View Larger Image	Gilbert Ramirez, Brian Caswell, Noam Rathaus, Jay Beale Syngress, Paperback, Published August 2005, 400 pages, ISBN 1597490202
	List Price: $39.95 Our Price: $28.50 You Save: $11.45 (29% Off)
	Availability: Out-Of-Stock

Read an excerpt: Chapter 9: Plugins and Preprocessors       Download a detailed table of contents. Excerpt provided courtesy of Syngress.

People who purchase this book frequently purchase:

• Intrusion Prevention and Active Response; Michael Rash, et al, $27.50, 45% Off!
• Hacking Exposed: Network Security Secrets & Solutions, 5th Edition; Joel Scambray, et al, $30.50, 39% Off!
• Penetration Tester's Open Source Toolkit; Johnny Long, et al, $41.95, 30% Off!
• Essential SNMP, 2nd Edition; Douglas R. Mauro, et al, $30.50, 39% Off!

• Enterprise Computing : Security
• Other Topics : Open Source

• Syngress

If you have Snort, Nessus, and Ethereal up and running and now you’re ready to customize, code, and torque these tools to their fullest potential, then this book is for you.

The authors of this book provide the inside scoop on coding the most effective and efficient Snort rules, Nessus plugins with NASL, and Ethereal capture and display filters. When done with this book, you will be a master at coding your own tools to detect malicious traffic, scan for vulnerabilities, and capture only the packets YOU really care about.

Each chapter also contains dozens of working code examples. Snort is an amazingly flexible application with a rules-based engine allowing you to collect and correlate packets based on the rules you design. The Snort rules section of this book teaches you to read, write, and understand these rules for your IDS sensors. You will lean rule development schematics, proper testing procedures, techniques for enhancing the speed of your rules, and tips for using Berkeley Packet Filters and subnet masks within a rule.

The Nessus Attack Scripting Language (NASL) allows you to create self contained scripts for vulnerability scanning using the Nessus engine (nessusd). As such, NASL allows you to write plugins that perform network security checks and almost any other type of network-wide test. In this section, you will learn the intricacies of the “script description” and “script body”, the NASL Protocol APIs, string manipulation, and much more. Ethereal provides “capture filters” which allow you to capture only the packets you are interested in and “display filters” which allow you to specify which packets are then shown in Ethereal’s Graphical User Interface. This section teaches you to write capture filters and how to work with tcpdump; host names and addresses; MAC addresses; ports; logical operations; protocols; and protocol fields.

Table of Contents

PART 1: SNORT RULES

1: Configuration files
2: Rule headers
3: Rule body
4: IP options
5: TCP options
6: ICMP options
7: Rule Identifier options

PART II: NESSUS PLUGINS and NASL

8: Script structure
9: Description section
10: Connecting directly to ports
11: String manipulation
12: Regular expressions in NASL
13: Protocol APIs
14: FTP
15: HTTP
16: NFS

PART III: ETHEREAL FILTERS

17: Writing capture filters
18: TCPdump
19: MAC Addresses
20: Protocols
21: Bitwise operators
22: Writing display filters
23: Floating point numbers
24: Byte sequences
25: Filter dialogs

PART IV: BEST OF THE REST

APPENDIX

About the Authors

Gilbert Ramirez was the first contributor to Ethereal after it was announced to the public and is known for his regular updates to the product. He has contributed protocol dissectors as well as core logic to Ethereal. He is a systems engineer at a large company with network-related products, where he works on tools and software build systems.

Brian Caswell, snort.org webmaster, is a highly respected member of the Snort community and is the primary person responsible for maintaining the rules that drive the Snort intrusion detection system.

Jay Beale is Series Editor of the Jay Beale Open Source Security Series and lead developer of the Bastille project, which creates a hardening script for Linux, HP-UX, and Mac OS x. Jay Beale is a security specialist focused on host lockdown and security audits. He is the Lead Developer of the Bastille project, which creates a hardening script for Linux, HP-UX, and Mac OS X, a member of the Honeynet Project, and the Linux technical lead in the Center for Internet Security. A frequent conference speaker and trainer, Jay speaks and trains at the Black Hat Briefings and LinuxWorld conferences, among others. Jay is a columnist with Information Security Magazine.

Noam Rathaus is the co-founder and CTO of Beyond Security, a company specializing in the development of enterprise-wide security assessment technologies, vulnerability assessment-based SOCs (security operation centers) and related products. He holds an electrical engineering degree from Ben Gurion University, and has been checking the security of computer systems from the age of 13. Noam is also the editor-in-chief of SecuriTeam.com, one of the largest vulnerability databases and security portals on the Internet. He has contributed to several security-related open-source projects including an active role in the Nessus security scanner project. He has written over 150 security tests to the open source tool's vulnerability database, and also developed the first Nessus client for the Windows operating system. Noam is apparently on the hit list of several software giants after being responsible for uncovering security holes in products by vendors such as Microsoft, Macromedia, Trend Micro, and Palm. This keeps him on the run using his Nacra Catamaran, capable of speeds exceeding 14 knots for a quick getaway. He would like to dedicate his contribution to the memory of Haim Finkel.

Forgot your password? FAQs Shipping Options Returns Your Orders Your Account