Snort Intrusion Detection 2.0

Snort Intrusion Detection 2.0

by Syngress
Released May 2003
Publisher(s): Syngress
ISBN: 9780080481005

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to live online training experiences, plus books, videos, and digital content from O’Reilly and nearly 200 trusted publishing partners.

Start your free trial

Book description

The incredible low maintenance costs of Snort combined with its powerful security features make it one of the fastest growing IDSs within corporate IT departments.

Snort 2.0 Intrusion Detection is written by a member of Snort.org. The book provides a valuable insight to the code base of Snort and in-depth tutorials of complex installation, configuration, and troubleshooting scenarios.

The primary reader will be an individual who has a working knowledge of the TCP/IP protocol, expertise in some arena of IT infrastructure, and is inquisitive about what has been attacking their IT network perimeter every 15 seconds.
  • The most up-to-date and comprehensive coverage for Snort 2.0!
  • Expert Advice from the Development Team and Step-by-Step Instructions for Installing, Configuring, and Troubleshooting the Snort 2.0 Intrusion Detection System.

Table of contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Acknowledgments
  6. Contributors
  7. Technical Advisors
  8. Technical Reviewer
  9. Technical Editor
  10. Foreword
  11. Chapter 1: Intrusion Detection Systems
    1. Introduction
    2. What Is Intrusion Detection
    3. A Trilogy of Vulnerabilities
    4. Why Are Intrusion Detection Systems Important
    5. Summary
    6. Solutions Fast Track
    7. Frequently Asked Questions
  12. Chapter 2: Introducing Snort 2.0
    1. Introduction
    2. What Is Snort?
    3. Snort System Requirements
    4. Exploring Snort’s Features
    5. Using Snort on Your Network
    6. Security Considerations with Snort
    7. Summary
    8. Solutions Fast Track
    9. Frequently Asked Questions
  13. Chapter 3: Installing Snort
    1. Introduction
    2. A Brief Word about Linux Distributions
    3. Installing PCAP
    4. Installing Snort
    5. Summary
    6. Solutions Fast Track
    7. Frequently Asked Questions
  14. Chapter 4: Snort: The Inner Workings
    1. Introduction
    2. Snort Components
    3. Decoding Packets
    4. Processing Packets 101
    5. Understanding Rule Parsing and Detection Engines
    6. Output and Logs
    7. Summary
    8. Solutions Fast Track
  15. Chapter 5: Playing by the Rules
    1. Introduction
    2. Understanding Configuration Files
    3. The Rule Header
    4. The Rule Body
    5. Components of a Good Rule
    6. Testing Your Rules
    7. Tuning Your Rules
    8. Summary
    9. Solutions Fast Track
    10. Frequently Asked Questions
  16. Chapter 6: Preprocessors
    1. Introduction
    2. What Is a Preprocessor?
    3. Preprocessor Options for Reassembling Packets
    4. Preprocessor Options for Decoding and Normalizing Protocols
    5. Preprocessor Options for Nonrule or Anomaly-Based Detection
    6. Experimental Preprocessors
    7. Writing Your Own Preprocessor
    8. Summary
    9. Solutions Fast Track
    10. Frequently Asked Questions
  17. Chapter 7: Implementing Snort Output Plug-Ins
    1. Introduction
    2. What Is an Output Plug-In?
    3. Exploring Output Plug-In Options
    4. Writing Your Own Output Plug-In
    5. Summary
    6. Solutions Fast Track
    7. Frequently Asked Questions
  18. Chapter 8: Exploring the Data Analysis Tools
    1. Introduction
    2. Using Swatch
    3. Using ACID
    4. Using IDScenter
    5. Summary
    6. Solutions Fast Track
    7. Frequently Asked Questions
  19. Chapter 9: Keeping Everything Up to Date
    1. Introduction
    2. Applying Patches
    3. Updating Rules
    4. Testing Rule Updates
    5. Watching for Updates
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  20. Chapter 10: Optimizing Snort
    1. Introduction
    2. How Do I Choose What Operating System to Use?
    3. Speeding Up Your Snort Installation
    4. Benchmarking Your Deployment
    5. Summary
    6. Solutions Fast Track
    7. Frequently Asked Questions
  21. Chapter 11: Mucking Around with Barnyard
    1. Introduction
    2. What Is Barnyard?
    3. Preparation and Installation of Barnyard
    4. How Does Barnyard Work?
    5. Using the Barnyard Configuration File
    6. What Are the Output Options for Barnyard?
    7. But I Want My Output Like “This”
    8. Summary
    9. Solutions Fast Track
    10. How Does Barnyard Work?
    11. Frequently Asked Questions
  22. Chapter 12: Advanced Snort
    1. Introduction
    2. Policy-Based IDS
    3. Inline IDS
    4. Summary
    5. Solutions Fast Track
    6. Frequently Asked Questions
  23. Index

Product information

  • Title: Snort Intrusion Detection 2.0
  • Author(s): Syngress
  • Release date: May 2003
  • Publisher(s): Syngress
  • ISBN: 9780080481005