Network security has become an important part of corporate IT strategy and safeguarding all the nooks and crannies of your network can be timely and expensive. This book provides information about how to use free Open Source tools to build and manage an Intrusion Detection System. Rehman provides detailed information about using SNORT as an IDS and using Apache, MySQL, PHP and ACID to analyze intrusion data. The book contains custom scripts, real-life examples for SNORT, and to-the-point information about installing SNORT IDS so readers can build and run their sophisticated intrusion detection systems.SNORT is your network's packet sniffer that monitors network traffic in real time, scrutinizing each packet closely to detect a dangerous payload or suspicious anomalies.NSS Group, a European network security testing organization, tested SNORT along with intrusion detection system (IDS) products from 15 major vendors including Cisco, Computer Associates, and Symantec. According to NSS, SNORT, which was the sole Open Source freeware product tested, clearly outperformed the proprietary products.Part of the Bruce Perens' Open Source Series
Kurzbeschreibung
Produktinformation
Möchten Sie die Produktinformationen aktualisieren oder Feedback zu den Produktabbildungen geben?
Ist der Verkauf dieses Produkts für Sie nicht akzeptabel? |
Mehr über den Autor
Entdecken Sie Bücher, lesen Sie über Autoren und mehr
Produktbeschreibungen
Synopsis
Network security has become an important part of corporate IT strategy and safeguarding all the nooks and crannies of your network can be timely and expensive. This book provides information about how to use free Open Source tools to build and manage an Intrusion Detection System. Rehman provides detailed information about using SNORT as an IDS and using Apache, MySQL, PHP and ACID to analyze intrusion data. The book contains custom scripts, real-life examples for SNORT, and to-the-point information about installing SNORT IDS so readers can build and run their sophisticated intrusion detection systems.SNORT is your network's packet sniffer that monitors network traffic in real time, scrutinizing each packet closely to detect a dangerous payload or suspicious anomalies.NSS Group, a European network security testing organization, tested SNORT along with intrusion detection system (IDS) products from 15 major vendors including Cisco, Computer Associates, and Symantec. According to NSS, SNORT, which was the sole Open Source freeware product tested, clearly outperformed the proprietary products.Part of the Bruce Perens' Open Source Series
Buchrückseite
Protect your network with Snort: the high-performance, open source IDS
Snort gives network administrators an open source intrusion detection system that outperforms proprietary alternatives. Now, Rafeeq Ur Rehman explains and simplifies every aspect of deploying and managing Snort in your network. You'll discover how to monitor all your network traffic in real time; update Snort to reflect new security threats; automate and analyze Snort alerts; and more. Best of all, Rehman's custom scripts integrate Snort with Apache, MySQL, PHP, and ACID-so you can build and optimize a complete IDS solution more quickly than ever before.
- An expert introduction to intrusion detection and the role of Snort
- Writing and updating Snort rules to reflect the latest attacks and exploits
- Contains detailed coverage of Snort plug-ins, preprocessors, and output modules
- Logging alerts to a MySQL database
- Using ACID to search, process, and analyze security alerts
- Using SnortSnarf to analyze Snort log files
- XML support for Snort via the Simple Network Markup Language (SNML)
The accompanying ftp site contains all the software, scripts, and rules you need to get started with Snort.
About the Open Source SeriesBruce Perens' Open Source Series is a definitive series of Linux and Open Source books by the world's leading Linux software developers. Bruce Perens is the primary author of The Open Source Definition, the formative document of the open source movement, and the former Debian GNU/Linux Project Leader. The text of this book is Open Source licensed
In diesem Buch
(Mehr dazu)
Einleitungssatz
Security is a big issue for all networks in today's enterprise environment. Lesen Sie die erste Seite
Buchdeckel | Copyright | Inhaltsverzeichnis | Auszug | Stichwortverzeichnis | Rückseite
Security is a big issue for all networks in today's enterprise environment. Lesen Sie die erste Seite
Mehr entdecken
Wortanzeiger
Ausgewählte Seiten ansehenWortanzeiger
Buchdeckel | Copyright | Inhaltsverzeichnis | Auszug | Stichwortverzeichnis | Rückseite
Eine digitale Version dieses Buchs im Kindle-Shop verkaufen
Wenn Sie ein Verleger oder Autor sind und die digitalen Rechte an einem Buch haben, können Sie die digitale Version des Buchs in unserem Kindle-Shop verkaufen.
