Half a million IT professionals have downloaded Snort, the full-fledged intrusion detection system that doesn’t cost a dime. But, like all IDSes, Snort can be complex, requiring careful configuration and monitoring. Snort for Dummies simplifies all that, so you can get the benefits of intrusion detection with far less hassle and complexity.
Leading security analysts and consultants Charlie Scott and Paul Wolfe have been there, done that -- repeatedly. Here, they begin with a careful, step-by-step discussion of setting up Snort from scratch. You’ll walk through disabling unnecessary services on your underlying Linux system; compiling Snort from source (their recommended approach); securing the SSH daemon; installing and configuring Snort; setting up MySQL to log Snort’s output; and automatically starting Snort at boot time.
Like all IDSes, Snort can generate colossal amounts of data. Scott and Wolfe show how to read and understand its logs and alerts, and how to create visual reports that offer a high-level look at what the data’s telling you. After explaining how to customize Snort with your own rules, they show how to prepare for (and respond to) an actual attack.
There’s extensive coverage of keeping Snort up to date, and extending and automating it. That includes a full chapter on using Barnyard to control output to a database -- thereby allowing Snort to run more quickly and efficiently. Snort developers are creating all sorts of tools for managing and monitoring Snort; Scott and Wolfe profile the best of them.
Bottom line: If you’ve been hesitant to try Snort, get this book and get started. Bill Camarda
Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2003 and Upgrading & Fixing Networks for Dummies, Second Edition.