Qty:1
  • List Price: $44.99
  • Save: $10.22 (23%)
FREE Shipping on orders over $35.
In Stock.
Ships from and sold by Amazon.com.
Gift-wrap available.
Intrusion Detection with ... has been added to your Cart
+ $3.99 shipping
Used: Acceptable | Details
Condition: Used: Acceptable
Comment: FREE TRACKING/DELIVERY CONFIRMATION ON ALL ORDERS!! A used book that may have some cosmetic wear (i.e. shelf-wear, slightly torn or missing dust jacket, dented corner...) All text in great shape! Ships Safe, Secure, & Fast! 100% MONEY BACK GUARANTEE!
Access codes and supplements are not guaranteed with used items.
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID Paperback – May 18, 2003

ISBN-13: 007-6092023302 ISBN-10: 0131407333 Edition: 1st

Buy New
Price: $34.77
27 New from $19.39 22 Used from $1.20
Amazon Price New from Used from
Paperback
"Please retry"
$34.77
$19.39 $1.20
Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


Get Up to 80% Back When You Sell Us Your Books
$34.77 FREE Shipping on orders over $35. In Stock. Ships from and sold by Amazon.com. Gift-wrap available.
NO_CONTENT_IN_FEATURE

Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Paperback: 288 pages
  • Publisher: Prentice Hall; 1 edition (May 18, 2003)
  • Language: English
  • ISBN-10: 0131407333
  • ISBN-13: 978-0131407336
  • Product Dimensions: 7 x 0.7 x 9.2 inches
  • Shipping Weight: 1 pounds (View shipping rates and policies)
  • Average Customer Review: 3.7 out of 5 stars  See all reviews (9 customer reviews)
  • Amazon Best Sellers Rank: #1,136,211 in Books (See Top 100 in Books)

Editorial Reviews

From the Back Cover

Protect your network with Snort: the high-performance, open source IDS

Snort gives network administrators an open source intrusion detection system that outperforms proprietary alternatives. Now, Rafeeq Ur Rehman explains and simplifies every aspect of deploying and managing Snort in your network. You'll discover how to monitor all your network traffic in real time; update Snort to reflect new security threats; automate and analyze Snort alerts; and more. Best of all, Rehman's custom scripts integrate Snort with Apache, MySQL, PHP, and ACID-so you can build and optimize a complete IDS solution more quickly than ever before.

  • An expert introduction to intrusion detection and the role of Snort
  • Writing and updating Snort rules to reflect the latest attacks and exploits
  • Contains detailed coverage of Snort plug-ins, preprocessors, and output modules
  • Logging alerts to a MySQL database
  • Using ACID to search, process, and analyze security alerts
  • Using SnortSnarf to analyze Snort log files
  • XML support for Snort via the Simple Network Markup Language (SNML)
FTP Site

The accompanying ftp site contains all the software, scripts, and rules you need to get started with Snort.

About the Open Source Series

Bruce Perens' Open Source Series is a definitive series of Linux and Open Source books by the world's leading Linux software developers. Bruce Perens is the primary author of The Open Source Definition, the formative document of the open source movement, and the former Debian GNU/Linux Project Leader. The text of this book is Open Source licensed

About the Author

RAFEEQ UR REHMAN is founding director of Argus Network Security Services, Inc. He is an HP Certified System Administrator and CCNA with more than nine years' experience in UNIX and network administration, as well as C and database programming. His books include The Linux Development Platform; Solaris 8 Training Guide (310-043): Network Administrator Certification; and HP Certified: HP-UX System Administration. He is a contributing writer for SysAdmin Journal and Linux Journal.

Customer Reviews

3.7 out of 5 stars
Share your thoughts with other customers

Most Helpful Customer Reviews

17 of 20 people found the following review helpful By Richard Bejtlich on July 15, 2003
Format: Paperback
"Intrusion Detection with Snort: Advanced IDS, etc." (IDWS) was the second of this year's intrusion detection books I've reviewed. The first was Tim Crothers' "Implementing Intrusion Detection Systems" (4 stars). I was disappointed by IDWS, since I have a high opinion of Prentice Hall and the new "Bruce Perens' Open Source Series." (I'm looking forward to the book on CIFS, for example.) IDWS read poorly and doesn't deliver as much useful content as the competing Syngress book "Snort 2.0."

