If you are a network administrator, you're under a lot of pressure to ensure that mission-critical systems are completely safe from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is an essentialbut often overwhelmingchallenge. Snort, the defacto open source standard of intrusion detection tools, is capable of performing real-time traffic analysis and packet logging on IP network. It can perform protocol analysis, content searching, and matching. Snort can save countless headaches; the new Snort Cookbook will save countless hours of sifting through dubious online advice or wordy tutorials in order to leverage the full power of SNORT.Each recipe in the popular and practical problem-solution-discussion O'Reilly cookbook format contains a clear and thorough description of the problem, a concise but complete discussion of a solution, and real-world examples that illustrate that solution. The Snort Cookbook covers important issues that sys admins and security pros will us everyday, such as:
- rules and signatures
- detecting viruses
- detecting common attacks
- log analysis
|Publisher:||O'Reilly Media, Incorporated|
|Product dimensions:||7.00(w) x 9.19(h) x 0.69(d)|
About the Author
Angela Orebaugh is an information security technologist, scientist, and author with a broad spectrum of expertise in information assurance. She synergizes her 15 years of hands-on experiences within industry, academia, and government to advise clients on information assurance strategy, management, and technologies.
Ms. Orebaugh is involved in several security initiatives with the National Institute of Standards and Technology (NIST), including technical Special Publications (800 series), the National Vulnerability Database (NVD), Security Content Automation Protocol (SCAP) project, and secure eVoting.
Ms. Orebaugh is an Adjunct Professor for George Mason University where she performs research and teaching in intrusion detection and forensics. She developed and teaches the Intrusion Detection curriculum, a core requirement for the Forensics program in the Department of Electrical and Computer Engineering. Her current research interests include peer-reviewed publications in the areas of intrusion detection and prevention, data mining, attacker profiling, user behavior analysis, and network forensics.
Ms. Orebaugh is the author of the Syngress best seller's Nmap in the Enterprise, Wireshark and Ethereal Network Protocol Analyzer Toolkit, and Ethereal Packet Sniffing. She has also co-authored the Snort Cookbook, Intrusion Prevention and Active Response, and How to Cheat at Configuring Open Source Security Tools. Angela is a frequent speaker at a variety of security conferences and technology events, including the SANS Institute and The Institute for Applied Network Security.
Ms. Orebaugh holds a Masters degree in Computer Science and a Bachelors degree in Computer Information Systems from James Madison University. She is currently completing her dissertation for her Ph.D. at George Mason University, with a concentration in Information Security.
Simon Biles is currently Director of Thinking Security Ltd. an Information Security Consultancy based near Oxford in the UK. The company deals with all aspects of InfoSec from Incident Response and Forensics through to ISO 27001 work. He is currently studying for his MSc in Forensic Computing at Shrivenham with Cranfield University. He holds a CISSP, is Certified as an ISO17799 Lead Auditor, is a Chartered IT Professional with the British Computer Society and is also a member of F3 - the UK's First Forensic Forum. Currently he is involved in a project to define and support best practices in Forensics - you can find out more about this at the Open Forensics Group.
Jake Babbin works as a contractor with a government agency filling the role of Intrusion Detection Team Lead. He has worked in both private industry as a security professional and in government space in a variety of IT security roles. He is a speaker at several IT security conferences and is a frequent assistant in SANS Security Essentials Bootcamp, Incident Handling and Forensics courses. Jake lives in Virginia.
Most Helpful Customer Reviews
The core of this book is the chapter on Rules and Signatures. Snort is renowned for its rule language and its vast flexibility. It is a reasonably high level 'script' that seems more declarative than procedural. Ok, I'm speaking a little figuratively, but if you scan the rules, you might see what I mean. The chapter explains how to build rules of varying levels of complexity, depending on your needs. One neat trait is the profuse range of options for detecting traffic around the machine running Snort. Of course and inevitably, the default rules base has grown and it is regularly updated. Currently, these defaults number some 3000, and few sysadmins have the expertise to understand all of them. So one recipe tells you how to get and run an updater program (Oinkmaster). Though you are cautioned about letting it change your rules automatically. Other recipes expand upon the rule scope in interesting ways, like looking for p2p or Instant Messaging traffic. You might be responsible for a corporate network that bans these, perhaps. Here is a simple way to show a supervisor how you can stay on top of the problem.