Weitere Informationen
Kundenrezensionen
Die hilfreichsten Kundenrezensionen
1 von 1 Kunden fanden die folgende Rezension hilfreich
Von Milan Goellner
Format:Taschenbuch|Von Amazon bestätigter Kauf
If all you've heard of Snort so far is the name this book may have something to offer, if however you have already set up a basic Snort and are looking for some extra info regarding the inner works, functions, setup tricks etc. you'll not be finding any in this collection of installation and setup howtos. Essentially this book has nothing to offer except a superficial look at how rules are created, a basic installation of Snort and the accompanying readmes cover everything else this book attempts to cover. If you plan to use Sourcefire rules the rules section i n this book will at best be an academic lesson. The parts about Apache, MySQL, PHP and ACID integration are a plain joke. Basically tis one gets a hands off from me but maybe I've mised the good stuff too, I read this in under 5 hours :(
Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)
Amazon.com:
3.7 von 5 Sternen
9 Rezensionen
17 von 20 Kunden fanden die folgende Rezension hilfreich
3.0 von 5 Sternen
Weakest of the Snort books published thus far
16. Juli 2003
Von Richard Bejtlich
- Veröffentlicht auf Amazon.com
Format:Taschenbuch
"Intrusion Detection with Snort: Advanced IDS, etc." (IDWS) was the second of this year's intrusion detection books I've reviewed. The first was Tim Crothers' "Implementing Intrusion Detection Systems" (4 stars). I was disappointed by IDWS, since I have a high opinion of Prentice Hall and the new "Bruce Perens' Open Source Series." (I'm looking forward to the book on CIFS, for example.) IDWS read poorly and doesn't deliver as much useful content as the competing Syngress book "Snort 2.0."
The most difficult aspect of reading IDWS is the author's grammar, particularly his avoidance of using definitive articles like "the", and other important words. For instance, p. 3 says "Apache web server takes help from ACID, etc." p. 133 claims "However, if you are using HTTP decode preprocessor, this attempt can detected." Beyond grammar, the author demonstrates weak knowledge of the IDS field, stating on p. 1 "Intrusion detection methods starting appearing in the last few years." James Anderson led the way in 1980, followed by Denning and Neumann in 1983 and Todd Heberlein in 1990! The author also repeatedly compares IDS to anti-virus signatures, which is simplistic and incorrect.
Technical errors further hamper IDWS. p. 89 makes the mistake of saying TCP sequence numbers count packets; they really count bytes of application data. p. 96-97 confuses the use of standard Boolean operators (AND, OR, NOT) with their use in Snort, which is different. (SF+ means SYN and FIN and zero or more other flags, not SYN AND FIN alone.) The fuzzy diagrams don't appear professional, and acronyms like "PHP" are defined incorrectly as "Pretty Home Page" (rather than the self-referencing "PHP Hypertext Processor.")
Coverage of important topics is lacking or outdated. First, Snort 1.9 is the basis for the text. However, 2.0 is available and covered by the Syngress book. The output system Barnyard and unified logging receive a total of one page. No meaningful mention is made of the effects of collecting traffic via hub, SPAN port, or tap. The port list on pp. 87-88 shows "well known ports," but doesn't say if they are TCP or UDP. The author makes odd claims about Snort "not [being] able to analyze application layer protocols," which is misleading. Snort rules aren't designed specifically for HTTP, for example, but they can be used to inspect HTTP requests and responses.
My favorite part of IDWS was the coverage of using the MySQL database. Appendix B provides helpful supplemental material on this subject also. Bottom line: I would pass on IDWS but keep an eye on the other titles in the PHPTR "Open Source Series."
The most difficult aspect of reading IDWS is the author's grammar, particularly his avoidance of using definitive articles like "the", and other important words. For instance, p. 3 says "Apache web server takes help from ACID, etc." p. 133 claims "However, if you are using HTTP decode preprocessor, this attempt can detected." Beyond grammar, the author demonstrates weak knowledge of the IDS field, stating on p. 1 "Intrusion detection methods starting appearing in the last few years." James Anderson led the way in 1980, followed by Denning and Neumann in 1983 and Todd Heberlein in 1990! The author also repeatedly compares IDS to anti-virus signatures, which is simplistic and incorrect.
