×

Uh-oh, it looks like your Internet Explorer is out of date.

For a better shopping experience, please upgrade now.

Snort For Dummies
     

Snort For Dummies

by Charlie Scott, Paul Wolfe, Bert Hayes
 

  • Snort is the world's most widely deployed open source intrusion-detection system, with more than 500,000 downloads-a package that can perform protocol analysis, handle content searching and matching, and detect a variety of attacks and probes
  • Drawing on years of security experience and multiple Snort implementations, the authors guide readers

Overview

  • Snort is the world's most widely deployed open source intrusion-detection system, with more than 500,000 downloads-a package that can perform protocol analysis, handle content searching and matching, and detect a variety of attacks and probes
  • Drawing on years of security experience and multiple Snort implementations, the authors guide readers through installation, configuration, and management of Snort in a busy operations environment
  • No experience with intrusion detection systems (IDS) required
  • Shows network administrators how to plan an IDS implementation, identify how Snort fits into a security management environment, deploy Snort on Linux and Windows systems, understand and create Snort detection rules, generate reports with ACID and other tools, and discover the nature and source of attacks in real time
  • CD-ROM includes Snort, ACID, and a variety of management tools

Editorial Reviews

bn.com
The Barnes & Noble Review
Half a million IT professionals have downloaded Snort, the full-fledged intrusion detection system that doesn’t cost a dime. But, like all IDSes, Snort can be complex, requiring careful configuration and monitoring. Snort for Dummies simplifies all that, so you can get the benefits of intrusion detection with far less hassle and complexity.

Leading security analysts and consultants Charlie Scott and Paul Wolfe have been there, done that -- repeatedly. Here, they begin with a careful, step-by-step discussion of setting up Snort from scratch. You’ll walk through disabling unnecessary services on your underlying Linux system; compiling Snort from source (their recommended approach); securing the SSH daemon; installing and configuring Snort; setting up MySQL to log Snort’s output; and automatically starting Snort at boot time.

Like all IDSes, Snort can generate colossal amounts of data. Scott and Wolfe show how to read and understand its logs and alerts, and how to create visual reports that offer a high-level look at what the data’s telling you. After explaining how to customize Snort with your own rules, they show how to prepare for (and respond to) an actual attack.

There’s extensive coverage of keeping Snort up to date, and extending and automating it. That includes a full chapter on using Barnyard to control output to a database -- thereby allowing Snort to run more quickly and efficiently. Snort developers are creating all sorts of tools for managing and monitoring Snort; Scott and Wolfe profile the best of them.

Bottom line: If you’ve been hesitant to try Snort, get this book and get started. Bill Camarda

Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2003 and Upgrading & Fixing Networks for Dummies, Second Edition.

Product Details

ISBN-13:
9780764568350
Publisher:
Wiley
Publication date:
06/28/2004
Series:
For Dummies Series
Edition description:
BK&CD-ROM
Pages:
372
Product dimensions:
9.20(w) x 7.42(h) x 0.89(d)

Related Subjects

Meet the Author

Charlie Scott is an Information Security Analyst for the City of Austin, where he helps maintain the City’s network security infrastructure and helps analyze intrusion detection data. He has nearly ten years of experience in the Internet industry and has been an avid user of open source security software that entire time. Charlie is a Certified Information Systems Security Professional (CISSP) and a Cisco Certified Network Professional (CCNP).

Bert Hayes is a Security Technical Analyst for the State of Texas, where he maintains network security for a medium sized agency. In Bert’s ten years of IT industry experience, he has done everything from managing a corporate IT shop during a successful IPO to performing white hat penetration tests for corporate and government offices. He has long been a proponent of open source solutions, and is a Red Hat Certified Engineer (RHCE).

Paul Wolfe is an independent information security consultant and author, specializing in open source security.

Customer Reviews

Average Review:

Post to your social network

     

Most Helpful Customer Reviews

See all customer reviews