, and pricy software solutions are now available. In terms of raw power and features, SNORT, the most commonly used Open Source Intrusion Detection System, (IDS) has begun to eclipse many expensive proprietary IDSes. In terms of documentation or ease of use, however, SNORT can seem overwhelming. Which output plugin to use? How do you to email alerts to yourself? Most importantly, how do you sort through the immense amount of information Snort makes available to you? Many intrusion detection books are long on theory but short on specifics and practical examples. Not Managing Security with Snort and IDS Tools. This new book is a thorough, exceptionally practical guide to managing network security using Snort 2.1 (the latest release) and dozens of other high-quality open source other open source intrusion detection programs. Managing Security with Snort and IDS Tools covers reliable methods for detecting network intruders, from using simple packet sniffers to more sophisticated IDS (Intrusion Detection Systems) applications and the GUI interfaces for managing them. A comprehensive but concise guide for monitoring illegal entry attempts, this invaluable new book explains how to shut down and secure workstations, servers, firewalls, routers, sensors and other network devices. Step-by-step instructions are provided to quickly get up and running with Snort. Each chapter includes links for the programs discussed, and additional links at the end of the book give administrators access to numerous web sites for additional information and instructional material that will satisfy even the most serious security enthusiasts. Managing Security with Snort and IDS Tools maps out a proactive--and effective--approach to keeping your systems safe from attack.

Table of Contents

Chapter 1 Introduction
1. Disappearing Perimeters
2. Defense-in-Depth
3. Detecting Intrusions (a Hierarchy of Approaches)
4. What Is NIDS (and What Is an Intrusion)?
5. The Challenges of Network Intrusion Detection
6. Why Snort as an NIDS?
7. Sites of Interest
Chapter 2 Network Traffic Analysis
1. The TCP/IP Suite of Protocols
2. Dissecting a Network Packet
3. Packet Sniffing
4. Installing tcpdump
5. tcpdump Basics
6. Examining tcpdump Output
7. Running tcpdump
8. ethereal
9. Sites of Interest
Chapter 3 Installing Snort
1. About Snort
2. Installing Snort
3. Command-Line Options
4. Modes of Operation
Chapter 4 Know Your Enemy
1. The Bad Guys
2. Anatomy of an Attack: The Five Ps
3. Denial-of-Service
4. IDS Evasion
5. Sites of Interest
Chapter 5 The snort.conf File
1. Network and Configuration Variables
2. Snort Decoder and Detection Engine Configuration
3. Preprocessor Configurations
4. Output Configurations
5. File Inclusions
Chapter 6 Deploying Snort
1. Deploy NIDS with Your Eyes Open
2. Initial Configuration
3. Sensor Placement
4. Securing the Sensor Itself
5. Using Snort More Effectively
6. Sites of Interest
Chapter 7 Creating and Managing Snort Rules
1. Downloading the Rules
2. The Rule Sets
3. Creating Your Own Rules
4. Rule Execution
5. Keeping Things Up-to-Date
6. Sites of Interest
Chapter 8 Intrusion Prevention
1. Intrusion Prevention Strategies
2. IPS Deployment Risks
3. Flexible Response with Snort
4. The Snort Inline Patch
5. Controlling Your Border
6. Sites of Interest
Chapter 9 Tuning and Thresholding
1. False Positives (False Alarms)
2. False Negatives (Missed Alerts)
3. Initial Configuration and Tuning
4. Pass Rules
5. Thresholding and Suppression
Chapter 10 Using ACID as a Snort IDS Management Console
1. Software Installation and Configuration
2. ACID Console Installation
3. Accessing the ACID Console
4. Analyzing the Captured Data
5. Sites of Interest
Chapter 11 Using SnortCenter as a Snort IDS Management Console
1. SnortCenter Console Installation
2. SnortCenter Agent Installation
3. SnortCenter Management Console
4. Logging In and Surveying the Layout
5. Adding Sensors to the Console
6. Managing Tasks
Chapter 12 Additional Tools for Snort IDS Management
1. Open Source Solutions
2. Commercial Solutions
Chapter 13 Strategies for High-Bandwidth Implementations of Snort
1. Barnyard (and Sguil)
2. Commericial IDS Load Balancers
3. The IDS Distribution System (I(DS)2)

Appendix A Snort and ACID Database Schema
1. acid_ag
Appendix B The Default snort.conf File
Appendix C Resources
1. From Chapter 1: Introduction
2. From Chapter 2: Network Traffic Analysis
3. From Chapter 4: Know Your Enemy
4. From Chapter 6: Deploying Snort
5. From Chapter 7: Creating and Managing Snort Rules
6. From Chapter 8: Intrusion Prevention
7. From Chapter 10: Using ACID as a Snort IDS Management Console
8. From Chapter 12: Additional Tools for Snort IDS Management
9. From Chapter 13: Strategies for High-Bandwidth Implementations of Snort
Colophon

Product Details

Title:

Managing Security with Snort & IDS Tools

By:

Kerry J. Cox, Christopher Gerg

Publisher:

O'Reilly Media

Formats:

Print
Ebook
Safari Books Online

Print Release:

August 2004

Ebook Release:

February 2009

Pages:

288

Print ISBN:

978-0-596-00661-7

| ISBN 10:

0-596-00661-6

Ebook ISBN:

978-0-596-10431-3

| ISBN 10:

0-596-10431-6

Customer Reviews

About the Authors

Kerry J. Cox

Kerry Cox is a knowledgeable and enthusiastic chief administrator/network engineer at Bonneville International/KSL Radio and Television where he manages 40 Red Hat Linux servers, as well as Solaris and FreeBSD, performing installation, patching, hardening, and maintenance. He also handles all Cisco routers, switches, PIX and Checkpoint firewalls, CSS load balancers, IDS sensors and consoles. Kerry has implemented open source solution for monitoring networks, architectures, server processes, and bandwidth. Previously, he worked at network communications companies and ISPs and is the author of two books by Prima: the Linux Productivity Administrator's Guide and Red Hat Linux Administrator's Guide.