Technical errors further hamper IDWS. p. 89 makes the mistake of saying TCP sequence numbers count packets; they really count bytes of application data. p. 96-97 confuses the use of standard Boolean operators (AND, OR, NOT) with their use in Snort, which is different. (SF+ means SYN and FIN and zero or more other flags, not SYN AND FIN alone.) The fuzzy diagrams don't appear professional, and acronyms like "PHP" are defined incorrectly as "Pretty Home Page" (rather than the self-referencing "PHP Hypertext Processor.")
Coverage of important topics is lacking or outdated. First, Snort 1.9 is the basis for the text. However, 2.0 is available and covered by the Syngress book. The output system Barnyard and unified logging receive a total of one page. No meaningful mention is made of the effects of collecting traffic via hub, SPAN port, or tap. The port list on pp. 87-88 shows "well known ports," but doesn't say if they are TCP or UDP. The author makes odd claims about Snort "not [being] able to analyze application layer protocols," which is misleading. Snort rules aren't designed specifically for HTTP, for example, but they can be used to inspect HTTP requests and responses.
My favorite part of IDWS was the coverage of using the MySQL database. Appendix B provides helpful supplemental material on this subject also. Bottom line: I would pass on IDWS but keep an eye on the other titles in the PHPTR "Open Source Series."
12 von 16 Kunden fanden die folgende Rezension hilfreich
2.0 von 5 Sternen
Not enough detail, and not up to date
27. Mai 2003
Von Larry McGraw
- Veröffentlicht auf Amazon.com
Format:Taschenbuch
This is the first book that I read on Snort, and I wish I had gone with something else. This book really reads like more of an overview of intrusion detection and Snort, rather than a useful reference for actually using Snort. This would be fine if the title did NOT include the words "Advanced" or "Techniques," because there is not a lot of either in this book. It also doesn't help that it's not written to the latest release. If you want to understand intrusion detection a little better and you are considering to try Snort, then this books is fine. If you want or need more, this just isn't the book.
5 von 6 Kunden fanden die folgende Rezension hilfreich
4.0 von 5 Sternen
Good IDS|Snort book
13. August 2003
Von Karel M Baloun
- Veröffentlicht auf Amazon.com
Format:Taschenbuch
This book is an effective introduction to Intruder Detection, demonstrating how popular open-source tools can be used. I found the code samples, table, diagrams and screenshots to be clear and useful. I learned what I'd hoped to learn and feel empowered to set up an IDS myself. Plenty of links and resources when I want to learn more.
I read a few of the other reviews here after I read the book... especially Richard B's. I noticed some of the same techinical mistakes, but don't feel that they are a big deal. As a sr. software engineer and techinical editor, I always read critically, just mentally note them and continue. They aren't the kind of mistakes that make the code useless, or would confuse/mislead any level of reader. Another editing pass would help most books, and I none of the grammar mistakes annoy me - I read to learn what I can and move on, not to nitpick or get annoyed.
As far as 1.9 vs. 2.0, I've looked at the snort site and agree that the release is signficant, but it doesn't break backwards compatibility, so it doesn't make this book any less revelant. 2.0 seems to mostly change the backend implementation - *the application is used identically* so I suspect the vast majority of this book is unaffected. The Syngress book covers 2.0, yet so does the website, which hypes this two-times-more-expensive book. That book too will no doubt soon be superceded, so read whatever you buy immediately ;-)
›
Gehen Sie zu Amazon.com, um alle 9 Rezensionen zu sehen
3.7 von 5 Sternen
Waren diese Rezensionen hilfreich?
Wir wollen von Ihnen hören.
Kunden diskutieren
|
Das Forum zu diesem Produkt
Fragen stellen, Meinungen austauschen, Einblicke gewinnen Aktive Diskussionen in ähnlichen Foren
Kundendiskussionen durchsuchen
|
Ähnliche Foren
|
||||||||||||||||||||||||||||||||||
Lieblingslisten
Ähnliche Artikel finden
Ihr Kommentar
Möchten Sie die Produktinformationen aktualisieren oder Feedback zu den Produktabbildungen geben?
|
