E-Book, Englisch, 550 Seiten
Syngress Snort Intrusion Detection 2.0
1. Auflage 2003
ISBN: 978-0-08-048100-5
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
E-Book, Englisch, 550 Seiten
ISBN: 978-0-08-048100-5
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
The incredible low maintenance costs of Snort combined with its powerful security features make it one of the fastest growing IDSs within corporate IT departments.
Snort 2.0 Intrusion Detection is the first book dealing with the Snort IDS and is written by a member of Snort.org. Readers will receive valuable insight to the code base of Snort and in-depth tutorials of complex installation, configuration, and troubleshooting scenarios.
The primary reader will be an individual who has a working knowledge of the TCP/IP protocol, expertise in some arena of IT infrastructure, and is inquisitive about what has been attacking their IT network perimeter every 15 seconds.
The most up-to-date and comprehensive coverage for Snort 2.0!
Expert Advice from the Development Team and Step-by-Step Instructions for Installing, Configuring, and Troubleshooting the Snort 2.0 Intrusion Detection System
Free CD Contains the Latest Version of Snort and Popular Plug-Ins Including ACID, Barnyard, and Swatch
Autoren/Hrsg.
Weitere Infos & Material
1;Front Cover;1
2;Snort 2.0 Intrusion Detection;4
3;Copyright Page;5
4;Contents;16
5;Chapter 1. Intrusion Detection Systems;28
5.1;Introduction;29
5.2;What Is Intrusion Detection?;29
5.3;A Trilogy of Vulnerabilities;35
5.4;Why Are Intrusion Detection Systems Important?;43
5.5;Summary;50
5.6;Solutions Fast Track;50
5.7;Frequently Asked Questions;53
6;Chapter 2. Introducing Snort 2.0;54
6.1;Introduction;55
6.2;What Is Snort?;56
6.3;Snort System Requirements;58
6.4;Exploring Snort's Features;60
6.5;Using Snort on Your Network;68
6.6;Security Considerations with Snort;81
6.7;Summary;85
6.8;Solutions Fast Track;85
6.9;Frequently Asked Questions;87
7;Chapter 3. Installing Snort;88
7.1;Introduction;89
7.2;A Brief Word about Linux Distributions;90
7.3;Installing PCAP;92
7.4;Installing Snort;102
7.5;Summary;116
7.6;Solutions Fast Track;116
7.7;Frequently Asked Questions;118
8;Chapter 4. Snort: The Inner Workings;120
8.1;Introduction;121
8.2;Snort Components;122
8.3;Decoding Packets;130
8.4;Processing Packets 101;133
8.5;Understanding Rule Parsing and Detection Engines;141
8.6;Output and Logs;151
8.7;Summary;163
8.8;Solutions Fast Track;163
8.9;Frequently Asked Questions;165
9;Chapter 5. Playing by the Rules;168
9.1;Introduction;169
9.2;Understanding Configuration Files;170
9.3;The Rule Header;177
9.4;The Rule Body;188
9.5;Components of a Good Rule;205
9.6;Testing Your Rules;212
9.7;Tuning Your Rules;214
9.8;Summary;219
9.9;Solutions Fast Track;219
9.10;Frequently Asked Questions;222
10;Chapter 6. Preprocessors;224
10.1;Introduction;225
10.2;What Is a Preprocessor?;226
10.3;Preprocessor Options for Reassembling Packets;227
10.4;Preprocessor Options for Decoding and Normalizing Protocols;243
10.5;Preprocessor Options for Nonrule or Anomaly-Based Detection;251
10.6;Experimental Preprocessors;255
10.7;Writing Your Own Preprocessor;261
10.8;Summary;287
10.9;Solutions Fast Track;288
10.10;Frequently Asked Questions;291
11;Chapter 7. Implementing Snort Output Plug-Ins;294
11.1;Introduction;295
11.2;What Is an Output Plug-In?;295
11.3;Exploring Output Plug-In Options;298
11.4;Writing Your Own Output Plug-In;316
11.5;Summary;326
11.6;Solutions Fast Track;327
11.7;Frequently Asked Questions;328
12;Chapter 8. Exploring the Data Analysis Tools;330
12.1;Introduction;331
12.2;Using Swatch;331
12.3;Using ACID;338
12.4;Using SnortSnarf;359
12.5;Using IDScenter;364
12.6;Summary;375
12.7;Solutions Fast Track;376
12.8;Frequently Asked Questions;377
13;Chapter 9. Keeping Everything Up to Date;380
13.1;Introduction;381
13.2;Applying Patches;381
13.3;Updating Rules;382
13.4;Testing Rule Updates;391
13.5;Watching for Updates;396
13.6;Summary;397
13.7;Solutions Fast Track;397
13.8;Frequently Asked Questions;399
14;Chapter 10. Optimizing Snort;402
14.1;Introduction;403
14.2;How Do I Choose What Hardware to Use?;403
14.3;How Do I Choose What Operating System to Use?;409
14.4;Speeding Up Your Snort Installation;416
14.5;Benchmarking Your Deployment;422
14.6;Summary;433
14.7;Solutions Fast Track;434
14.8;Frequently Asked Questions;435
15;Chapter 11. Mucking Around with Barnyard;438
15.1;Introduction;439
15.2;What Is Barnyard?;440
15.3;Preparation and Installation of Barnyard;440
15.4;How Does Barnyard Work?;445
15.5;What Are the Output Options for Barnyard?;457
15.6;But I Want My Output Like "This";458
15.7;Summary;483
15.8;Solutions Fast Track;484
15.9;Frequently Asked Questions;485
16;Chapter 12. Advanced Snort;488
16.1;Introduction;489
16.2;Policy-Based IDS;489
16.3;Inline IDS;505
16.4;Summary;528
16.5;Solutions Fast Track;528
16.6;Frequently Asked Questions;529
17;Index;530
18;GNU GENERAL PUBLIC LICENSE;551
19;TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION;552
20;END OF TERMS AND CONDITIONS;555
21;SYNGRESS PUBLISHING LICENSE AGREEMENT;557
