Vous voulez voir cette page en français ? Cliquez ici.

Have one to sell? Sell yours here
Tell the Publisher!
I'd like to read this book on Kindle

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Intrusion Detection with Snort [Paperback]

Jack Koziol
4.4 out of 5 stars  See all reviews (14 customer reviews)

Available from these sellers.



Book Description

May 20 2003 157870281X 978-1578702817 1

With over 100,000 installations, the Snort open-source network instrusion detection system is combined with other free tools to deliver IDS defense to medium - to small-sized companies, changing the tradition of intrusion detection being affordable only for large companies with large budgets.

Until now, Snort users had to rely on the official guide available on snort.org. That guide is aimed at relatively experience snort administrators and covers thousands of rules and known exploits.

The lack of usable information made using Snort a frustrating experience. The average Snort user needs to learn how to actually get their systems up-and-running.

Snort Intrusion Detection provides readers with practical guidance on how to put Snort to work. Opening with a primer to intrusion detection and Snort, the book takes the reader through planning an installation to building the server and sensor, tuning the system, implementing the system and analyzing traffic, writing rules, upgrading the system, and extending Snort.


Customers Who Bought This Item Also Bought


Product Details


Product Description

From the Back Cover

With over 100,000 installations, the Snort open-source network instrusion detection system is combined with other free tools to deliver IDS defense to medium - to small-sized companies, changing the tradition of intrusion detection being affordable only for large companies with large budgets.

Until now, Snort users had to rely on the official guide available on snort.org. That guide is aimed at relatively experience snort administrators and covers thousands of rules and known exploits.

The lack of usable information made using Snort a frustrating experience. The average Snort user needs to learn how to actually get their systems up-and-running.

Snort Intrusion Detection provides readers with practical guidance on how to put Snort to work. Opening with a primer to intrusion detection and Snort, the book takes the reader through planning an installation to building the server and sensor, tuning the system, implementing the system and analyzing traffic, writing rules, upgrading the system, and extending Snort.

About the Author

Jack Koziol is the Information Security Officer at a major Chicago-area financial institution, responsible for security enterprise-wide. Previously, he has held information security positions at an online health care company and a point-of-care Internet-based pharmacy. Jack has written for Information Security magazine, and released several whitepapers on intrusion detection. He teaches the CISSP and "Hack and Defend" courses.

Jack has architected, maintained, and managed Snort and other IDS technologies in large production environments since 1998. He has also written Snort signature sets designed for specific applications.


Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more

Customer Reviews

Most helpful customer reviews
4.0 out of 5 stars A keeper May 7 2004
By A Customer
Format:Paperback
The solid ratings and reviews for this book are appropriate. It is well written, informative, and moves at a nice clip. Very helpful considering the modest documentation available on the snort site.
Was this review helpful to you?
5.0 out of 5 stars A comprehensive and instructive book Feb. 18 2004
By akempo
Format:Paperback
When I first got this book, I had little idea what Snort did, other than being used for intrusion detection. And while I'm not an expert in Snort now that I've finished it, the book is simply a comprehensive step by step guide to using this useful tool. I am not an expert in computer security by any stretch, but I've read enough computer books to know intelligent, useful information when I read it. Although I do not have a big enough box to run Snort, I feel confident that using the author's instructions as a guideline along with some common sense I could get it up and running, which I will be doing in the near future. I particularly liked the fact that the author discussed other add ons and software that are essential or ease using Snort, but are not part of Snort itself.
The book is laid out in a logical, easy to understand manner, and I will definitely using this as my reference once I get a box I can put it on.
Was this review helpful to you?
4.0 out of 5 stars Helpful book, Linux-centric Dec 28 2003
Format:Paperback
This is a very handy book, if only because it presents a lot of Snort documentation in a friendly, easy-to-read format. Is every chapter a joyous literary experience? No. But it beats reading manpages and after a few hours of reading from my monitor my eyes sting.
So the material.... This book introduces Snort, what it is/does, etc, then moves on to how it works. I really enjoyed chapter 3, which looks into all the preprocessors and a brief desciption of Snort's order of operations and modularity.
I would especially recommend chapters 4 and 5 to new Snorters since design issues comprise a huge part of the questions posed to the Snort mailing list, most of which have easy or standard answers. After that, the installation/configuration chapters demonstrate how to get a running setup using RedHat.
I've read a couple complaints in earlier reviews that these instructions don't work and I must say that it is exceedingly difficult to write an installation procedure that incorporates half a dozen different pieces of software, all of which are under seperate development. I actually know about this because I maintain the FreeBSD install guide on the snort site and the instructions that work one week are slightly off the next week. Use the instructions in this book as a guide and you probably won't have much dirty work to figure out on your own.
The rest of the book gets into the nitty-gritty of using Snort and I think it does a pretty good job. This includes tuning signature sets to use less memory/CPU and to generate more reliable alerts. False positives are the bane of the IDS world. If you're new to Snort/IDS then you'll enjoy learning of several great tools like Swatch and Barnyard that this book explores.
Overall I think this book is well worth the 31 clams I coughed up on Amazon.
Was this review helpful to you?
5.0 out of 5 stars The Art of Intrusion Detection and Snort Oct. 9 2003
Format:Paperback
I teach networking and security courses at a local unversity, and I have been using this book for a portion of the courseware this semester. A significant portion of the course is hands-on, and this book helps my students understand how intrusion detection is used in the real world.
The chapter on creating rules from packet captures is invaluable --- as is the Snort internals chapter. I understand how Snort works, how to deploy it, and most importantly, the pragmatic side of using Snort in the real world.
This is by far the best of the Snort books out right now, the others are either low on detail or are extremely poorly written. The Snort 2.0 book was disappointing. I was expecting it to be the best book, it stuffed with filler chapters, and overly wordy.
Was this review helpful to you?
5.0 out of 5 stars Comprehensive Oct. 5 2003
Format:Paperback
A comprehensive tutorial on Snort, the open source IDS. I especially like the author's casual, informal, tone, it feels like he is talking with you. I really liked the "enterprise" uses of Snort, not just on the home DSL connection.
I noticed some other reviewers had problems installing MySQL. If you type in the commands exactly as they are in the book, you must the verison of MySQL used in the book, 3.23.52. This version is somewhat burried on the website. If you type these exact commands, without making use of any common sense, the latest version of MySQL the source compile will fail. As most open source applications change rapidly, I didnt find this to be a major stumbling block, and got on to the Snort content quickly.
Was this review helpful to you?
2.0 out of 5 stars Conceptual info is great, directions are bad Oct. 2 2003
Format:Paperback
I agree with one of the other reviewers, Chapter 6 has more type o's than a blood bank. I am struggling currently (for the past 3 days) trying to install MySQL from source like it suggests in the book when MySQL's documentation recommends you install from RPMS..... who do you believe? I would recommend finding another book... I am going to look at the documentaton on Snort's webpage, I might have better luck there.
Was this review helpful to you?
5.0 out of 5 stars Worth It Sept. 10 2003
Format:Paperback
Ive worked with Snort now off and on for over a year. I had pieced together and printed out most of the online freebies into a big 3 ring binder. There were still a number of things that I had heard of people doing, but were never able to figure out on my own, such as configuring snort to send alerts over email or writing my own attack signatures. I purchased this book about 6 weeks ago and now have snort doing everything I want it to.
I highly recommend this book, it really bridged the gap.
Was this review helpful to you?
Want to see more reviews on this item?
Most recent customer reviews
Search Customer Reviews
Only search this product's reviews
ARRAY(0xa906839c)

Look for similar items by category


Feedback