Snort Cookbook
Select Format
Select Condition 
Book Overview
If you are a network administrator, you're under a lot of pressure to ensure that mission-critical systems are completely safe from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is an essential--but often overwhelming--challenge. Snort, the defacto open source standard of intrusion detection tools, is capable of performing real-time traffic analysis and packet logging on IP network. It can perform protocol analysis, content searching, and matching. Snort can save countless headaches; the new Snort Cookbook will save countless hours of sifting through dubious online advice or wordy tutorials in order to leverage the full power of SNORT. Each recipe in the popular and practical problem-solution-discussion O'Reilly cookbook format contains a clear and thorough description of the problem, a concise but complete discussion of a solution, and real-world examples that illustrate that solution. The Snort Cookbook covers important issues that sys admins and security pros will us everyday, such as: installation optimization logging alerting rules and signatures detecting viruses countermeasures detecting common attacks administration honeypots log analysis But the Snort Cookbook offers far more than quick cut-and-paste solutions to frustrating security issues. Those who learn best in the trenches--and don't have the hours to spare to pore over tutorials or troll online for best-practice snippets of advice--will find that the solutions offered in this ultimate Snort sourcebook not only solve immediate problems quickly, but also showcase the best tips and tricks they need to master be security gurus--and still have a life.
Format:Paperback
Language:English
ISBN:0596007914
ISBN13:9780596007911
Release Date:May 2005
Publisher:O'Reilly Media
Length:270 Pages
Weight:0.15 lbs.
Dimensions:0.7" x 6.9" x 9.4"
Customer Reviews
4 ratings
Snort Cookbook a second glance!
Published by Thriftbooks.com User , 19 years ago
Snort Cookbook O'reilly by: Orebaugh, Biles & Babbin What can I say designing a reliable detection system is a challenge at best. This book makes it seem easy! I thought this was the best layout of a tech.book I have ever saw. Problem > Solution > Discussion. they gave you the information in a precise way with out overloading you <br />with material you did not need. The Rules section was espcially useful... <br />The only downside is I wanted to see more on rules with samples. <br />Overall this was a very useful Book. I already had snort in place this made it much more useful. <br /> <br />Brett Hoff
It's a Rough World Out There
Published by Thriftbooks.com User , 19 years ago
When the Internet was being set up, who could have possibly believed just how unfriendly a place it was going to be out there. After all, it was just a concept where scientists could exchange papers. Even if you would have told the original developers where it was going to go they would have just laughed at you. Anyway, Snort is another tool in stopping the bad guys from coming into your system. In particular it is an intrusion detector. Note the word detector. Snort monitors your system to see what's happening. It is not an anti-virus like program that detects, quarantines, deletes, etc. an infected file. Instead it watches what is going on in the system and looks for behavior that is outside the rules. Snort watches, records and reports on what the systems in you network might be doing. On a big network, running Snort could well be a full time job. It can produce volumes of information. Some of this information regarding your employees might be considered spying on them, there are also some words (a few more wouldn't hurt) on what you can do to outsiders vs. your own people.
Good but not a tutorial
Published by Thriftbooks.com User , 19 years ago
Actually, probably everything you'd need for a tutorial is in here; it just isn't put in one place up front. Therefor, for someone totally unfamiliar with Snort, the sudden jump from installation to cook-book recipes may be confusing and unsettling. As there is plenty of material at http://www.snort.org/docs/ and as getting Snort running isn't all that complicated anyway, that's not a major flaw. Like another reviewer here, I think the rules sections are probably the best part of the book, though I was also impressed by the attention given to the specifics of Windows and Mac OS X - it's nice to see that level of completeness.
rules are the core of Snort
Published by Thriftbooks.com User , 19 years ago
The core of this book is the chapter on Rules and Signatures. Snort is renowned for its rule language and its vast flexibility. It is a reasonably high level "script" that seems more declarative than procedural. Ok, I'm speaking a little figuratively, but if you scan the rules, you might see what I mean. The chapter explains how to build rules of varying levels of complexity, depending on your needs. One neat trait is the profuse range of options for detecting traffic around the machine running Snort. Of course and inevitably, the default rules base has grown and it is regularly updated. Currently, these defaults number some 3000, and few sysadmins have the expertise to understand all of them. So one recipe tells you how to get and run an updater program (Oinkmaster). Though you are cautioned about letting it change your rules automatically. Other recipes expand upon the rule scope in interesting ways, like looking for p2p or Instant Messaging traffic. You might be responsible for a corporate network that bans these, perhaps. Here is a simple way to show a supervisor how you can stay on top of the problem.
Copyright © 2025 Thriftbooks.com
Terms of Use | Privacy Policy | Do Not Sell/Share My Personal Information | Cookie Policy | Cookie Preferences | Accessibility Statement
ThriftBooks ® and the ThriftBooks ® logo are registered trademarks of Thrift Books Global, LLC
ThriftBooks ® and the ThriftBooks ® logo are registered trademarks of Thrift Books Global, LLC
