Snort Intrusion Detection 2.0
The incredible low maintenance costs of Snort combined with its powerful security features make it one of the fastest growing IDSs within corporate IT departments. Snort 2.0 Intrusion Detection is written by a member of Snort.org. The book provides a valuable insight to the code base of Snort and in-depth tutorials of complex installation, configuration, and troubleshooting scenarios. The primary reader will be an individual who has a working knowledge of the TCP/IP protocol, expertise in some arena of IT infrastructure, and is inquisitive about what has been attacking their IT network perimeter every 15 seconds. - The most up-to-date and comprehensive coverage for Snort 2.0! - Expert Advice from the Development Team and Step-by-Step Instructions for Installing, Configuring, and Troubleshooting the Snort 2.0 Intrusion Detection System.
1101566636
Snort Intrusion Detection 2.0
The incredible low maintenance costs of Snort combined with its powerful security features make it one of the fastest growing IDSs within corporate IT departments. Snort 2.0 Intrusion Detection is written by a member of Snort.org. The book provides a valuable insight to the code base of Snort and in-depth tutorials of complex installation, configuration, and troubleshooting scenarios. The primary reader will be an individual who has a working knowledge of the TCP/IP protocol, expertise in some arena of IT infrastructure, and is inquisitive about what has been attacking their IT network perimeter every 15 seconds. - The most up-to-date and comprehensive coverage for Snort 2.0! - Expert Advice from the Development Team and Step-by-Step Instructions for Installing, Configuring, and Troubleshooting the Snort 2.0 Intrusion Detection System.
53.95 In Stock
Snort Intrusion Detection 2.0

Snort Intrusion Detection 2.0

by Syngress
Snort Intrusion Detection 2.0
Add to Wishlist
Snort Intrusion Detection 2.0

Snort Intrusion Detection 2.0

by Syngress

Overview

The incredible low maintenance costs of Snort combined with its powerful security features make it one of the fastest growing IDSs within corporate IT departments. Snort 2.0 Intrusion Detection is written by a member of Snort.org. The book provides a valuable insight to the code base of Snort and in-depth tutorials of complex installation, configuration, and troubleshooting scenarios. The primary reader will be an individual who has a working knowledge of the TCP/IP protocol, expertise in some arena of IT infrastructure, and is inquisitive about what has been attacking their IT network perimeter every 15 seconds. - The most up-to-date and comprehensive coverage for Snort 2.0! - Expert Advice from the Development Team and Step-by-Step Instructions for Installing, Configuring, and Troubleshooting the Snort 2.0 Intrusion Detection System.

Product Details

ISBN-13: 9780080481005
Publisher: Syngress Publishing
Publication date: 05/11/2003
Sold by: Barnes & Noble
Format: eBook
Pages: 550
File size: 9 MB

Read an Excerpt

Snort System Requirements

Before getting a system together, you need to know a few things. One, Snort data can take up a lot of disk space, and two, you'll need to be able to monitor the system remotely. The Snort system we maintain is in our machine room (which is cold, and a hike downstairs).

Because we're lazy and don't want to hike downstairs, we would like to be able to maintain it remotely and securely. For Linux and UNIX, this means including Secure Shell (SSH) and Apache with Secure Sockets Layer (SSL). For Windows, this would mean Terminal Services (with limitation on which users and machines can connect, and Internet Information Servers [IIS]).

Hardware

One of the most important things you'll need, especially if you're running Snort in Network-based Intrusion Detection System (NIDS) mode, is a really big hard drive. If you're storing your data as either syslog files or in a database, you'll need a lot of space to store all the data that the Snort's detection engine uses to check for rule violations.

Another highly recommended hardware component for Snort is a second Ethernet interface. One of the interfaces is necessary for typical network connectivity (SSH, Web services, and so forth), and the other interface is for Snorting. This sensing interface that does the "snorting" is your "Snort sensor."

Snort does not have any particular hardware requirements that your OS doesn't already require to run. Running any application with a faster processor usually makes the application work faster. However, you will be limited in the amount of data you collect by your network connection and by your hard drive.

However, you will need to have a reasonable size network interface card (NIC) to collect the correct amount of network packets. For example, if you are on a 100MB network, you will need a 100MB NIC to collect the correct amount of packets. Otherwise, you will miss packets and be unable to accurately collect alerts.

In addition, you will need a good size hard drive to store your data. If your hard drive is too small, there is a good chance that you will be unable to write alerts to either your database or log files. For example, our current setup for a single Snort sensor is a 9GB partition for /var.

Operating System

Snort was designed to be a lightweight network intrusion system. Currently, Snort can run on x86 systems Linux, FreeBSD, NetBSD, OpenBSD, and Windows. Other systems supported include Sparc Solaris, PowerPC MacOS X and MkLinux, and PA-RISC HP-UX. Snort will run on just about any modern OS today.

Oink!

People can get into religious wars as to which OS is best, but you have to be the one to administer the system, so you pick the OS.

There is an ongoing argument regarding the best OS on which to run Snort. A while back, the *BSDs had the better IP stack, but since Linux has gone to the 2.4 kernel, the IP stacks are comparable. Our favorite is NetBSD, but your mileage might vary.

Table of Contents

Foreword Chapter 1 Intrusion Detection Systems Introduction What Is Intrusion Detection Network IDS Host-Based IDS Distributed IDS A Trilogy of Vulnerabilities Directory Traversal Vulnerability CodeRed Worm Nimda Worm What Is an Intrusion Using Snort to Catch Intrusions Why Are Intrusion Detection Systems Important Why Are Attackers Interested in Me Where Does an IDS Fit with the Rest of My Security Plan Doesn't My Firewall Serve as an IDS Where Else Should I Be Looking for Intrusions What Else Can Be Done with Intrusion Detection Monitoring Database Access Monitoring DNS Functions E-Mail Server Protection Using an IDS to Monitor My Company Policy Summary Solutions Fast Track Frequently Asked Questions Chapter 2 Introducing Snort 2.0 Introduction What Is Snort Snort System Requirements Hardware Exploring Snort's Features Packet Sniffer Preprocessor Detection Engine Alerting/Logging Component Using Snort on Your Network Snort's Uses Snort and Your Network Architecture Pitfalls When Running Snort Security Considerations with Snort Snort Is Susceptible to Attacks Securing Your Snort System Summary Solutions Fast Track Frequently Asked Questions Chapter 3 Installing Snort Introduction A Brief Word about Linux Distributions Debian Slackware Gentoo Installing PCAP Installing libpcap from Source Installing libpcap from RPM Installing Snort Installing Snort from Source Customizing Your Installation: Editing the snort.

What People are Saying About This

From the Publisher

Your Complete Reference Guide to Snort 2.0!

From the B&N Reads Blog
Page 1 of

Related Subjects

Business
Computers
Business Technology
Enterprise Computing Systems
Networking & Telecommunications
Enterprise Networks
Security - Computer Networks
Business Technology - Networks
Business enterprises->Computer networks->Security measures
Business
Computers
Business Technology
Enterprise Computing Systems
Networking & Telecommunications
Enterprise Networks
Security - Computer Networks
Business Technology - Networks
Business enterprises->Computer networks->Security measures

Customer Reviews