April 19, 2005
"Snort Cookbook": Solutions and Examples for Snort Administrators
Sebastopol, CA--The principles of securing a computer system are no
different than those of securing any other system, contend Angela
Orebaugh, Simon Biles, and Jacob Babbin, authors of the new Snort
Cookbook (O'Reilly, US $39.95). For example, if you're building a
castle, you'll install a moat and high walls. You may also add a perimeter
wall and keep for two additional layers of security. "But at the end of
the day, you still need a way for supplies and people to get in and out,"
they note. "To make this part of your castle secure, you post watchmen,
guards, and soldiers to ensure that only those who should be are getting
in." Physical security in a company is similar, complete with locked
doors, pass cards, and security guards.
But in securing a computer system, this final layer of security is
frequently overlooked. "Too often people assume that the perimeter
protection of the firewall is sufficient to keep all attackers at bay, not
considering that attackers might just walk over the bridge through the
front gate," Orebaugh, Biles, and Babbin remind readers. "Attackers don't
kick down the door, they walk through it pretending to be someone else."
An intrusion detection system (IDS) doesn't exist to check the identity of
people coming through the firewall, but to keep an eye out for behavior
that's against the rules, rather like the security guard who watches to
see if someone is tampering with the lock on the door marked "Private."
Snort, the de facto open source standard of IDS, is capable of performing
real-time traffic analysis and packet logging on IP networks. It conducts
protocol analysis, content searching, and matching. Snort is the security
guard placed on the network to make sure it stays secure.
The Snort Cookbook covers important issues that system administrators
and security professionals deal with every day, saving them countless
hours of sifting through dubious online advice or wordy tutorials to make
use of the full power of Snort. Presented in the popular
problem-solution-discussion format of O'Reilly cookbooks, each recipe
contains a clear and thorough description of the problem, a concise but
complete discussion of a solution, and real-world examples that illustrate
that solution. Topics include:
-Rules and signatures
-Detecting common attacks
But the Snort Cookbook offers more than quick cut-and-paste solutions to
frustrating security issues. Those who learn best in the trenches--but
don't have the hours to spare to hunt down best-practice snippets of
advice--will find solutions to immediate problems in this ultimate Snort
sourcebook. Its tips and tricks will help readers deploy Snort like
security gurus--and still have time to have a life.
Angela Orebaugh, Simon Biles, and Jacob Babbin
ISBN: 0-596-00791-4, 270 pages, $39.95 US, $55.95 CA
O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.
Return to: O'Reilly Press Room
Recent Press Releases
Press Release Archive »
Media Relations - North America
Media Relations - Germany
Media Relations - Japan
Media Relations - United Kingdom
Media Relations - Conferences