Book description
Intrusion detection is not for the faint at heart. But, if you are a network administrator chances are you're under increasing pressure to ensure that mission-critical systems are safe--in fact impenetrable--from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders.Designing a reliable way to detect intruders before they get in is a vital but daunting challenge. Because of this, a plethora of complex, sophisticated, and pricy software solutions are now available. In terms of raw power and features, SNORT, the most commonly used Open Source Intrusion Detection System, (IDS) has begun to eclipse many expensive proprietary IDSes. In terms of documentation or ease of use, however, SNORT can seem overwhelming. Which output plugin to use? How do you to email alerts to yourself? Most importantly, how do you sort through the immense amount of information Snort makes available to you?Many intrusion detection books are long on theory but short on specifics and practical examples. Not Managing Security with Snort and IDS Tools. This new book is a thorough, exceptionally practical guide to managing network security using Snort 2.1 (the latest release) and dozens of other high-quality open source other open source intrusion detection programs.Managing Security with Snort and IDS Tools covers reliable methods for detecting network intruders, from using simple packet sniffers to more sophisticated IDS (Intrusion Detection Systems) applications and the GUI interfaces for managing them. A comprehensive but concise guide for monitoring illegal entry attempts, this invaluable new book explains how to shut down and secure workstations, servers, firewalls, routers, sensors and other network devices.Step-by-step instructions are provided to quickly get up and running with Snort. Each chapter includes links for the programs discussed, and additional links at the end of the book give administrators access to numerous web sites for additional information and instructional material that will satisfy even the most serious security enthusiasts.Managing Security with Snort and IDS Tools maps out a proactive--and effective--approach to keeping your systems safe from attack.
Publisher resources
Table of contents
- Preface
- 1. Introduction
- 2. Network Traffic Analysis
- 3. Installing Snort
- 4. Know Your Enemy
- 5. The snort.conf File
- 6. Deploying Snort
- 7. Creating and Managing Snort Rules
- 8. Intrusion Prevention
- 9. Tuning and Thresholding
-
10. Using ACID as a Snort IDS Management Console
- 10.1. Software Installation and Configuration
- 10.2. ACID Console Installation
- 10.3. Accessing the ACID Console
- 10.4. Analyzing the Captured Data
- 10.5. Sites of Interest
- 11. Using SnortCenter as a Snort IDS Management Console
- 12. Additional Tools for Snort IDS Management
- 13. Strategies for High-Bandwidth Implementations of Snort
-
A. Snort and ACID Database Schema
-
A.1. acid_ag
-
A.1.1. acid_ag_alert
- A.1.1.1. acid_event
- A.1.1.2. acid_ip_cache
- A.1.1.3. data
- A.1.1.4. detail
- A.1.1.5. encoding
- A.1.1.6. event
- A.1.1.7. icmphdr
- A.1.1.8. iphdr
- A.1.1.9. opt
- A.1.1.10. reference
- A.1.1.11. reference_system
- A.1.1.12. schema
- A.1.1.13. sensor
- A.1.1.14. sig_class
- A.1.1.15. sig_reference
- A.1.1.16. signature
- A.1.1.17. tcphdr
- A.1.1.18. udphdr
-
A.1.1. acid_ag_alert
-
A.1. acid_ag
- B. The Default snort.conf File
-
C. Resources
- C.1. From Chapter 1: Introduction
- C.2. From Chapter 2: Network Traffic Analysis
- C.3. From Chapter 4: Know Your Enemy
- C.4. From Chapter 6: Deploying Snort
- C.5. From Chapter 7: Creating and Managing Snort Rules
- C.6. From Chapter 8: Intrusion Prevention
- C.7. From Chapter 10: Using ACID as a Snort IDS Management Console
- C.8. From Chapter 12: Additional Tools for Snort IDS Management
- C.9. From Chapter 13: Strategies for High-Bandwidth Implementations of Snort
- About the Authors
- Colophon
- Copyright
Product information
- Title: Managing Security with Snort & IDS Tools
- Author(s):
- Release date: August 2004
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9780596006617
You might also like
article
Managing Encryption Keys
This collection of shortcuts provides a practical and concise guide to securing cloud environments. It covers …
book
Snort Intrusion Detection 2.0
The incredible low maintenance costs of Snort combined with its powerful security features make it one …
book
OSSEC Host-Based Intrusion Detection Guide
This book is the definitive guide on the OSSEC Host-based Intrusion Detection system and frankly, to …
book
Snort Intrusion Detection and Prevention Toolkit
This all new book covering the brand new Snort version 2.6 from members of the Snort …