Managing Security with Snort & IDS Tools
Managing Security with Snort & IDS Tools By Kerry J. Cox, Christopher Gerg
August 2004
Pages: 288

| Table of Contents | Index | Sample Chapter | Colophon

Table of Contents

  1. Chapter 1 Introduction

    1. Disappearing Perimeters

    2. Defense-in-Depth

    3. Detecting Intrusions (a Hierarchy of Approaches)

    4. What Is NIDS (and What Is an Intrusion)?

    5. The Challenges of Network Intrusion Detection

    6. Why Snort as an NIDS?

    7. Sites of Interest

  2. Chapter 2 Network Traffic Analysis

    1. The TCP/IP Suite of Protocols

    2. Dissecting a Network Packet

    3. Packet Sniffing

    4. Installing tcpdump

    5. tcpdump Basics

    6. Examining tcpdump Output

    7. Running tcpdump

    8. ethereal

    9. Sites of Interest

  3. Chapter 3 Installing Snort

    1. About Snort

    2. Installing Snort

    3. Command-Line Options

    4. Modes of Operation

  4. Chapter 4 Know Your Enemy

    1. The Bad Guys

    2. Anatomy of an Attack: The Five Ps

    3. Denial-of-Service

    4. IDS Evasion

    5. Sites of Interest

  5. Chapter 5 The snort.conf File

    1. Network and Configuration Variables

    2. Snort Decoder and Detection Engine Configuration

    3. Preprocessor Configurations

    4. Output Configurations

    5. File Inclusions

  6. Chapter 6 Deploying Snort

    1. Deploy NIDS with Your Eyes Open

    2. Initial Configuration

    3. Sensor Placement

    4. Securing the Sensor Itself

    5. Using Snort More Effectively

    6. Sites of Interest

  7. Chapter 7 Creating and Managing Snort Rules

    1. Downloading the Rules

    2. The Rule Sets

    3. Creating Your Own Rules

    4. Rule Execution

    5. Keeping Things Up-to-Date

    6. Sites of Interest

  8. Chapter 8 Intrusion Prevention

    1. Intrusion Prevention Strategies

    2. IPS Deployment Risks

    3. Flexible Response with Snort

    4. The Snort Inline Patch

    5. Controlling Your Border

    6. Sites of Interest

  9. Chapter 9 Tuning and Thresholding

    1. False Positives (False Alarms)

    2. False Negatives (Missed Alerts)

    3. Initial Configuration and Tuning

    4. Pass Rules

    5. Thresholding and Suppression

  10. Chapter 10 Using ACID as a Snort IDS Management Console

    1. Software Installation and Configuration

    2. ACID Console Installation

    3. Accessing the ACID Console

    4. Analyzing the Captured Data

    5. Sites of Interest

  11. Chapter 11 Using SnortCenter as a Snort IDS Management Console

    1. SnortCenter Console Installation

    2. SnortCenter Agent Installation

    3. SnortCenter Management Console

    4. Logging In and Surveying the Layout

    5. Adding Sensors to the Console

    6. Managing Tasks

  12. Chapter 12 Additional Tools for Snort IDS Management

    1. Open Source Solutions

    2. Commercial Solutions

  13. Chapter 13 Strategies for High-Bandwidth Implementations of Snort

    1. Barnyard (and Sguil)

    2. Commericial IDS Load Balancers

    3. The IDS Distribution System (I(DS)2)

  1. Appendix A Snort and ACID Database Schema

    1. acid_ag

  2. Appendix B The Default snort.conf File

  3. Appendix C Resources

    1. From Chapter 1: Introduction

    2. From Chapter 2: Network Traffic Analysis

    3. From Chapter 4: Know Your Enemy

    4. From Chapter 6: Deploying Snort

    5. From Chapter 7: Creating and Managing Snort Rules

    6. From Chapter 8: Intrusion Prevention

    7. From Chapter 10: Using ACID as a Snort IDS Management Console

    8. From Chapter 12: Additional Tools for Snort IDS Management

    9. From Chapter 13: Strategies for High-Bandwidth Implementations of Snort

  4. Colophon

Return to Managing Security with Snort & IDS Tools