Gerg Christopher Cox Kerry J. - Managing Security with Snort & IDS Tools

• Packet capture and analysis using a variety of command-line and GUIutilities.

• An introduction to the interpretation of packet headers and contentwithin an IDS environment.

• The threats to your organization's technology assets.

• Instructions for installing, configuring, tuning, and customizing anopen source, enterprise-level network intrusion detection system(NIDS) for use in corporate and/or home office environments.

• A discussion of ways to utilize Snort as a sniffer, a network gatewaythat blocks malicious traffic, and a passive IDS sensor.

• Details on how to configure and tune your Snort IDS installation tomaximize the effectiveness and minimize the labor involved indetecting and tracking down attacks.

• An in-depth look at a variety of administration tools that assist inthe management of the Snort IDS environment.

• Strategies for deploying an IDS in switched, high-security, andhigh-bandwidth environments.

This book is designed for network, system, and securityadministrators of large-scale enterprises as well as managers ofsmall businesses or home offices. The instructions should be readablefor those with only a small amount of network and Unix experience,but also useful for experienced administrators with a variedbackground in networking and system administration. To be sure, themore experienced you are, the easier it will be to interpret theresults generated by the Snort IDS.

Snort can be used for a variety of applications, from acting as asimple network sniffer to an enterprise-class gateway intrusiondetection system (IDS). This book discusses the various ways to useSnort, and methods of configuring, tuning, and customizing theapplication to best suit your environment. Implementing an IDSsolution can be a labor-intensive and sometimes overwhelming project.This book helps streamline the processes of the initial setup andongoing care and feeding of Snort.

All the source code discussed here is freely available for downloadoff the Internet. I have avoided any software that is closed source,requires a license, or costs money. Though links and source codeversions do change over time, every effort has been made to keeplistings and release numbers for each application as up-to-date aspossible. If you find the URL does not work as listed, please checkwith some of the major open source repositories: http://freshmeat.net and http://sourceforge.net. If you are unable tolocate the applications, use a search engine such as http://www.google.com to find theprogram's new home or current web site.

Links to required libraries or associated applications are usuallyfound on the home pages of most programs. For example, links toSnortCenter and Barnyard are found on the main Snort page athttp://www.snort.org.

Now that you know what this book is about, here is whatit's not about. This book is not abeginner's guide to packet analysis. It is intendedto help you implement viable solutions to everyday intrusiondetection problems. This book does not spend countless pagesexamining the nuances and vagaries of every type of fragmented packetor possible buffer overflow. Instead, it explains how to quicklycapture a sampling of network traffic and look for the tell-talesigns that indicate hostile activity.

If you are searching for a theoretical manual that provides detailedinsight into every possible security application or that explains howto dissect new intrusive packets, you won't find ithere. This book deals with strategies and speedy implementationsusing a reasonable, common-sense approach. By the end of this book,the reader will understand that a network-based intrusion detectionsystem is one part of a larger strategy of defense-in-depth. The bookis based on the experience of a Network Security Engineer who hasboth attacked and defended very large corporate networks and systems.Whether you are looking for something to help secure your homenetwork, or looking for an Enterprise-class solution that can watch 2Gbps of bandwidth in near-real-time, this book will help.