Managing Security with Snort and IDS Tools

Christopher Gerg, Kerry J. Cox

  • 出版商: O'Reilly Media
  • 出版日期: 2004-08-12
  • 售價: $1,120
  • 語言: 英文
  • 頁數: 304
  • 裝訂: Paperback
  • ISBN: 0596006616
  • ISBN-13: 9780596006617

立即出貨 (庫存 < 3)

買這商品的人也買了...

商品描述

Description:

Intrusion detection is not for the faint at heart. But, if you are a network administrator chances are you're under increasing pressure to ensure that mission-critical systems are safe--in fact impenetrable--from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders.

Designing a reliable way to detect intruders before they get in is a vital but daunting challenge. Because of this, a plethora of complex, sophisticated, and pricy software solutions are now available. In terms of raw power and features, SNORT, the most commonly used Open Source Intrusion Detection System, (IDS) has begun to eclipse many expensive proprietary IDSes. In terms of documentation or ease of use, however, SNORT can seem overwhelming. Which output plugin to use? How do you to email alerts to yourself? Most importantly, how do you sort through the immense amount of information Snort makes available to you?

Many intrusion detection books are long on theory but short on specifics and practical examples. Not Managing Security with Snort and IDS Tools. This new book is a thorough, exceptionally practical guide to managing network security using Snort 2.1 (the latest release) and dozens of other high-quality open source other open source intrusion detection programs.

Managing Security with Snort and IDS Tools covers reliable methods for detecting network intruders, from using simple packet sniffers to more sophisticated IDS (Intrusion Detection Systems) applications and the GUI interfaces for managing them. A comprehensive but concise guide for monitoring illegal entry attempts, this invaluable new book explains how to shut down and secure workstations, servers, firewalls, routers, sensors and other network devices.

Step-by-step instructions are provided to quickly get up and running with Snort. Each chapter includes links for the programs discussed, and additional links at the end of the book give administrators access to numerous web sites for additional information and instructional material that will satisfy even the most serious security enthusiasts.

Managing Security with Snort and IDS Tools maps out a proactive--and effective--approach to keeping your systems safe from attack.

 

Table of Contents:

Preface

1. Introduction
      Disappearing Perimeters
      Defense-in-Depth
      Detecting Intrusions (a Hierarchy of Approaches)
      What Is NIDS (and What Is an Intrusion)?
      The Challenges of Network Intrusion Detection
      Why Snort as an NIDS?
      Sites of Interest

2. Network Traffic Analysis
      The TCP/IP Suite of Protocols
      Dissecting a Network Packet
      Packet Sniffing
      Installing tcpdump
      tcpdump Basics
      Examining tcpdump Output
      Running tcpdump
      ethereal
      Sites of Interest

3. Installing Snort
      About Snort
      Installing Snort
      Command-Line Options
      Modes of Operation

4. Know Your Enemy
      The Bad Guys
      Anatomy of an Attack: The Five Ps
      Denial-of-Service
      IDS Evasion
      Sites of Interest

5. The snort.conf File
      Network and Configuration Variables
      Snort Decoder and Detection Engine Configuration
      Preprocessor Configurations
      Output Configurations
      File Inclusions

6. Deploying Snort
      Deploy NIDS with Your Eyes Open
      Initial Configuration
      Sensor Placement
      Securing the Sensor Itself
      Using Snort More Effectively
      Site of Interest

7. Creating and Managing Snort Rules
      Downloading the Rules
      The Rule Sets
      Creating Your Own Rules
      Rule Execution
      Keeping Things Up-to-Date
      Interesting Sites

8. Intrusion Prevention
      Intrusion Prevention Strategies
      IPS Deployment Risks
      Flexible Response with Snort
      The Snort Inline Patch
      Controlling Your Border
      Sites of Interest

9. Tuning and Thresholding
      False Positives (False Alarms)
      False Negatives (Missed Alerts)
      Initial Configuration and Tuning
      Pass Rules
      Thresholding and Suppression

10. Using ACID as a Snort IDS Management Console
      Software Installation and Configuration
      ACID Console Installation
      Accessing the ACID Console
      Analyzing the Captured Data
      Sites of Interest

11. Using SnortCenter as a Snort IDS Management Console
      SnortCenter Console Installation
      SnortCenter Agent Installation
      SnortCenter Management Console
      Logging In and Surveying the Layout
      Adding Sensors to the Console
      Managing Tasks

12. Additional Tools for Snort IDS Management
      Open Source Solutions
      Commercial Solutions

13. Strategies for High-Bandwidth Implementations of Snort
      Barnyard (and Sguil)
      Commericial IDS Load Balancers
      The IDS Distribution System (I(DS)2)

A. Snort and ACID Database Schema

B. The Default snort.conf File

C. Resources

Index