Snort Cookbook,9780596007911

Snort Cookbook

by
ISBN13: 9780596007911
ISBN10: 0596007914
Format: Paperback
Pub. Date: 2005-03-01
Publisher(s): Oreilly & Associates Inc
  • Free Shipping Icon

    This Item Qualifies for Free Shipping!*

    *Excludes marketplace orders.

List Price: $41.99

Buy New

Arriving Soon. Will ship when available.
$39.99
Add to Cart

Rent Book

Select for Price
Add to Cart
There was a problem. Please try again later.

Rent Digital

Rent Digital Options
Online:1825 Days access
Downloadable:Lifetime Access
$40.79
$40.79
Add to Cart

Used Book

We're Sorry
Sold Out

Buy from our Marketplace starting at $4.14

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. In the Snort Cookbook system administrators and security professionals will learn tips, tricks, and techniques for using Snort. This new cookbook covers installation, optimization, logging, alerting, rules and signatures, detecting viruses, countermeasures, detecting common attacks, administration, honeypots, and log analysis.

Author Biography

Angela Orebaugh is an information security technologist, scientist, and author with a broad spectrum of expertise in information assurance. She synergizes her 15 years of hands-on experiences within industry, academia, and government to advise clients on information assurance strategy, management, and technologies.

Ms. Orebaugh is involved in several security initiatives with the National Institute of Standards and Technology (NIST), including technical Special Publications (800 series), the National Vulnerability Database (NVD), Security Content Automation Protocol (SCAP) project, and secure eVoting.

Ms. Orebaugh is an Adjunct Professor for George Mason University where she performs research and teaching in intrusion detection and forensics. She developed and teaches the Intrusion Detection curriculum, a core requirement for the Forensics program in the Department of Electrical and Computer Engineering. Her current research interests include peer-reviewed publications in the areas of intrusion detection and prevention, data mining, attacker profiling, user behavior analysis, and network forensics.

Ms. Orebaugh is the author of the Syngress best seller's Nmap in the Enterprise, Wireshark and Ethereal Network Protocol Analyzer Toolkit, and Ethereal Packet Sniffing. She has also co-authored the Snort Cookbook, Intrusion Prevention and Active Response, and How to Cheat at Configuring Open Source Security Tools. Angela is a frequent speaker at a variety of security conferences and technology events, including the SANS Institute and The Institute for Applied Network Security.

Ms. Orebaugh holds a Masters degree in Computer Science and a Bachelors degree in Computer Information Systems from James Madison University. She is currently completing her dissertation for her Ph.D. at George Mason University, with a concentration in Information Security.

Simon Biles is currently Director of Thinking Security Ltd. an Information Security Consultancy based near Oxford in the UK. The company deals with all aspects of InfoSec from Incident Response and Forensics through to ISO 27001 work. He is currently studying for his MSc in Forensic Computing at Shrivenham with Cranfield University. He holds a CISSP, is Certified as an ISO17799 Lead Auditor, is a Chartered IT Professional with the British Computer Society and is also a member of F3 - the UK's First Forensic Forum. Currently he is involved in a project to define and support best practices in Forensics - you can find out more about this at the Open Forensics Group.

Jake Babbin works as a contractor with a government agency filling the role of Intrusion Detection Team Lead. He has worked in both private industry as a security professional and in government space in a variety of IT security roles. He is a speaker at several IT security conferences and is a frequent assistant in SANS Security Essentials Bootcamp, Incident Handling and Forensics courses. Jake lives in Virginia.