View Kerry J. Cox's full profile page.
Christopher Gerg

Christopher Gerg CISSP, CHSP is the Network Security Manager for Berbee Information Networks. His IT career started with phone technical support for Microsoft s launch of Windows 95 and his MCSE dates back to NT 3.51. He s worked as a system and network administrator and has traveled extensively installing WANs and infrastructure for a variety of clients. Five years ago things changed Christopher discovered open-source operating systems (FreeBSD, Debian, and Suse are his favorites) and he s spent three years as a penetration tester with Berbee and then transitioned from attack to defend for the last two years. Christopher is responsible for the network security of two Enterprise-class datacenters, the customers located in them, and the network infrastructure that connects it all (Multiple OC-48 SONET rings and multiple OC-3 s to the Internet). He uses Snort to watch it all. In his free time, Christopher raises rugged mountain alpacas in the wind-swept mountains of South-Central Wisconsin.

View Christopher Gerg's full profile page.

Colophon

Our look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects. The image on the cover of Managing Security with Snort and IDS Tools is a man on a rope with an ax. Colleen Gorman was the production editor and copyeditor for Managing Security with Snort and IDS Tools. Emily Quill, Genevieve d'Entremont, and Claire Cloutier provided quality control. Julie Hawks wrote the index.

Emma Colby designed the cover of this book, based on a series design by Edie Freedman. The cover image is a 19th-century engraving from Men: A Pictorial Archive. Emma Colby produced the cover layout with QuarkXPress 4.1 using Adobe's ITC Garamond font.

David Futato designed the interior layout. This book was converted by Julie Hawks to FrameMaker 5.5.6 with a format conversion tool created by Erik Ray, Jason McIntosh, Neil Walls, and Mike Sierra that uses Perl and XML technologies. The text font is Linotype Birka; the heading font is Adobe Myriad Condensed; and the code font is LucasFont's TheSans Mono Condensed. The illustrations that appear in the book were produced by Robert Romano and Jessamyn Read using Macromedia FreeHand 9 and Adobe Photoshop 6. The tip and warning icons were drawn by Christopher Bing. This colophon was written by Colleen Gorman.

Service and support by Satisfaction

O'Reilly Books & Videos

Managing Security with Snort & IDS Tools

Chapter 1 Introduction

Disappearing Perimeters

Defense-in-Depth

Detecting Intrusions (a Hierarchy of Approaches)

What Is NIDS (and What Is an Intrusion)?

The Challenges of Network Intrusion Detection

Why Snort as an NIDS?

Sites of Interest

Chapter 2 Network Traffic Analysis

The TCP/IP Suite of Protocols

Dissecting a Network Packet

Packet Sniffing

Installing tcpdump

tcpdump Basics

Examining tcpdump Output

Running tcpdump

ethereal

Sites of Interest

Chapter 3 Installing Snort

About Snort

Installing Snort

Command-Line Options

Modes of Operation

Chapter 4 Know Your Enemy

The Bad Guys

Anatomy of an Attack: The Five Ps

Denial-of-Service

IDS Evasion

Sites of Interest

Chapter 5 The snort.conf File

Network and Configuration Variables

Snort Decoder and Detection Engine Configuration

Preprocessor Configurations

Output Configurations

File Inclusions

Chapter 6 Deploying Snort

Deploy NIDS with Your Eyes Open

Initial Configuration

Sensor Placement

Securing the Sensor Itself

Using Snort More Effectively

Sites of Interest

Chapter 7 Creating and Managing Snort Rules

Downloading the Rules

The Rule Sets

Creating Your Own Rules

Rule Execution

Keeping Things Up-to-Date

Sites of Interest

Chapter 8 Intrusion Prevention

Intrusion Prevention Strategies

IPS Deployment Risks

Flexible Response with Snort

The Snort Inline Patch

Controlling Your Border

Sites of Interest

Chapter 9 Tuning and Thresholding

False Positives (False Alarms)

False Negatives (Missed Alerts)

Initial Configuration and Tuning

Pass Rules

Thresholding and Suppression

Chapter 10 Using ACID as a Snort IDS Management Console

Software Installation and Configuration

ACID Console Installation

Accessing the ACID Console

Analyzing the Captured Data

Sites of Interest

Chapter 11 Using SnortCenter as a Snort IDS Management Console

SnortCenter Console Installation

SnortCenter Agent Installation

SnortCenter Management Console

Logging In and Surveying the Layout

Adding Sensors to the Console

Managing Tasks

Chapter 12 Additional Tools for Snort IDS Management

Open Source Solutions

Commercial Solutions