|
Called "the leader in the Snort IDS book arms race" by Richard Bejtlich, top Amazon reviewer, this brandnew edition of the bestselling Snort book covers all the latest features of a major upgrade to the product and includes a bonus DVD with Snort 2.1 and other utilities. Written by the same lead engineers of the Snort Development team, this will be the first book available on the major upgrade from Snort 2 to Snort 2.1 (in this community, major upgrades are noted by .x and not by full number upgrades as in 2.0 to 3.0). Readers will be given invaluable insight into the code base of Snort, and in depth tutorials of complex installation, configuration, and troubleshooting scenarios. Snort has three primary uses: as a straight packet sniffer, a packet logger, or as a fullblown network intrusion detection system. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes. Snort uses a flexible rules language to describe traffic that it should collect or pass, a detection engine that utilizes a modular plugin architecture, and a realtime alerting capability. A CD containing the latest version of Snort as well as other uptodate Open Source security utilities will accompany the book.CONTENTS OF THIS BOOK INCLUDEIntrusion Detection SystemsIntroducing Snort 2.1Installing SnortInner WorkingsPlaying by the RulesPreprocessorsImplementing SnortOutput PlugInsDealing with the DataKeeping Everything Up to DateOptimizing SnortMucking Around with BarnyardActive Response Advanced Snort"The authors of this Snort 2.1 Intrusion Detection, Second Edition have produced a book with a simple focus, to teach you how to use Snort, from the basics of getting started to advanced rule configuration, they cover all aspects of using Snort, including basic installation, preprocessor configuration, and optimization of your Snort system. I am very thankful to have a front row seat to watch the enormously talented security analysts of the Snort community continue to refine and improve the capability of the tools we use. While you are reading though the book, I would encourage you to keep an eye out for the little nuggets that can only come from inthetrenches experience. My hope is that you will do far more than simply read a book. I would challenge you to make this a step and become an active participant in the defensive information community. Master the material in this book, get your Snort tuned up and running, write a filter and share it, participate in the Snort mailing list, SANS Incidents list, or Security Focus IDS list. I will be looking for you to be part of theauthor team for Snort 3.0".Stephen NorthcuttDirector of Training & Certification, The SANS Institute
|
|
|