Intrusion Detection with Snort / Edition 1

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 96%)
Other sellers (Paperback)
  • All (10) from $1.99   
  • New (5) from $24.99   
  • Used (5) from $1.99   


With over 100,000 installations, the Snort open-source network instrusion detection system is combined with other free tools to deliver IDS defense to medium - to small-sized companies, changing the tradition of intrusion detection being affordable only for large companies with large budgets.

Until now, Snort users had to rely on the official guide available on That guide is aimed at relatively experience snort administrators and covers thousands of rules and known exploits.

The lack of usable information made using Snort a frustrating experience. The average Snort user needs to learn how to actually get their systems up-and-running.

Snort Intrusion Detection provides readers with practical guidance on how to put Snort to work. Opening with a primer to intrusion detection and Snort, the book takes the reader through planning an installation to building the server and sensor, tuning the system, implementing the system and analyzing traffic, writing rules, upgrading the system, and extending Snort.

Read More Show Less

Editorial Reviews

From Barnes & Noble
The Barnes & Noble Review
Snort is hard -- but worth it. This open source intrusion detection system is serving 100,000 organizations right now -- without the cost or limitations of closed source IDSes. To make it work, those companies first had to struggle with’s challenging online manual. Then, they had to figure out which of hundreds of ancillary applications, tools, and scripts they needed to integrate into Snort. Fortunately, implementing Snort will be far easier for you. You’ll have Intrusion Detection with Snort.

Jack Koziol, who’s architected Snort-based IDSes to protect online banking systems, covers every step of the process. You’ll start with a practical discussion of how IDSes do what they do, and a concise review of how Snort’s components fit together. Then, Koziol shows how to plan your Snort installation: defining IDS policies, deciding what to monitor, architecting your system, and planning for maintenance and incident response. After a chapter on hardware, you’ll walk through constructing a Snort server and the packet-sniffing sensor that runs with it.

Most folks who’ll use Snort will want to add an alert management GUI; Koiziol covers ACID in depth and introduces powerful tools for generating real-time alerts. You’ll probably want a better way to manage your signatures: Koziol introduces and covers IDS Policy Manager. There’s even a brief introduction to tools like SnortSam that go beyond “detection” to intrusion prevention.

There are full chapters on two crucial IDS administration tasks: tuning to eliminate false positives and writing and editing rules. And, last but not least: troubleshooting. Scores of volunteer programmers have given Snort immense potential: Jack Koziol will help you realize it. Bill Camarda

Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks for Dummies, Second Edition.

Slashdot Book Review
Overall Jack Koziol's Intrusion Detection with Snort is a valuable text for learning Intrusion Detection with the worlds premier open source IDS
Sure you can get tons of online articles about security, snort, and everything else under the sun. But for security, it's nice to have a book to get some more robust information than the 2 page onliners.
Read More Show Less

Product Details

  • ISBN-13: 9781578702817
  • Publisher: Sams
  • Publication date: 4/15/2003
  • Edition number: 1
  • Pages: 340
  • Product dimensions: 7.20 (w) x 9.00 (h) x 0.80 (d)

Meet the Author

Jack Koziol is the Information Security Officer at a major Chicago-area financial institution, responsible for security enterprise-wide. Previously, he has held information security positions at an online health care company and a point-of-care Internet-based pharmacy. Jack has written for Information Security magazine, and released several whitepapers on intrusion detection. He teaches the CISSP and "Hack and Defend" courses.

Jack has architected, maintained, and managed Snort and other IDS technologies in large production environments since 1998. He has also written Snort signature sets designed for specific applications.

Read More Show Less

Table of Contents

1. Intrusion Detection Primer.

IDSs Come in Different Flavors. Methods of Detecting Intrusions. Origin of Attacks. Orchestrating an Attack. The IDS Reality. Summary.

2. Network Intrusion Detection with Snort.

Snort's Specifications. Detecting Suspicious Traffic via Signatures. Detecting Suspicious Traffic via Heuristics. Gathering Intrusion Data. Alerting via Output Plug-ins. Prioritizing Alerts. Distributed Snort Architecture. Securing Snort. Shortcomings. Summary.

3. Dissecting Snort.

Feeding Snort Packets with Libpcap. Preprocessors. The Detection Engine. Output Plugins. Summary.

4. Planning for the Snort Installation.

Defining an IDS Policy. Deciding What to Monitor. Designing Your Snort Architecture. Planning for Maintenance. Incident Response Plan. Responding to an Incident. Restoring to a Normal State. Summary.

5. The Foundation-Hardware and Operating Systems.

Hardware Performance Metrics. Picking a Platform. The Monitoring Segment. Distributing Traffic to Multiple Sensors. Summary.

6. Building the Server.

Installation Guide Notes. Red Hat Linux 7.3. Post-Installation Tasks. Installing the Snort Server Components. Summary.

7. Building the Sensor.

Installation Guide Notes. Installing the Snort Sensor Components. Installing Snort. Implementing Barnyard. Summary.

8. Building the Analyst's Console.

Windows. Linux. Testing the Console. Working with ACID. Summary.

9. Additional Installation Methods.

The Hybrid Server/Sensor. Snort on OpenBSD. Snort on Windows. Summary.

10. Tuning and Reducing False Positives.

Pre-Tuning Activities. Tuning the Network for Snort. Filtering Traffic with Snort. Tuning the Preprocessors. Refining the Ruleset. Organize Your Rules. Designing a Targeted Ruleset. Tuning MySQL. Tuning ACID. Summary.

11. Real-Time Alerting.

An Overview of Real-Time Alerting with Snort. Prioritization of Alerts. Alerting with the Hybrid. Alerting with Distributed Snort.

12. Basic Rule Writing.

Fundamental Rule Writing Concepts. Rule Syntax. Writing Rules. Summary.

13. Upgrading and Maintaining Snort.

Choosing a Snort Management Application. IDS Policy Manager. SnortCenter. Upgrading Snort. Summary.

14. Advanced Topics in Intrusion Prevention.

A Warning Concerning Intrusion Prevention. Planning an Intrusion Prevention Strategy. Snort Inline Patch. SnortSam. Summary.

Appendix A. Troubleshooting.

Snort Issues. ACID Issues. IDS Strategy.

Appendix B. Rule Documentation.


Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)