Press Room

Press Release: September 13, 2004

"Managing Security with Snort and IDS Tools": Intrusion Detection with Open Source Tools

Sebastopol, CA--In olden days--say two or so years ago--an administrator would use a firewall to protect a network from attack. It was easy then to establish where your network ended and the Internet began. Not so today. "Technological advances and decreasing costs for wide area network technologies have eroded this concept of a perimeter," explain Kerry Cox and Christopher Gerg, authors of Managing Security with Snort and IDS Tools (O'Reilly, US $39.95). "Virtual private networks, or VPNs, have all but replaced conventional dial-up modem pools," they observe. "Most users have high-speed DSL or Cable Modem service, and the VPN makes the user feel like he's sitting at his desk. Some VPNs use an appliance that sits on the perimeter of the network and has the capability of controlling how the network is used remotely." While this is convenient for telecommuters, it's a real risk for most networks. A virus- or worm-infected system on the user's home network will have unfettered access to your network--a high-speed highway that allows rapid propagation of an aggressive worm.

But there are effective defenses, maintain Cox and Gerg: configure systems according to industry-accepted best practices, securely aggregate system logs in one place, segregate the network to control access and "wall-off" remote connections, and so on. And finally, take steps to detect and prevent intrusions on the network and systems. "The important thing to remember is not to trust a single component of your security framework for all your security," Cox and Gerg remind readers. "If you are able to, apply security as close to the thing you are trying to secure as possible. These steps will help you stop at least eighty percent of the attacks. Intrusion detection should catch the remaining twenty percent."

In Managing Security with Snort and IDS Tools, the authors show network and system administrators how to effectively employ the Snort Intrusion Detection System to fend off attack. A powerful open source tool, Snort watches a network constantly, inspecting all the traffic, on guard for suspicious activity, then warning the administrator when something fishy is going on.

As coauthor Gerg explains, Snort regularly outperforms more expensive and elaborate intrusion detection systems. "When consulting with clients looking into integrating intrusion detection into their environment, I found that many were looking for a commercial solution from one of the 'big boys' in the network security industry, but Snort is almost universally the right choice for people interested in network intrusion detection."

Network, system, and security administrators who take a disciplined approach to security management will especially benefit from the book, Gerg notes. "These are people that check their system logs, know their environment, and know how the systems in their organization are used. These folks will benefit most from implementing network intrusion detection. And the content of our book is careful to explain things in a clear, step-by-step manner, so readers don't have to be a guru-level security experts to put this information to work."

While exploring the full range of Snort's capabilities in Managing Security with Snort and IDS Tools, readers will learn how to:

  • Use Snort as a simple packet sniffer, packet logger, or full-blown IDS
  • Install and configure Snort
  • Use Snort to detect attacks
  • Manage Snort rules
  • Customize Snort rules for or write new rules to respond to new kinds of attacks
  • Use Snort as an Intrusion Prevention System
  • Use Snort management consoles ACID and SnortCenter
  • Use Oinkmaster for automatic rule updates and other tools
  • Use Snort on high-bandwidth networks with tools like Barnyard, Sguil, and I(DS)2
  • Anyone who has ever watched traffic on a network knows how frequently it's attacked. Although it is impossible to personally monitor even the most moderate bandwidth, administrators don't have to operate blind. Managing Security with Snort and IDS Tools shows readers how to monitor their networks constantly, even while sleeping.

    Additional Resources:

    Managing Security with Snort and IDS Tools
    Kerry Cox and Christopher Gerg
    ISBN 0-596-00661-6, 269 pages, $39.95 US, $57.95 CA
    1-800-998-9938; 1-707-827-7000

    About O'Reilly

    For almost 40 years, O’Reilly Media has provided technology and business training, knowledge, and insight to help companies succeed. Our unique network of experts and innovators share their knowledge and expertise through the company’s Safari training and learning platform and at O’Reilly conferences. As a SaaS learning platform, Safari delivers highly topical and comprehensive technology and business learning solutions to millions of users across enterprise, consumer, and university channels. For more information visit

    Return to: O'Reilly Press Room

    Press Contacts

    Media Relations – Corporate & North America

    Fama PR

    Media Relations – Japan

    Fumi Yamakawa
    +81 3-3356-5227

    Media Relations – United Kingdom

    Helen Codling
    +44 (0) 1252 721284