Snort Intrusion Detection and Prevention Toolkit -  Andrew Baker,  Jay Beale,  Brian Caswell

Snort Intrusion Detection and Prevention Toolkit (eBook)

eBook Download: EPUB
2007 | 1. Auflage
768 Seiten
Elsevier Science (Verlag)
978-0-08-054927-9 (ISBN)
Systemvoraussetzungen
39,87 inkl. MwSt
  • Download sofort lieferbar
  • Zahlungsarten anzeigen
This all new book covering the brand new Snort version 2.6 from members of the Snort developers team.
This fully integrated book and Web toolkit covers everything from packet inspection to optimizing Snort for speed to using the most advanced features of Snort to defend even the largest and most congested enterprise networks. Leading Snort experts Brian Caswell, Andrew Baker, and Jay Beale analyze traffic from real attacks to demonstrate the best practices for implementing the most powerful Snort features.
The companion material contains examples from real attacks allowing readers test their new skills. The book will begin with a discussion of packet inspection and the progression from intrusion detection to intrusion prevention. The authors provide examples of packet inspection methods including: protocol standards compliance, protocol anomaly detection, application control, and signature matching. In addition, application-level vulnerabilities including Binary Code in HTTP headers, HTTP/HTTPS Tunneling, URL Directory Traversal, Cross-Site Scripting, and SQL Injection will also be analyzed. Next, a brief chapter on installing and configuring Snort will highlight various methods for fine tuning your installation to optimize Snort performance including hardware/OS selection, finding and eliminating bottlenecks, and benchmarking and testing your deployment. A special chapter also details how to use Barnyard to improve the overall performance of Snort. Next, best practices will be presented allowing readers to enhance the performance of Snort for even the largest and most complex networks. The next chapter reveals the inner workings of Snort by analyzing the source code. The next several chapters will detail how to write, modify, and fine-tune basic to advanced rules and pre-processors. Detailed analysis of real packet captures will be provided both in the book and the companion material. Several examples for optimizing output plugins will then be discussed including a comparison of MySQL and PostrgreSQL. Best practices for monitoring Snort sensors and analyzing intrusion data follow with examples of real world attacks using: ACID, BASE, SGUIL, SnortSnarf, Snort_stat.pl, Swatch, and more.
The last part of the book contains several chapters on active response, intrusion prevention, and using Snort's most advanced capabilities for everything from forensics and incident handling to building and analyzing honey pots. Data from real world attacks will be presented throughout this part as well as on the companion website, http://booksite.elsevier.com/9781597490993/
  • This fully integrated book and Web toolkit covers everything all in one convenient package
  • It is authored by members of the Snort team and it is packed full of their experience and expertise
  • Includes full coverage of the brand new Snort version 2.6, packed full of all the latest information
  • Companion website at http://booksite.elsevier.com/9781597490993/ contains all companion material

This all new book covering the brand new Snort version 2.6 from members of the Snort developers team.This fully integrated book and Web toolkit covers everything from packet inspection to optimizing Snort for speed to using the most advanced features of Snort to defend even the largest and most congested enterprise networks. Leading Snort experts Brian Caswell, Andrew Baker, and Jay Beale analyze traffic from real attacks to demonstrate the best practices for implementing the most powerful Snort features. The book will begin with a discussion of packet inspection and the progression from intrusion detection to intrusion prevention. The authors provide examples of packet inspection methods including: protocol standards compliance, protocol anomaly detection, application control, and signature matching. In addition, application-level vulnerabilities including Binary Code in HTTP headers, HTTP/HTTPS Tunneling, URL Directory Traversal, Cross-Site Scripting, and SQL Injection will also be analyzed. Next, a brief chapter on installing and configuring Snort will highlight various methods for fine tuning your installation to optimize Snort performance including hardware/OS selection, finding and eliminating bottlenecks, and benchmarking and testing your deployment. A special chapter also details how to use Barnyard to improve the overall performance of Snort. Next, best practices will be presented allowing readers to enhance the performance of Snort for even the largest and most complex networks. The next chapter reveals the inner workings of Snort by analyzing the source code. The next several chapters will detail how to write, modify, and fine-tune basic to advanced rules and pre-processors. Detailed analysis of real packet captures will be provided both in the book and the companion material. Several examples for optimizing output plugins will then be discussed including a comparison of MySQL and PostrgreSQL. Best practices for monitoring Snort sensors and analyzing intrusion data follow with examples of real world attacks using: ACID, BASE, SGUIL, SnortSnarf, Snort_stat.pl, Swatch, and more.The last part of the book contains several chapters on active response, intrusion prevention, and using Snort's most advanced capabilities for everything from forensics and incident handling to building and analyzing honey pots. - This fully integrated book and Web toolkit covers everything all in one convenient package- It is authored by members of the Snort team and it is packed full of their experience and expertise- Includes full coverage of the brand new Snort version 2.6, packed full of all the latest information