Table of Contents

Preface vii
Installation and Optimization
1(50)
Installing Snort from Source on Unix
1(3)
Installing Snort Binaries on Linux
4(1)
Installing Snort on Solaris
5(2)
Installing Snort on Windows
7(5)
Uninstalling Snort from Windows
12(2)
Installing Snort on Mac OS X
14(2)
Uninstalling Snort from Linux
16(1)
Upgrading Snort on Linux
17(1)
Monitoring Multiple Network Interfaces
17(2)
Invisibly Tapping a Hub
19(1)
Invisibly Sniffing Between Two Network Points
19(2)
Invisibly Sniffing 100 MB Ethernet
21(1)
Sniffing Gigabit Ethernet
22(1)
Tapping a Wireless Network
23(1)
Positioning Your IDS Sensors
24(3)
Capturing and Viewing Packets
27(3)
Logging Packets That Snort Captures
30(3)
Running Snort to Detect Intrusions
33(2)
Reading a Saved Capture File
35(1)
Running Snort as a Linux Daemon
36(1)
Running Snort as a Windows Service
37(2)
Capturing Without Putting the Interface into Promiscuous Mode
39(1)
Reloading Snort Settings
39(1)
Debugging Snort Rules
40(1)
Building a Distributed IDS (Plain Text)
41(3)
Building a Distributed IDS (Encrypted)
44(7)
Logging, Alerts, and Output Plug-ins
51(39)
Logging to a File Quickly
51(1)
Logging Only Alerts
52(2)
Logging to a CSV File
54(2)
Logging to a Specific File
56(1)
Logging to Multiple Locations
56(2)
Logging in Binary
58(2)
Viewing Traffic While Logging
60(1)
Logging Application Data
61(2)
Logging to the Windows Event Viewer
63(1)
Logging Alerts to a Database
64(1)
Installing and Configuring MySQL
65(2)
Configuring MySQL for Snort
67(3)
Using PostgreSQL with Snort and ACID
70(4)
Logging in PCAP Format (TCPDump)
74(1)
Logging to Email
75(2)
Logging to a Pager or Cell Phone
77(1)
Optimizing Logging
78(2)
Reading Unified Logged Data
80(1)
Generating Real-Time Alerts
81(1)
Ignoring Some Alerts
82(1)
Logging to System Logfiles
82(1)
Fast Logging
83(1)
Logging to a Unix Socket
84(2)
Not Logging
86(1)
Prioritizing Alerts
87(1)
Capturing Traffic from a Specific TCP Session
88(1)
Killing a Specific Session
89(1)
Rules and Signatures
90(35)
How to Build Rules
90(4)
Keeping the Rules Up to Date
94(4)
Basic Rules You Shouldn't Leave Home Without
98(2)
Dynamic Rules
100(2)
Detecting Binary Content
102(1)
Detecting Malware
103(1)
Detecting Viruses
104(1)
Detecting IM
105(2)
Detecting P2P
107(3)
Detecting IDS Evasion
110(4)
Countermeasures from Rules
114(1)
Testing Rules
115(1)
Optimizing Rules
116(1)
Blocking Attacks in Real Time
117(1)
Suppressing Rules
118(1)
Thresholding Alerts
118(1)
Excluding from Logging
119(1)
Carrying Out Statistical Analysis
120(5)
Preprocessing: An Introduction
125(32)
Detecting Stateless Attacks and Stream Reassembly
126(5)
Detecting Fragmentation Attacks and Fragment Reassembly with Frag2
131(5)
Detecting and Normalizing HTTP Traffic
136(5)
Decoding Application Traffic
141(1)
Detecting Port Scans and Talkative Hosts
142(7)
Getting Performance Metrics
149(6)
Experimental Preprocessors
155(1)
Writing Your Own Preprocessor
156(1)
Administrative Tools
157(46)
Managing Snort Sensors
157(2)
Installing and Configuring IDScenter
159(8)
Installing and Configuring SnortCenter
167(6)
Installing and Configuring Snortsnarf
173(2)
Running Snortsnarf Automatically
175(1)
Installing and Configuring ACID
175(5)
Securing ACID
180(1)
Installing and Configuring Swatch
181(2)
Installing and Configuring Barnyard
183(1)
Administering Snort with IDS Policy Manager
184(6)
Integrating Snort with Webmin
190(6)
Administering Snort with Hen Wen
196(5)
Newbies Playing with Snort Using EagleX
201(2)
Log Analysis
203(22)
Generating Statistical Output from Snort Logs
203(4)
Generating Statistical Output from Snort Databases
207(1)
Performing Real-Time Data Analysis
208(4)
Generating Text-Based Log Analysis
212(2)
Creating HTML Log Analysis Output
214(1)
Tools for Testing Signatures
215(5)
Analyzing and Graphing Logs
220(3)
Analyzing Sniffed (Pcap) Traffic
223(1)
Writing Output Plug-ins
224(1)
Miscellaneous Other Uses
225(40)
Monitoring Network Performance
225(8)
Logging Application Traffic
233(1)
Recognizing HTTP Traffic on Unusual Ports
234(1)
Creating a Reactive IDS
235(3)
Monitoring a Network Using Policy-Based IDS
238(2)
Port Knocking
240(3)
Obfuscating IP Addresses
243(1)
Passive OS Fingerprinting
244(6)
Working with Honeypots and Honeynets
250(2)
Performing Forensics Using Snort
252(1)
Snort and Investigations
253(4)
Snort as Legal Evidence in the U.S.
257(1)
Snort as Evidence in the U.K.
258(2)
Snort as a Virus Detection Tool
260(3)
Staying Legal
263(2)
Index 265

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.