Snort Intrusion Detection 2.0 / Edition 2 by Syngress, James C. Foster, Ryan Russell, Jay Beale | | 9780080481005 | NOOK Book (eBook) | Barnes & Noble
Snort Intrusion Detection 2.0

Snort Intrusion Detection 2.0

by Syngress
     
 

View All Available Formats & Editions

The incredible low maintenance costs of Snort combined with its powerful security features make it one of the fastest growing IDSs within corporate IT departments.

Snort 2.0 Intrusion Detection is written by a member of Snort.org. The book provides a valuable insight to the code base of Snort and in-depth tutorials of complex installation,

Overview

The incredible low maintenance costs of Snort combined with its powerful security features make it one of the fastest growing IDSs within corporate IT departments.

Snort 2.0 Intrusion Detection is written by a member of Snort.org. The book provides a valuable insight to the code base of Snort and in-depth tutorials of complex installation, configuration, and troubleshooting scenarios.

The primary reader will be an individual who has a working knowledge of the TCP/IP protocol, expertise in some arena of IT infrastructure, and is inquisitive about what has been attacking their IT network perimeter every 15 seconds.

  • The most up-to-date and comprehensive coverage for Snort 2.0!
  • Expert Advice from the Development Team and Step-by-Step Instructions for Installing, Configuring, and Troubleshooting the Snort 2.0 Intrusion Detection System.

Editorial Reviews

From the Publisher
"I have been a diehard Snort user and member of the community since day one. Snort is awesome and there are so many incredibly talented people involved with it. I always wished that there was a book that documented everything, and gave lots of very cool information on all of the inner workings. I was psyched when I heard this book was being written, and I orderd it before it came out. I got mine on Friday and spent the weekend reading it. Considering the guys (and gal!) who wrote it, I shouldn't be surprised that the book rocks. Everything you ever wanted to know about Snort is in there. And, you know you are getting it from the Pig's mouth—er, or Snout ;)" - reviewer on Amazon.com

Product Details

ISBN-13:
9780080481005
Publisher:
Elsevier Science
Publication date:
05/11/2003
Sold by:
Barnes & Noble
Format:
NOOK Book
Pages:
550
File size:
9 MB

Read an Excerpt

Snort System Requirements

Before getting a system together, you need to know a few things. One, Snort data can take up a lot of disk space, and two, you'll need to be able to monitor the system remotely. The Snort system we maintain is in our machine room (which is cold, and a hike downstairs).

Because we're lazy and don't want to hike downstairs, we would like to be able to maintain it remotely and securely. For Linux and UNIX, this means including Secure Shell (SSH) and Apache with Secure Sockets Layer (SSL). For Windows, this would mean Terminal Services (with limitation on which users and machines can connect, and Internet Information Servers [IIS]).

Hardware

One of the most important things you'll need, especially if you're running Snort in Network-based Intrusion Detection System (NIDS) mode, is a really big hard drive. If you're storing your data as either syslog files or in a database, you'll need a lot of space to store all the data that the Snort's detection engine uses to check for rule violations.

Another highly recommended hardware component for Snort is a second Ethernet interface. One of the interfaces is necessary for typical network connectivity (SSH, Web services, and so forth), and the other interface is for Snorting. This sensing interface that does the "snorting" is your "Snort sensor."

Snort does not have any particular hardware requirements that your OS doesn't already require to run. Running any application with a faster processor usually makes the application work faster. However, you will be limited in the amount of data you collect by your network connection and by your hard drive.

However, you will need to have a reasonable size network interface card (NIC) to collect the correct amount of network packets. For example, if you are on a 100MB network, you will need a 100MB NIC to collect the correct amount of packets. Otherwise, you will miss packets and be unable to accurately collect alerts.

In addition, you will need a good size hard drive to store your data. If your hard drive is too small, there is a good chance that you will be unable to write alerts to either your database or log files. For example, our current setup for a single Snort sensor is a 9GB partition for /var.

Operating System

Snort was designed to be a lightweight network intrusion system. Currently, Snort can run on x86 systems Linux, FreeBSD, NetBSD, OpenBSD, and Windows. Other systems supported include Sparc Solaris, PowerPC MacOS X and MkLinux, and PA-RISC HP-UX. Snort will run on just about any modern OS today.

Oink!

People can get into religious wars as to which OS is best, but you have to be the one to administer the system, so you pick the OS.

There is an ongoing argument regarding the best OS on which to run Snort. A while back, the *BSDs had the better IP stack, but since Linux has gone to the 2.4 kernel, the IP stacks are comparable. Our favorite is NetBSD, but your mileage might vary.

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >