Snort For Dummies
- Snort is the world's most widely deployed open source intrusion-detection system, with more than 500,000 downloads-a package that can perform protocol analysis, handle content searching and matching, and detect a variety of attacks and probes
- Drawing on years of security experience and multiple Snort implementations, the authors guide readers through installation, configuration, and management of Snort in a busy operations environment
- No experience with intrusion detection systems (IDS) required
- Shows network administrators how to plan an IDS implementation, identify how Snort fits into a security management environment, deploy Snort on Linux and Windows systems, understand and create Snort detection rules, generate reports with ACID and other tools, and discover the nature and source of attacks in real time
- CD-ROM includes Snort, ACID, and a variety of management tools
Part I: Getting to Know Snort and Intrusion Detection.
Chapter 1: Looking Up Snort’s Nose.
Chapter 2: Fitting In Snort.
Chapter 3: Readying Your Preflight Checklist.
Chapter 4: Makin’ Bacon: Installing Snort for Linux.
Chapter 5: Installing Snort and MySQL for Windows.
Part II: Administering Your Snort Box.
Chapter 6: Snorting Through Logs and Alerts.
Chapter 7: Adding Visuals and Getting Reports.
Chapter 8: Making Your Own Rules.
Chapter 9: What, Me Worry?
Chapter 10: Dealing with the Real Thing.
Part III: Moving Beyond the Basics.
Chapter 11: Reacting in Real Time.
Chapter 12: Keeping Snort Up to Date.
Chapter 13: Filling Your Farm with Pigs.
Chapter 14: Using the Barnyard Output Tool.
Part IV: The Part of Tens.
Chapter 15: Ten Cool Tools for Snort.
Chapter 16: Ten Snort Information Resources.
Appendix A: What’s On the CD-ROM.
Bert Hayes is a Security Technical Analyst for the State of Texas, where he maintains network security for a medium sized agency. In Bert’s ten years of IT industry experience, he has done everything from managing a corporate IT shop during a successful IPO to performing white hat penetration tests for corporate and government offices. He has long been a proponent of open source solutions, and is a Red Hat Certified Engineer (RHCE).
Paul Wolfe is an independent information security consultant and author, specializing in open source security.