- Paperback: 360 pages
- Publisher: Sams Publishing; 2nd edition (May 30, 2003)
- Language: English
- ISBN-10: 157870281X
- ISBN-13: 978-1578702817
- Product Dimensions: 7.2 x 0.8 x 9 inches
- Shipping Weight: 1.5 pounds (View shipping rates and policies)
- Average Customer Review: 15 customer reviews
- Amazon Best Sellers Rank: #2,893,531 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Intrusion Detection with Snort 2nd Edition
Use the Amazon App to scan ISBNs and compare prices.
See the Best Books of 2018 So Far
Looking for something great to read? Browse our editors' picks for the best books of the year so far in fiction, nonfiction, mysteries, children's books, and much more.
Frequently bought together
Customers who viewed this item also viewed
"For security, it's nice to have a book to get some more robust information than the 2 page onliners." -- Gortbusters.org
Overall Koziol's book is a valuable text for learning Intrusion Detection with the world's premier open source IDS -- Slashdot
From the Back Cover
With over 100,000 installations, the Snort open-source network instrusion detection system is combined with other free tools to deliver IDS defense to medium - to small-sized companies, changing the tradition of intrusion detection being affordable only for large companies with large budgets.
Until now, Snort users had to rely on the official guide available on snort.org. That guide is aimed at relatively experience snort administrators and covers thousands of rules and known exploits.
The lack of usable information made using Snort a frustrating experience. The average Snort user needs to learn how to actually get their systems up-and-running.
"Snort Intrusion Detection" provides readers with practical guidance on how to put Snort to work. Opening with a primer to intrusion detection and Snort, the book takes the reader through planning an installation to building the server and sensor, tuning the system, implementing the system and analyzing traffic, writing rules, upgrading the system, and extending Snort.
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
So the material.... This book introduces Snort, what it is/does, etc, then moves on to how it works. I really enjoyed chapter 3, which looks into all the preprocessors and a brief desciption of Snort's order of operations and modularity.
I would especially recommend chapters 4 and 5 to new Snorters since design issues comprise a huge part of the questions posed to the Snort mailing list, most of which have easy or standard answers. After that, the installation/configuration chapters demonstrate how to get a running setup using RedHat.
I've read a couple complaints in earlier reviews that these instructions don't work and I must say that it is exceedingly difficult to write an installation procedure that incorporates half a dozen different pieces of software, all of which are under seperate development. I actually know about this because I maintain the FreeBSD install guide on the snort site and the instructions that work one week are slightly off the next week. Use the instructions in this book as a guide and you probably won't have much dirty work to figure out on your own.
The rest of the book gets into the nitty-gritty of using Snort and I think it does a pretty good job. This includes tuning signature sets to use less memory/CPU and to generate more reliable alerts. False positives are the bane of the IDS world. If you're new to Snort/IDS then you'll enjoy learning of several great tools like Swatch and Barnyard that this book explores.
Overall I think this book is well worth the 31 clams I coughed up on Amazon.
The book is laid out in a logical, easy to understand manner, and I will definitely using this as my reference once I get a box I can put it on.
This book got me there. I was able to get the meaty technical details I needed, and couldn't find answers to online. Im a highly technical person, Im no (dummy) who gets scared of the command line. Id scoured the snort.org website, mailing lists, newsgroups, securityfocus lists, but they lacked in a lot of areas. Especially, the online articles dont talk about using snort in a corporate or enterprise-size setting. I picked up this book and I was able to put in a very highly effective tuned snort install. I also have moved on to advanced topics, like creating my own custom rules that apply only to my company's network. I use these 20 or so rules to catch traffic that is not supposed to be on my network, but might be normal somewhere else, so there is no offical snort.org rule for them.
In short, this is the best book ive read in a few years, at least for a technical book.
Let me say first, if you are going to actually implement everything in this book, getting through it is going to take some time. This isn't the kind of thing you can learn totally in one night, or even one week. There are just tons of examples and intrusion detection strategies to work through. I like how the author goes through several real-world examples in each chapter, such as teaching you step by step on how to write a snort signature or rule from a raw packet capture. Nowhere on the internet have I seen this, trust me ive looked hard.
Also, the book goes beyond using snort. There are a bunch of tools you need to use with snort in order for it to work well. Snort doesnt have any real time email alerting features, remote signature update tools, or even a GUI interface!! All of these things are seperate, and you can't really use snort in the real world without them. This is why I bought this book instead of the other 2 that are out there.