"Managing Security with Snort and IDS Tools", Kerry Cox/Christopher Gerg, 2004, 0-596-00661-6, U$39.95/C$57.95 %A Kerry Cox %A Christopher Gerg %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 2004 %G 0-596-00661-6 %I O'Reilly & Associates, Inc. %O U$39.95/C$57.95 800-998-9938 fax: 707-829-0104 firstname.lastname@example.org %Otl a rl 2 tc 3 ta 3 tv 2 wq 2 %P 269 p. %T "Managing Security with Snort and IDS Tools"
Chapter one explains what Snort, and network intrusion detection, is. The basics of network traffic sniffing and analysis, and the operation of tcpdump and ethereal, are described in chapter two. Installation, options, and the basic operation of Snort are outlined in chapter three. Chapter four details the different types of blackhat and intruder activity in terms of network intrusion. Chapter five details the confguration file and choices. How, and where, to use and set up Snort is the topic of chapter six. Snort rules are explained in chapter seven, which also outlines the system for creating them. Snort can also be used for intrusion prevention, as chapter eight points out. Tuning sensitivity, and establishing thresholds and clipping levels, is discussed in chapter nine. Chapter ten reviews the use of ACID (Analysis Console for Intrusion Detection) as a management console. An alternative program is SnortCenter, described in chapter eleven, and more options are listed in twelve. Chapter thirteen notes possibilities for the use of Snort in high bandwidth situations.
For those interested in the standard intrusion detection program, here is a set of useful explanations for its use and operation.
copyright Robert M. Slade, 2004 BKMSWSIT.RVW 20041106
====================== (quote inserted randomly by Pegasus Mailer) email@example.com firstname.lastname@example.org email@example.com Science is what we understand well enough to explain to a computer; Art is everything else. - Donald Ervin Kunthor