Intrusion Detection with Snort [Paperback]

Jack Koziol (Author)

Book Description

ISBN-10: 157870281X | ISBN-13: 978-1578702817 | Publication Date: May 30, 2003 | Edition: 2nd

With over 100,000 installations, the Snort open-source network instrusion detection system is combined with other free tools to deliver IDS defense to medium - to small-sized companies, changing the tradition of intrusion detection being affordable only for large companies with large budgets.

Until now, Snort users had to rely on the official guide available on snort.org. That guide is aimed at relatively experience snort administrators and covers thousands of rules and known exploits.

The lack of usable information made using Snort a frustrating experience. The average Snort user needs to learn how to actually get their systems up-and-running.

Snort Intrusion Detection provides readers with practical guidance on how to put Snort to work. Opening with a primer to intrusion detection and Snort, the book takes the reader through planning an installation to building the server and sensor, tuning the system, implementing the system and analyzing traffic, writing rules, upgrading the system, and extending Snort.

Editorial Reviews

Review

"For security, it's nice to have a book to get some more robust information than the 2 page onliners." -- Gortbusters.org

Overall Koziol's book is a valuable text for learning Intrusion Detection with the world's premier open source IDS -- Slashdot

From the Back Cover

With over 100,000 installations, the Snort open-source network instrusion detection system is combined with other free tools to deliver IDS defense to medium - to small-sized companies, changing the tradition of intrusion detection being affordable only for large companies with large budgets.

Until now, Snort users had to rely on the official guide available on snort. That guide is aimed at relatively experience snort administrators and covers thousands of rules and known exploits.

The lack of usable information made using Snort a frustrating experience. The average Snort user needs to learn how to actually get their systems up-and-running.

Snort Intrusion Detection provides readers with practical guidance on how to put Snort to work. Opening with a primer to intrusion detection and Snort, the book takes the reader through planning an installation to building the server and sensor, tuning the system, implementing the system and analyzing traffic, writing rules, upgrading the system, and extending Snort.

See all Editorial Reviews

Product Details

• Paperback: 360 pages
• Publisher: Sams; 2nd edition (May 30, 2003)
• Language: English
• ISBN-10: 157870281X
• ISBN-13: 978-1578702817
• Product Dimensions: 9.1 x 7.3 x 0.9 inches
• Shipping Weight: 1.5 pounds (View shipping rates and policies)
• Average Customer Review: 4.2 out of 5 stars  See all reviews (15 customer reviews)
• Amazon Best Sellers Rank: #1,426,206 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

15 of 15 people found the following review helpful:

5.0 out of 5 stars Amazing book, August 4, 2003

By 

Mark Benson (Austin, TX) - See all my reviews

This review is from: Intrusion Detection with Snort (Paperback)

This is one of those "essential, have to have" books. I just got through all of the examples and finished building out a 3-tiered snort network for the company where I work as a senior security engineer. We previously had some older, expensive, ISS realsecure equipment in place, and I made the case to managment to replace the RealSecure stuff with open-source Snort. It wasn't that hard, the maintence cost for an upgrade was going to be more than my whole entire Snort-based design. My company had good experiences with apache on red hat, so it wasn't a super hard sell. Times are tough, and managment is looking for ways to cut costs.

This book got me there. I was able to get the meaty technical details I needed, and couldn't find answers to online. Im a highly technical person, Im no (dummy) who gets scared of the command line. Id scoured the snort.org website, mailing lists, newsgroups, securityfocus lists, but they lacked in a lot of areas. Especially, the online articles dont talk about using snort in a corporate or enterprise-size setting. I picked up this book and I was able to put in a very highly effective tuned snort install. I also have moved on to advanced topics, like creating my own custom rules that apply only to my company's network. I use these 20 or so rules to catch traffic that is not supposed to be on my network, but might be normal somewhere else, so there is no offical snort.org rule for them.

In short, this is the best book ive read in a few years, at least for a technical book.

13 of 13 people found the following review helpful:

5.0 out of 5 stars Impressive book, June 30, 2003

By 

Mark Stanoff (Palo Alto, CA) - See all my reviews

This review is from: Intrusion Detection with Snort (Paperback)

I've seen a bunch of reviews for this book on security and open source websites on the internet. I usually don't buy paper books, I prefer to read online howtos and go to the library to check something out. I only buy something if I really think ill be able to get practical skills out of it (such as the Perl Cookbook, etc.) After reading the slashdot review on this book, I figured that it was time I learn snort and intrusion detection.

Let me say first, if you are going to actually implement everything in this book, getting through it is going to take some time. This isn't the kind of thing you can learn totally in one night, or even one week. There are just tons of examples and intrusion detection strategies to work through. I like how the author goes through several real-world examples in each chapter, such as teaching you step by step on how to write a snort signature or rule from a raw packet capture. Nowhere on the internet have I seen this, trust me ive looked hard.

Also, the book goes beyond using snort. There are a bunch of tools you need to use with snort in order for it to work well. Snort doesnt have any real time email alerting features, remote signature update tools, or even a GUI interface!! All of these things are seperate, and you can't really use snort in the real world without them. This is why I bought this book instead of the other 2 that are out there.

8 of 8 people found the following review helpful:

5.0 out of 5 stars Broader in scope, not just snort, July 10, 2003

By 

Ma, Tien Jui (Taipei Taiwan) - See all my reviews
(REAL NAME)   

This review is from: Intrusion Detection with Snort (Paperback)

Unlike the "Snort 2.0 Intrusion Detection", this book talks more on intrusion detection. If you are a planner on intrusion detection, this book is a perfect match. If you are the engineer setting up snort, the "Snort 2.0 Intrusion Detection" might be easier to follow.