Snort 2.0 intrusion, detection

Brian Caswell, Jay Beale, James C. Foster, Jeffrey Posluns

552 pages, parution le 22/05/2003

Ajouter à une liste

Indisponible

Résumé

The incredible low maintenance costs of Snort combined with its powerful security features make it one of the fastest growing IDSs within corporate IT departments. Snort 2.0 Intrusion Detection is the first book dealing with the Snort IDS and is written by a member of Snort.org. Readers will receive valuable insight to the code base of Snort and in-depth tutorials of complex installation, configuration, and troubleshooting scenarios.

Explore Snort's Features
Master the three core features that make Snort so powerful: packet sniffing, packet logging, and intrusion detection.

Install Snort
Find instructions on installing Snort for both Linux and Microsoft Windows.

Understand Rule Action Options
Determine which of the five options is best for you: pass, log, alert, dynamic, or activate.

Master stream4 and frag2 Preprocessors
Enhance Snort's original rule-based pattern-matching model with stream4 and frag2.

Configure Unified Logs
Use unified logs to significantly increase the efficiency of the Snort sensor and free up your Snort engine.

Manage Output Plug-Ins
Install, configure, and use Swatch, ACID, SnortSnarf, IDSCenter, and other plug-ins to monitor log files.

Watch for Rule Updates
Use oinkmaster, a semi-automated tool, to download and compare new rulesets with old ones.

Decide Which Rules to Enable
Identify key protocols and services that are used on your network and determine the level of granularity required for your evidentiary logs.

Install and Configure Barnyard
Run Barnyard in one of three modes of operation: one-shot mode, continual mode, or continual with checkpoint mode.

Register for Your 1 Year Upgrade
The Syngress Solutions upgrade plan protects you from content obsolescence and provides monthly mailings, whitepapers, and more!

Contents

Intrusion detection systems
Introduction Snort 2.0
Installing Snort
Snort: The inner workings
Playing by the rules
Preprocessors
Implementing snort output plugs-ins
Exploring the data analysis tools
Keeping everything up to date
Optimizing Snort
Mucking around with Barnyard
Advanced Snort

Index

L'auteur - Jay Beale

Jay Beale is the founder and president of JJB Security Consulting as well as the lead developer for Bastille Linux, a security product used to harden Linux and HP-UX. A frequent speaker at security conferences, he is the author of Locking Down Linux the Bastille Way.

L'auteur - James C. Foster

James C. Foster, Fellow is the Deputy Director of Global Security Solution Development for Computer Sciences Corporation where he is responsible for the vision and development of physical, personnel, and data security solutions. Prior to CSC, Foster was the Director of Research and Development for Foundstone Inc. (acquired by McAfee) and was responsible for all aspects of product, consulting, and corporate R&D initiatives. Prior to joining Foundstone, Foster was an Executive Advisor and Research Scientist with Guardent Inc. (acquired by Verisign) and an adjunct author at Information Security Magazine (acquired byTechTarget), subsequent to working as Security Research Specialist for the Department of Defense. With his core competencies residing in high-tech remote management, international expansion, application security, protocol analysis, and search algorithm technology, Foster has conducted numerous code reviews for commercial OS components, Win32 application assessments, and reviews on commercial-grade cryptography implementations.

Foster is a seasoned speaker and has presented throughout North America at conferences, technology forums, security summits, and research symposiums with highlights at the Microsoft Security Summit, Black Hat USA, Black Hat Windows, MIT Wireless Research Forum, SANS, MilCon, TechGov, InfoSec World 2001, and the Thomson Security Conference. He also is commonly asked to comment on pertinent security issues and has been sited in USAToday, Information Security Magazine, Baseline, Computer World, Secure Computing, and the MIT Technologist. Foster holds an A.S., B.S., MBA and numerous technology and management certifications and has attended or conducted research at the Yale School of Business, Harvard University, the University of Maryland, and is currently a Fellow at University of Pennsylvania's Wharton School of Business.

Foster is also a well published author with multiple commercial and educational papers; and has authored, contributed, or edited for major publications to include Snort 2.1 Intrusion Detection (Syngress Publishing, ISBN: 1-931836-04-3), Hacking Exposed, Fourth Edition, Anti-Hacker Toolkit, Second Edition, Advanced Intrusion Detection, Hacking the Code: ASP NET Web Application Security (Syngress, ISBN: 1-932266-65-8), Anti-Spam Toolkit, and the forthcoming Google Hacking for Penetration Techniques (Syngress, ISBN: 1-931836-36-1) .

Caractéristiques techniques

	PAPIER
Éditeur(s)	Syngress
Auteur(s)	Brian Caswell, Jay Beale, James C. Foster, Jeffrey Posluns
Parution	22/05/2003
Nb. de pages	552
Format	18,8 x 23,4
Couverture	Broché
Poids	985g
Intérieur	Noir et Blanc
EAN13	9781931836746
ISBN13	978-1-931836-74-6