The most difficult aspect of reading IDWS is the author's grammar, particularly his avoidance of using definitive articles like "the", and other important words. For instance, p. 3 says "Apache web server takes help from ACID, etc." p. 133 claims "However, if you are using HTTP decode preprocessor, this attempt can detected." Beyond grammar, the author demonstrates weak knowledge of the IDS field, stating on p. 1 "Intrusion detection methods starting appearing in the last few years." James Anderson led the way in 1980, followed by Denning and Neumann in 1983 and Todd Heberlein in 1990! The author also repeatedly compares IDS to anti-virus signatures, which is simplistic and incorrect.

Technical errors further hamper IDWS. p. 89 makes the mistake of saying TCP sequence numbers count packets; they really count bytes of application data. p. 96-97 confuses the use of standard Boolean operators (AND, OR, NOT) with their use in Snort, which is different. (SF+ means SYN and FIN and zero or more other flags, not SYN AND FIN alone.) The fuzzy diagrams don't appear professional, and acronyms like "PHP" are defined incorrectly as "Pretty Home Page" (rather than the self-referencing "PHP Hypertext Processor.")

Coverage of important topics is lacking or outdated. First, Snort 1.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
5 of 6 people found the following review helpful By Karel M Baloun on August 13, 2003
Format: Paperback
This book is an effective introduction to Intruder Detection, demonstrating how popular open-source tools can be used. I found the code samples, table, diagrams and screenshots to be clear and useful. I learned what I'd hoped to learn and feel empowered to set up an IDS myself. Plenty of links and resources when I want to learn more.
I read a few of the other reviews here after I read the book... especially Richard B's. I noticed some of the same techinical mistakes, but don't feel that they are a big deal. As a sr. software engineer and techinical editor, I always read critically, just mentally note them and continue. They aren't the kind of mistakes that make the code useless, or would confuse/mislead any level of reader. Another editing pass would help most books, and I none of the grammar mistakes annoy me - I read to learn what I can and move on, not to nitpick or get annoyed.
As far as 1.9 vs. 2.0, I've looked at the snort site and agree that the release is signficant, but it doesn't break backwards compatibility, so it doesn't make this book any less revelant. 2.0 seems to mostly change the backend implementation - *the application is used identically* so I suspect the vast majority of this book is unaffected. The Syngress book covers 2.0, yet so does the website, which hypes this two-times-more-expensive book. That book too will no doubt soon be superceded, so read whatever you buy immediately ;-)
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
12 of 16 people found the following review helpful By Larry McGraw on May 27, 2003
Format: Paperback
This is the first book that I read on Snort, and I wish I had gone with something else. This book really reads like more of an overview of intrusion detection and Snort, rather than a useful reference for actually using Snort. This would be fine if the title did NOT include the words "Advanced" or "Techniques," because there is not a lot of either in this book. It also doesn't help that it's not written to the latest release. If you want to understand intrusion detection a little better and you are considering to try Snort, then this books is fine. If you want or need more, this just isn't the book.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
Format: Paperback
* It is an Intro Level book.
* References to Networking, Internetworking, and ICP/IP are bad and inaccurate.

I have only read the first three chapters, but I am writing a review nonetheless.
I will still continue to read this book, I still think it has information I can learn from.

Ya, this is worth mentioning. Someone trying to learn Snort, should not be hit with inaccurate and misleading usage of network terms.
For a reader, who is new to the IT world, who does not realize this author is being misleading in the use of networking terms and concepts (or perhaps the author simply does not know what he himself is talking about, which is not good), it can be confusing. The reader might even learn incorrect or inaccurate networking terms and concepts, which would not be good for the reader !!!

Leaning IT is challenging enough, especially for new people; INACCURACIES, misleading, or non-explicit use of terms, should NEVER be part of an IT document, paper, or book.

If YOU KNOW NOTHING OF --== Networking ==-- or --== Snort ==--, do not take everything in this book at 100% face value.
The references to Internetworking are bad. If you do not already know Internetworking and the related terminology and concepts, just know the Networking terms and concepts presented in this book are not accurate. I mean they can confuse you if you do not already know the subject matter.
For example, the TCP/IP protocol stack, or model, has ONLY FOUR Layers not Five. The Physical Layer is NOT part of the TCP/IP Architectural Model.

YES, this book's primary subject is "Snort," but references to other subjects, such as the references to networking, NEED to be accurate !!!
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

More About the Author

Discover books, learn about writers, read author blogs, and more.

What Other Items Do Customers Buy After Viewing This Item?

Set up an Amazon Giveaway

Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more
Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID
This item: Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID
Price: $44.99 $34.77
Ships from and sold by Amazon.com