• Complain

Gerg Christopher Cox Kerry J. - Managing Security with Snort & IDS Tools

Here you can read online Gerg Christopher Cox Kerry J. - Managing Security with Snort & IDS Tools full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2009, publisher: OReilly Media, genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

No cover

Managing Security with Snort & IDS Tools: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Managing Security with Snort & IDS Tools" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

This practical guide to managing network security covers reliable methods for detecting network intruders, from using simple packet sniffers to more sophisticated IDS (Intrusion Detection Systems) applications and the GUI interfaces for managing them. A comprehensive resource for monitoring illegal entry attempts, Managing Security with Snort and IDS Tools provides step-by-step instructions on getting up and running with Snort 2.1, and how to shut down and secure workstations, servers, firewalls, routers, sensors and other network devices.

Gerg Christopher Cox Kerry J.: author's other books


Who wrote Managing Security with Snort & IDS Tools? Find out the surname, the name of the author of the book and a list of all author's works by series.

Managing Security with Snort & IDS Tools — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Managing Security with Snort & IDS Tools" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
Managing Security with Snort and IDS Tools
Kerry J. Cox
Christopher Gerg
Editor
Mike Loukides

Copyright 2009 O'Reilly Media, Inc.

OReilly Media SPECIAL OFFER Upgrade this ebook with OReilly for more - photo 1

O'Reilly Media

SPECIAL OFFER: Upgrade this ebook with OReilly

for more information on this offer!

Please note that upgrade offers are not available from sample content.

Preface

This book explains how to manage your network'ssecurity using the open source tool Snort. The examples in this bookare designed for use primarily on a Red Hat Linux machine. Theyshould be fully functional on the latest Red Hat Enterprise Linuxversion as well as the latest Fedora release by Red Hat. Allinstructions were documented using the most recent Red Hat releases,patches, and software. The applications were configured using defaultpackages needed for a standard installation, and each machine wassecured according to the latest errata.

The instructions in this book apply to other Linux flavors, such asSuSE, Gentoo, Debian, and most Unix variants, including FreeBSD,OpenBSD, and Solaris. Many of the applications are available fordownload as source or as precompiled binaries. Since performance isoften a consideration when deploying an IDS solution, you willprobably find that building the applications from source yields thebest results. If you do not have the time, desire, or need to buildfrom source, the prebuilt packages should work just fine and installwithout trouble on most systems. Consult your Linux distribution orUnix-based operating system for further information regarding sourcecompilation and installation. Snort binaries are also available forthe Microsoft Windows platform, and instructions for running Snort ona Windows platform are included.

Links to the applications and their respective web sites are providedthroughout and at the end of the chapters. also contains acompendium of all software programs and applications referenced.Check all software sites regularly for the latest updates andinformation regarding their use. Many of the programs are underactive development and new versions are posted frequently. Someapplications require an update with the release of new Linuxversions. Stay current with the most recent release in order to avoidany vulnerabilities or security issues that appear over time.

Topics covered include:

  • Packet capture and analysis using a variety of command-line and GUIutilities.

  • An introduction to the interpretation of packet headers and contentwithin an IDS environment.

  • The threats to your organization's technology assets.

  • Instructions for installing, configuring, tuning, and customizing anopen source, enterprise-level network intrusion detection system(NIDS) for use in corporate and/or home office environments.

  • A discussion of ways to utilize Snort as a sniffer, a network gatewaythat blocks malicious traffic, and a passive IDS sensor.

  • Details on how to configure and tune your Snort IDS installation tomaximize the effectiveness and minimize the labor involved indetecting and tracking down attacks.

  • An in-depth look at a variety of administration tools that assist inthe management of the Snort IDS environment.

  • Strategies for deploying an IDS in switched, high-security, andhigh-bandwidth environments.

Audience

This book is designed for network, system, and securityadministrators of large-scale enterprises as well as managers ofsmall businesses or home offices. The instructions should be readablefor those with only a small amount of network and Unix experience,but also useful for experienced administrators with a variedbackground in networking and system administration. To be sure, themore experienced you are, the easier it will be to interpret theresults generated by the Snort IDS.

About This Book

Snort can be used for a variety of applications, from acting as asimple network sniffer to an enterprise-class gateway intrusiondetection system (IDS). This book discusses the various ways to useSnort, and methods of configuring, tuning, and customizing theapplication to best suit your environment. Implementing an IDSsolution can be a labor-intensive and sometimes overwhelming project.This book helps streamline the processes of the initial setup andongoing care and feeding of Snort.

All the source code discussed here is freely available for downloadoff the Internet. I have avoided any software that is closed source,requires a license, or costs money. Though links and source codeversions do change over time, every effort has been made to keeplistings and release numbers for each application as up-to-date aspossible. If you find the URL does not work as listed, please checkwith some of the major open source repositories: http://freshmeat.net and http://sourceforge.net. If you are unable tolocate the applications, use a search engine such as http://www.google.com to find theprogram's new home or current web site.

Links to required libraries or associated applications are usuallyfound on the home pages of most programs. For example, links toSnortCenter and Barnyard are found on the main Snort page athttp://www.snort.org.

Now that you know what this book is about, here is whatit's not about. This book is not abeginner's guide to packet analysis. It is intendedto help you implement viable solutions to everyday intrusiondetection problems. This book does not spend countless pagesexamining the nuances and vagaries of every type of fragmented packetor possible buffer overflow. Instead, it explains how to quicklycapture a sampling of network traffic and look for the tell-talesigns that indicate hostile activity.

If you are searching for a theoretical manual that provides detailedinsight into every possible security application or that explains howto dissect new intrusive packets, you won't find ithere. This book deals with strategies and speedy implementationsusing a reasonable, common-sense approach. By the end of this book,the reader will understand that a network-based intrusion detectionsystem is one part of a larger strategy of defense-in-depth. The bookis based on the experience of a Network Security Engineer who hasboth attacked and defended very large corporate networks and systems.Whether you are looking for something to help secure your homenetwork, or looking for an Enterprise-class solution that can watch 2Gbps of bandwidth in near-real-time, this book will help.

Assumptions This Book Makes

This book does not make too many demands on the average reader. It iswritten in an informal manner and is intended for most securityadministrators, whether they are using Linux (or another Unixoffshoot like BSD) or Windows. The main focus of the book will berunning Snort on a Linux platform. Even beginning Linux users shouldhave no trouble grasping the concepts. Most applicationsalongwith their installation and configurationare clearly spelledout. While this book will provide the average user with the abilityto get a Snort sensor up and running, professional deployments of anyIDS solution benefit from a good knowledge of networking and systemadministration. Without this background, discrimination of what isnaughty and what is nice will be more difficult.

If any of the steps explained in later chapters do not answer allyour questions, please consult the application'shome page or subscribe to its mailing list, if one is available. Itwill be helpful if you are familiar with Usenet newsgroups and canpost detailed questions regarding any additional use of theapplications presented here. You will find that the open sourcecommunity surrounding Snort and the related applications is activeand incredibly helpful.

Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «Managing Security with Snort & IDS Tools»

Look at similar books to Managing Security with Snort & IDS Tools. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «Managing Security with Snort & IDS Tools»

Discussion, reviews of the book Managing Security with Snort & IDS Tools and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.