Managing Security with Snort and IDS Tools
Be the First to Write a Review and tell the world about this title!People who purchase this book frequently purchase: - Snort Cookbook; Angela Orebaugh, et al, $23.95, 40% Off!
- Nessus, Snort, and Ethereal Power Tools: Customizing Open Source Security Applications; Gilbert Ramirez, et al, $28.50, 29% Off!
- The Tao of Network Security Monitoring: Beyond Intrusion Detection; Richard Bejtlich, $40.95, 37% Off!
- Security Warrior; Cyrus Peikari, et al, $26.95, 40% Off!
Books on similar topics, in best-seller order:Books from the same publisher, in best-seller order:
Intrusion detection is not for the faint at heart. But, if you are a network administrator
chances are you're under increasing pressure to ensure that mission-critical systems
are safe--in fact impenetrable--from malicious code, buffer overflows, stealth
port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network
intruders.
Designing a reliable way to detect intruders before they get in is a vital
but daunting challenge. Because of this, a plethora of complex, sophisticated,
and pricy software solutions are now available. In terms of raw power and features,
SNORT, the most commonly used Open Source Intrusion Detection System, (IDS)
has begun to eclipse many expensive proprietary IDSes. In terms of documentation
or ease of use, however, SNORT can seem overwhelming. Which output plugin to
use? How do you to email alerts to yourself? Most importantly, how do you sort
through the immense amount of information Snort makes available to you?
Many intrusion detection books are long on theory but short on specifics and
practical examples. Not Managing Security with Snort and IDS Tools. This new
book is a thorough, exceptionally practical guide to managing network security
using Snort 2.1 (the latest release) and dozens of other high-quality open source
other open source intrusion detection programs.
Managing Security with Snort and IDS Tools covers reliable methods for detecting
network intruders, from using simple packet sniffers to more sophisticated IDS
(Intrusion Detection Systems) applications and the GUI interfaces for managing
them. A comprehensive but concise guide for monitoring illegal entry attempts,
this invaluable new book explains how to shut down and secure workstations,
servers, firewalls, routers, sensors and other network devices.
Step-by-step instructions are provided to quickly get up and running with Snort.
Each chapter includes links for the programs discussed, and additional links
at the end of the book give administrators access to numerous web sites for
additional information and instructional material that will satisfy even the
most serious security enthusiasts.
Managing Security with Snort and IDS Tools maps out a proactive--and effective--approach
to keeping your systems safe from attack.
Table of Contents
Preface
1. Introduction
Disappearing Perimeters
Defense-in-Depth
Detecting Intrusions (a Hierarchy of Approaches)
What Is NIDS (and What Is an Intrusion)?
The Challenges of Network Intrusion Detection
Why Snort as an NIDS?
Sites of Interest
2. Network Traffic Analysis
The TCP/IP Suite of Protocols
Dissecting a Network Packet
Packet Sniffing
Installing tcpdump
tcpdump Basics
Examining tcpdump Output
Running tcpdump
ethereal
Sites of Interest
3. Installing Snort
About Snort
Installing Snort
Command-Line Options
Modes of Operation
4. Know Your Enemy
The Bad Guys
Anatomy of an Attack: The Five Ps
Denial-of-Service
IDS Evasion
Sites of Interest
5. The snort.conf File
Network and Configuration Variables
Snort Decoder and Detection Engine Configuration
Preprocessor Configurations
Output Configurations
File Inclusions
6. Deploying Snort
Deploy NIDS with Your Eyes Open
Initial Configuration
Sensor Placement
Securing the Sensor Itself
Using Snort More Effectively
Site of Interest
7. Creating and Managing Snort Rules
Downloading the Rules
The Rule Sets
Creating Your Own Rules
Rule Execution
Keeping Things Up-to-Date
Interesting Sites
8. Intrusion Prevention
Intrusion Prevention Strategies
IPS Deployment Risks
Flexible Response with Snort
The Snort Inline Patch
Controlling Your Border
Sites of Interest
9. Tuning and Thresholding
False Positives (False Alarms)
False Negatives (Missed Alerts)
Initial Configuration and Tuning
Pass Rules
Thresholding and Suppression
10. Using ACID as a Snort IDS Management Console
Software Installation and Configuration
ACID Console Installation
Accessing the ACID Console
Analyzing the Captured Data
Sites of Interest
11. Using SnortCenter as a Snort IDS Management Console
SnortCenter Console Installation
SnortCenter Agent Installation
SnortCenter Management Console
Logging In and Surveying the Layout
Adding Sensors to the Console
Managing Tasks
12. Additional Tools for Snort IDS Management
Open Source Solutions
Commercial Solutions
13. Strategies for High-Bandwidth Implementations of Snort
Barnyard (and Sguil)
Commericial IDS Load Balancers
The IDS Distribution System (I(DS)2)
A. Snort and ACID Database Schema
B. The Default snort.conf File
C. Resources
Index
About the Authors
Kerry J. Cox is a knowledgeable and enthusiastic chief administrator/network
engineer at Bonneville International/KSL Radio and Television where he manages
40 Red Hat Linux servers, as well as Solaris and FreeBSD, performing installation,
patching, hardening, and maintenance. He also handles all Cisco routers, switches,
PIX and Checkpoint firewalls, CSS load balancers, IDS sensors and consoles.
Kerry has implemented open source solution for monitoring networks, architectures,
server processes, and bandwidth. Previously, he worked at network communications
companies and ISPs and is the author of two books by Prima: the Linux Productivity
Administrator's Guide and Red Hat Linux Administrator's Guide.
Christopher Gerg — CISSP, CHSP is the Network Security
Manager for Berbee Information Networks. His IT career started with phone technical
support for Microsoft’s launch of Windows 95 and his MCSE dates back to
NT 3.51. He’s worked as a system and network administrator and has traveled
extensively installing WANs and infrastructure for a variety of clients. Five
years ago things changed – Christopher discovered open-source operating
systems (FreeBSD, Debian, and Suse are his favorites) and he’s spent three
years as a penetration tester with Berbee and then transitioned from “attack”
to “defend” for the last two years. Christopher is responsible for
the network security of two Enterprise-class datacenters, the customers located
in them, and the network infrastructure that connects it all (Multiple OC-48
SONET rings and multiple OC-3’s to the Internet). He uses Snort to watch
it all.
In his free time, Christopher raises rugged mountain alpacas in the wind-swept
mountains of South-Central Wisconsin.
|