Front Cover 1
Snort® IDS and IPS Toolkit 4
Copyright Page 5
Contents 18
Foreword 34
Chapter 1. Intrusion Detection Systems 36
Introduction 37
What Is Intrusion Detection? 37
How an IDS Works 43
Why Are Intrusion Detection Systems Important? 50
What Else Can You Do with Intrusion Detection Systems? 58
What About Intrusion Prevention? 60
Summary 62
Solutions Fast Track 62
Frequently Asked Questions 65
Chapter 2. Introducing Snort 2.6 66
Introduction 67
What Is Snort? 68
What's New in Snort 2.6 70
Snort System Requirements 72
Exploring Snort's Features 74
Using Snort on Your Network 82
Security Considerations with Snort 97
Summary 100
Solutions Fast Track 100
Frequently Asked Questions 102
Chapter 3. Installing Snort 2.6 104
Introduction 105
Choosing the Right OS 105
Hardware Platform Considerations 125
Installing Snort 133
Configuring Snort 143
Testing Snort 156
Maintaining Snort 161
Updating Snort 162
Summary 164
Solutions Fast Track 164
Frequently Asked Questions 166
Chapter 4. Configuring Snort and Add-Ons 168
Placing Your NIDS 169
Configuring Snort on a Windows System 171
Configuring Snort on a Linux System 188
Other Snort Add-Ons 201
Demonstrating Effectiveness 204
Summary 206
Solutions Fast Track 206
Frequently Asked Questions 208
Chapter 5. Inner Workings 210
Introduction 211
Snort Initialization 211
Snort Packet Processing 214
Inside the Detection Engine 224
The Dynamic Detection Engine 231
Summary 256
Solutions Fast Track 256
Frequently Asked Questions 258
Chapter 6. Preprocessors 260
Introduction 261
What Is a Preprocessor? 261
Preprocessor Options for Reassembling Packets 262
Preprocessor Options for Decoding and Normalizing Protocols 286
Preprocessor Options for Nonrule or Anomaly-Based Detection 302
Dynamic Preprocessors 312
Experimental Preprocessors 323
Summary 325
Solutions Fast Track 326
Frequently Asked Questions 327
Chapter 7. Playing by the Rules 330
Introduction 331
What Is a Rule? 331
Understanding Rules 337
Other Advanced Options 349
Ordering for Performance 352
Thresholding 353
Suppression 355
Packet Analysis 356
Rules for Vulnerabilities, Not Exploits 356
A Rule: Start to Finish 357
Rules of Note 361
Stupid Rule Tricks 364
Keeping Rules Up to Date 367
Summary 375
Solutions Fast Track 375
Frequently Asked Questions 376
Chapter 8. Snort Output Plug-Ins 378
Introduction 379
What Is an Output Plug-In? 380
Exploring Snort's Output Plug-In Options 382
Writing Your Own Output Plug-In 405
Troubleshooting Output Plug-In Problems 431
Add-On Tools 433
Summary 441
Solutions Fast Track 442
Frequently Asked Questions 443
Chapter 9. Exploring IDS Event Analysis, Snort Style 446
Introduction 447
What Is Data Analysis? 447
Data Analysis Tools 458
Analyzing Snort Events 511
Reporting Snort Events 525
Summary 528
Solutions Fast Track 529
Frequently Asked Questions 531
Chapter 10. Optimizing Snort 534
Introduction 535
How Do I Choose the Hardware to Use? 535
How Do I Choose the Operating System to Use? 544
Speeding Up Snort 551
Cranking Up the Database 558
Benchmarking and Testing the Deployment 561
Summary 586
Solutions Fast Track 587
Frequently Asked Questions 589
Chapter 11. Active Response 592
Introduction 593
Active Response versus Intrusion Prevention 593
SnortSam 605
Fwsnort 621
snort_Inline 639
Summary 652
Solutions Fast Track 652
Frequently Asked Questions 654
Chapter 12. Advanced Snort 656
Introduction 657
Monitoring the Network 657
Configuring Channel Bonding for Linux 658
Snort Rulesets 659
Plug-Ins 663
Preprocessor Plug-Ins 664
Detection Plug-Ins 671
Output Plug-Ins 672
Snort Inline 673
Solving Specific Security Requirements 673
Summary 677
Solutions Fast Track 677
Frequently Asked Questions 679
Chapter 13. Mucking Around with Barnyard 680
Introduction 681
What Is Barnyard? 682
Understanding the Snort Unified Files 682
Installing Barnyard 688
Configuring Barnyard 691
Understanding the Output Plug-Ins 699
Running Barnyard in Batch-Processing Mode 716
Using the Continual-Processing Mode 721
Deploying Barnyard 726
Writing a New Output Plug-In 732
Secret Capabilities of Barnyard 744
Summary 745
Solutions Fast Track 745
Frequently Asked Questions 749
Index 752
GNU General Public License 766

Erscheint lt. Verlag 11.4.2007
Sprache englisch
Themenwelt Sachbuch/Ratgeber
Informatik Netzwerke Sicherheit / Firewall
Informatik Theorie / Studium Kryptologie
Wirtschaft Betriebswirtschaft / Management
ISBN-10 0-08-054927-6 / 0080549276
ISBN-13 978-0-08-054927-9 / 9780080549279
Haben Sie eine Frage zum Produkt?
EPUBEPUB (Adobe DRM)

Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM

Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belle­tristik und Sach­büchern. Der Fließ­text wird dynamisch an die Display- und Schrift­größe ange­passt. Auch für mobile Lese­geräte ist EPUB daher gut geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine Adobe-ID und die Software Adobe Digital Editions (kostenlos). Von der Benutzung der OverDrive Media Console raten wir Ihnen ab. Erfahrungsgemäß treten hier gehäuft Probleme mit dem Adobe DRM auf.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine Adobe-ID sowie eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Mehr entdecken
aus dem Bereich
Das Praxishandbuch zu Krisenmanagement und Krisenkommunikation

von Holger Kaschner

eBook Download (2024)
Springer Fachmedien Wiesbaden (Verlag)
34,99
Methodische Kombination von IT-Strategie und IT-Reifegradmodell

von Markus Mangiapane; Roman P. Büchler

eBook Download (2024)
Springer Vieweg (Verlag)
42,99