September 13, 2004
"Managing Security with Snort and IDS Tools": Intrusion Detection with Open Source Tools
Sebastopol, CA--In olden days--say two or so years ago--an administrator
would use a firewall to protect a network from attack. It was easy then to
establish where your network ended and the Internet began. Not so today.
"Technological advances and decreasing costs for wide area network
technologies have eroded this concept of a perimeter," explain Kerry Cox
and Christopher Gerg, authors of Managing Security with Snort and IDS
Tools (O'Reilly, US $39.95). "Virtual private networks, or VPNs, have all
but replaced conventional dial-up modem pools," they observe. "Most users
have high-speed DSL or Cable Modem service, and the VPN makes the user
feel like he's sitting at his desk. Some VPNs use an appliance that sits
on the perimeter of the network and has the capability of controlling how
the network is used remotely." While this is convenient for telecommuters,
it's a real risk for most networks. A virus- or worm-infected system on
the user's home network will have unfettered access to your network--a
high-speed highway that allows rapid propagation of an aggressive worm.
But there are effective defenses, maintain Cox and Gerg: configure systems
according to industry-accepted best practices, securely aggregate system
logs in one place, segregate the network to control access and "wall-off"
remote connections, and so on. And finally, take steps to detect and
prevent intrusions on the network and systems. "The important thing to
remember is not to trust a single component of your security framework for
all your security," Cox and Gerg remind readers. "If you are able to,
apply security as close to the thing you are trying to secure as possible.
These steps will help you stop at least eighty percent of the attacks.
Intrusion detection should catch the remaining twenty percent."
In Managing Security with Snort and IDS Tools, the authors show network
and system administrators how to effectively employ the Snort Intrusion
Detection System to fend off attack. A powerful open source tool, Snort
watches a network constantly, inspecting all the traffic, on guard for
suspicious activity, then warning the administrator when something fishy
is going on.
As coauthor Gerg explains, Snort regularly outperforms more expensive and
elaborate intrusion detection systems. "When consulting with clients
looking into integrating intrusion detection into their environment, I
found that many were looking for a commercial solution from one of the
'big boys' in the network security industry, but Snort is almost
universally the right choice for people interested in network intrusion
Network, system, and security administrators who take a disciplined
approach to security management will especially benefit from the book,
Gerg notes. "These are people that check their system logs, know their
environment, and know how the systems in their organization are used.
These folks will benefit most from implementing network intrusion
detection. And the content of our book is careful to explain things in a
clear, step-by-step manner, so readers don't have to be a guru-level
security experts to put this information to work."
While exploring the full range of Snort's capabilities in Managing
Security with Snort and IDS Tools, readers will learn how to:
Use Snort as a simple packet sniffer, packet logger, or full-blown IDS
Install and configure Snort
Use Snort to detect attacks
Manage Snort rules
Customize Snort rules for or write new rules to respond to new kinds of
Use Snort as an Intrusion Prevention System
Use Snort management consoles ACID and SnortCenter
Use Oinkmaster for automatic rule updates and other tools
Use Snort on high-bandwidth networks with tools like Barnyard, Sguil, and
Anyone who has ever watched traffic on a network knows how frequently it's
attacked. Although it is impossible to personally monitor even the most
moderate bandwidth, administrators don't have to operate blind. Managing
Security with Snort and IDS Tools shows readers how to monitor their
networks constantly, even while sleeping.
Managing Security with Snort and IDS Tools
Kerry Cox and Christopher Gerg
ISBN 0-596-00661-6, 269 pages, $39.95 US, $57.95 CA
O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.
Return to: O'Reilly Press Room
Recent Press Releases
Press Release Archive »
Media Relations - North America
Media Relations - Germany
Media Relations - Japan
Media Relations - United Kingdom
Media Relations - Conferences