- Shopping Bag ( 0 items )
From Barnes & NobleThe Barnes & Noble Review
Snort is hard -- but worth it. This open source intrusion detection system is serving 100,000 organizations right now -- without the cost or limitations of closed source IDSes. To make it work, those companies first had to struggle with Snort.org’s challenging online manual. Then, they had to figure out which of hundreds of ancillary applications, tools, and scripts they needed to integrate into Snort. Fortunately, implementing Snort will be far easier for you. You’ll have Intrusion Detection with Snort.
Jack Koziol, who’s architected Snort-based IDSes to protect online banking systems, covers every step of the process. You’ll start with a practical discussion of how IDSes do what they do, and a concise review of how Snort’s components fit together. Then, Koziol shows how to plan your Snort installation: defining IDS policies, deciding what to monitor, architecting your system, and planning for maintenance and incident response. After a chapter on hardware, you’ll walk through constructing a Snort server and the packet-sniffing sensor that runs with it.
Most folks who’ll use Snort will want to add an alert management GUI; Koiziol covers ACID in depth and introduces powerful tools for generating real-time alerts. You’ll probably want a better way to manage your signatures: Koziol introduces and covers IDS Policy Manager. There’s even a brief introduction to tools like SnortSam that go beyond “detection” to intrusion prevention.
There are full chapters on two crucial IDS administration tasks: tuning to eliminate false positives and writing and editing rules. And, last but not least: troubleshooting. Scores of volunteer programmers have given Snort immense potential: Jack Koziol will help you realize it. Bill Camarda
Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks for Dummies, Second Edition.