Intrusion Detection with SNORT - Rafeeq Ur Rehman

Intrusion Detection with SNORT

Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID
Buch | Softcover
288 Seiten
2003
Prentice Hall (Verlag)
978-0-13-140733-6 (ISBN)
41,65 inkl. MwSt
  • Titel ist leider vergriffen;
    keine Neuauflage
  • Artikel merken
Explains and simplifies various aspects of deploying and managing Snort in your network. You'll discover how to monitor your network traffic in real time; update Snort to reflect security threats; automate and analyze Snort alerts; and more. The author's custom scripts integrate Snort with Apache, MySQL, PHP, and ACID.
Network security has become an important part of corporate IT strategy and safeguarding all the nooks and crannies of your network can be timely and expensive. This book provides information about how to use free Open Source tools to build and manage an Intrusion Detection System. Rehman provides detailed information about using SNORT as an IDS and using Apache, MySQL, PHP and ACID to analyze intrusion data. The book contains custom scripts, real-life examples for SNORT, and to-the-point information about installing SNORT IDS so readers can build and run their sophisticated intrusion detection systems.SNORT is your network's packet sniffer that monitors network traffic in real time, scrutinizing each packet closely to detect a dangerous payload or suspicious anomalies.NSS Group, a European network security testing organization, tested SNORT along with intrusion detection system (IDS) products from 15 major vendors including Cisco, Computer Associates, and Symantec. According to NSS, SNORT, which was the sole Open Source freeware product tested, clearly outperformed the proprietary products.Part of the Bruce Perens' Open Source Series

RAFEEQ UR REHMAN is founding director of Argus Network Security Services, Inc. He is an HP Certified System Administrator and CCNA with more than nine years' experience in UNIX and network administration, as well as C and database programming. His books include The Linux Development Platform; Solaris 8 Training Guide (310-043): Network Administrator Certification; and HP Certified: HP-UX System Administration. He is a contributing writer for SysAdmin Journal and Linux Journal.

1. Introduction to Intrusion Detection and Snort.


What is Intrusion Detection? IDS Policy. Components of Snort. Dealing with Switches. TCP Stream Follow Up. Supported Platforms. How to Protect IDS Itself. References.



2. Installing Snort and Getting Started.


Snort Installation Scenarios. Installing Snort. Running Snort on Multiple Network Interfaces. Snort Command Line Options. Step-By-Step Procedure to Compile and Install Snort From Source Code. Location of Snort Files. Snort Modes. Snort Alert Modes. Running Snort in Stealth Mode. References.



3. Working with Snort Rules.


TCP/IP Network Layers. The First Bad Rule. CIDR. Structure of a Rule. Rule Headers. Rule Options. The Snort Configuration File. Order of Rules Based upon Action. Automatically Updating Snort Rules. Default Snort Rules and Classes. Sample Default Rules. Writing Good Rules. References.



4. Plugins, Preprocessors and Output Modules.


Preprocessors. Output Modules. Using BPF Fileters. References.



5. Using Snort with MySQL.


Making Snort Work with MySQL. Secure Logging to Remote Databases Securely Using Stunnel. Snort Database Maintenance. References.



6. Using ACID and SnortSnarf with Snort.


What is ACID? Installation and Configuration. Using ACID. SnortSnarf. Barnyard. References.



7. Miscellaneous Tools.


SnortSam. IDS Policy Manager. Securing the ACID Web Console. Easy IDS. References.



Appendix A: Introduction to tcpdump.


Appendix B: Getting Started with MySQL.


Appendix C: Packet Header Formats.


Appendix D: Glossary.


Appendix E: SNML DTD.


Index.

Erscheint lt. Verlag 22.5.2003
Verlagsort Upper Saddle River
Sprache englisch
Maße 234 x 178 mm
Gewicht 458 g
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Informatik Theorie / Studium Kryptologie
ISBN-10 0-13-140733-3 / 0131407333
ISBN-13 978-0-13-140733-6 / 9780131407336
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
28,00