 |
Snort Intrusion Detection and Prevention Toolkit
Be the First to Write a Review and tell the world about this title!People who purchase this book frequently purchase: - CISSP All-in-One Exam Guide, 4th Edition; Shon Harris, $47.95, 40% Off!
- Cisco ASA, PIX, and FWSM Firewall Handbook; David Hucaby, $50.50, 22% Off!
- Hack the Stack: Using Snort and Ethereal to Master the 8 Layers of an Insecure Network; Michael Gregg, et al, $34.95, 30% Off!
- Network Warrior; Gary A. Donahue, $26.95, 40% Off!
Books on similar topics, in best-seller order:Books from the same publisher, in best-seller order:
This fully integrated book, CD, and Web toolkit covers everything from packet
inspection to optimizing Snort for speed to using the most advanced features of
Snort to defend even the largest and most congested enterprise networks. Leading
Snort experts Brian Caswell, Andrew Baker, and Jay Beale analyze traffic from
real attacks to demonstrate the best practices for implementing the most powerful
Snort features. The accompanying CD contains examples from real attacks allowing
readers test their new skills.
The book begins with a discussion of packet inspection and the progression
from intrusion detection to intrusion prevention. The authors provide examples
of packet inspection methods including: protocol standards compliance, protocol
anomaly detection, application control, and signature matching. In addition,
application-level vulnerabilities including Binary Code in HTTP headers, HTTP/HTTPS
Tunneling, URL Directory Traversal, Cross-Site Scripting, and SQL Injection
will also be analyzed.
Next, a detailed chapter on configuring Snort highlights various methods for
fine tuning your installation to optimize Snort performance including hardware/OS
selection, finding and eliminating bottlenecks, and benchmarking and testing
your deployment. A special chapter also details how to use Barnyard to improve
the overall performance of Snort. Next, best practices will be presented allowing
readers to enhance the performance of Snort for even the largest and most complex
networks. The next chapter reveals the inner workings of Snort by analyzing
the source code. The next several chapters will detail how to write, modify,
and fine-tune basic to advanced rules and pre-processors. Detailed analysis
of real packet captures will be provided both in the book and the accompanying
CD.
The last part of the book contains several chapters on active response, intrusion
prevention, and using Snort's most advanced capabilities for everything from
forensics and incident handling to building and analyzing honey pots. Data from
real world attacks will be presented throughout this part as well as on the
accompanying CD.
About the Authors
Brian Caswell, snort.org webmaster, is a highly respected member of
the Snort community and is the primary person responsible for maintaining the
rules that drive the Snort intrusion detection system.
Jay Beale is an information security specialist, well known for his
work on mitigation technology, specifically in the form of operating system
and application hardening. He's written two of the most popular tools in this
space: Bastille Linux, a lockdown tool that introduced a vital security-training
component, and the Center for Internet Security's Unix Scoring Tool. Both are
used worldwide throughout private industry and government. Jay has served as
an invited speaker at a variety of conferences worldwide, as well as government
symposia. He's written for Information Security Magazine, SecurityFocus, and
the now-defunct SecurityPortal.com. He has worked on four books in the information
security space. Three of these, including the best-selling Snort 2.1 Intrusion
Detection (Syngress, ISBN: 1931836043) make up his Open Source Security Series,
while one is a technical work of fiction entitled Stealing the Network: How
to Own a Continent (Syngress, ISBN: 1931836051).
Andrew R. Baker is a member of the Snort development team, and a Senior
Software Engineer for Sourcefire, Inc. He is also the primary developer for
Barnyard, and the mailing list administrator for the Snonrt project.
|
|
