Snort for Dummies [Paperback]

Charlie Scott (Author), Paul Wolfe (Author), Bert Hayes (Author)

Book Description

ISBN-10: 0764568353 | ISBN-13: 978-0764568350 | Publication Date: July 9, 2004

• Snort is the world's most widely deployed open source intrusion-detection system, with more than 500,000 downloads-a package that can perform protocol analysis, handle content searching and matching, and detect a variety of attacks and probes
• Drawing on years of security experience and multiple Snort implementations, the authors guide readers through installation, configuration, and management of Snort in a busy operations environment
• No experience with intrusion detection systems (IDS) required
• Shows network administrators how to plan an IDS implementation, identify how Snort fits into a security management environment, deploy Snort on Linux and Windows systems, understand and create Snort detection rules, generate reports with ACID and other tools, and discover the nature and source of attacks in real time
• CD-ROM includes Snort, ACID, and a variety of management tools

Editorial Reviews

From the Back Cover

Find out how to foil an attack on your network

Choose the right way to deploy and configure Snort — no experience required!

Who knows what evil is poking around your network perimeter? Snort will sniff out worms, system crackers, and other bad guys, and this friendly guide helps you train Snort to do your bidding. Discover how intrusion detection systems work, what kind you need, how to install and manage Snort on Linux® or Windows® systems, and more.

All this on the bonus CD-ROM

• Snort Intrusion Detection System for Linux and Windows
• ACID Snort Visualization Console
• Barnyard unified logging tool and Oinkmaster rule manager
• Assorted other Snort management tools

Discover how to:

• Integrate Snort into your security plan
• Decide on the best deployment
• Create and update detection rules
• Generate reports with ACID
• Get real-time alerts in case of attack

About the Author

Charlie Scott is an Information Security Analyst for the City of Austin, where he helps maintain the City’s network security infrastructure and helps analyze intrusion detection data. He has nearly ten years of experience in the Internet industry and has been an avid user of open source security software that entire time. Charlie is a Certified Information Systems Security Professional (CISSP) and a Cisco Certified Network Professional (CCNP).

Bert Hayes is a Security Technical Analyst for the State of Texas, where he maintains network security for a medium sized agency. In Bert’s ten years of IT industry experience, he has done everything from managing a corporate IT shop during a successful IPO to performing white hat penetration tests for corporate and government offices. He has long been a proponent of open source solutions, and is a Red Hat Certified Engineer (RHCE).

Paul Wolfe is an independent information security consultant and author, specializing in open source security.

Product Details

• Paperback: 372 pages
• Publisher: For Dummies (July 9, 2004)
• Language: English
• ISBN-10: 0764568353
• ISBN-13: 978-0764568350
• Product Dimensions: 9.2 x 7.4 x 0.9 inches
• Shipping Weight: 1.4 pounds (View shipping rates and policies)
• Average Customer Review: 3.4 out of 5 stars  See all reviews (5 customer reviews)
• Amazon Best Sellers Rank: #897,809 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

4 of 4 people found the following review helpful:

4.0 out of 5 stars Great way to get your feet wet., October 18, 2004

By 

TX_Block - See all my reviews

This review is from: Snort for Dummies (Paperback)

If you want to get your feet wet or you've been tasked with deploying a snort system, this is a good way to start. In the typical, humorous, "for dummies" style, this book walks you through getting, setting up and using Snort and the ACID console.
The book also covers how to maintain and tweak the system, once it is up and running. A good effort by the authors.

5 of 6 people found the following review helpful:

4.0 out of 5 stars Excellent Starter, August 24, 2004

By 

Bill Cripen "Billc" (Torrance, CA) - See all my reviews

This review is from: Snort for Dummies (Paperback)

This is a great book for getting startet on snort. I've used other NIDS, but never braved downloading Snort ofr Windows. This book not only provided very detailed step-by-step instructions it also detailed some very useful tools. I really like that its not OS-centric. And Snort's Great!

2 of 3 people found the following review helpful:

4.0 out of 5 stars run Snort on a linux machine, September 16, 2005

By 

W Boudville (Terra, Sol 3) - See all my reviews
(VINE VOICE)    (TOP 1000 REVIEWER)    (HALL OF FAME REVIEWER)    (REAL NAME)   

This review is from: Snort for Dummies (Paperback)

One would think sysadmins would not need a Dummies book on network protection. But apparently, some do appreciate a quick course, like that given here. It shows how Snort is available for all the main operating systems. Though the authors point out manifold advantages of running it under linux.

As in being able to reduce linux down to a minimal core system. This may be a significant consideration even if most of your machines are running Microsoft operating systems. Since your Snort machine needs to be as secure as possible. So throwing out optional linux packages reduces the risk of a serious bug in these compromising the machine. Plus, because you never know when your net might be attacked, Snort should run with as much uptime as possible. Routinely, linux boxes are capable of extended uptime. While in principle this is also true of Microsoft machines, in practice they tend to get rebooted far more often.

The book goes further into the actual usages of Snort. But you may want to consider the above as one of the best suggestions in the book.