Text

Intrusion detection with snort

---

Table of contents

Copyright
About the Author
Acknowledgments
We Want to Hear from You!
Reader Services

Introduction

Intrusion Detection Primer
IDSs Come in Different Flavors
Methods of Detecting Intrusions
Origin of Attacks
Orchestrating an Attack
The IDS Reality
Summary

Network Intrusion Detection with Snort
Snort's Specifications
Detecting Suspicious Traffic via Signatures
Detecting Suspicious Traffic via Heuristics
Gathering Intrusion Data
Alerting via Output Plug-ins
Prioritizing Alerts
Distributed Snort Architecture
Securing Snort
Shortcomings
Summary

Dissecting Snort
Feeding Snort Packets with Libpcap
Preprocessors
The Detection Engine
Output Plugins
Summary

Planning for the Snort Installation
Defining an IDS Policy
Deciding What to Monitor
Designing Your Snort Architecture
Planning for Maintenance
Incident Response Plan
Responding to an Incident
Restoring to a Normal State
Summary

The Foundation—Hardware and Operating Systems
Hardware Performance Metrics
Picking a Platform
The Monitoring Segment
Distributing Traffic to Multiple Sensors
Summary

Building the Server
Installation Guide Notes
Red Hat Linux 7.3
Post-Installation Tasks
Installing the Snort Server Components
Summary

Building the Sensor
Installation Guide Notes
Installing the Snort Sensor Components
Installing Snort
Implementing Barnyard
Summary
Building the Analyst's Console
Windows
Linux
Testing the Console
Working with ACID
Summary

Additional Installation Methods
The Hybrid Server/Sensor
Snort on OpenBSD
Snort on Windows
Summary

Tuning and Reducing False Positives
Pre-Tuning Activities
Tuning the Network for Snort
Filtering Traffic with Snort
Tuning the Preprocessors
Refining the Ruleset
Organize Your Rules
Designing a Targeted Ruleset
Tuning MySQL
Tuning ACID
Summary

Real-Time Alerting
An Overview of Real-Time Alerting with Snort
Prioritization of Alerts
Alerting with the Hybrid
Alerting with Distributed Snort
Summary

Basic Rule Writing
Fundamental Rule Writing Concepts
Rule Syntax
Writing Rules
Summary

Upgrading and Maintaining Snort
Choosing a Snort Management Application
IDS Policy Manager
SnortCenter
Upgrading Snort
Summary

Advanced Topics in Intrusion Prevention
A Warning Concerning Intrusion Prevention
Planning an Intrusion Prevention Strategy
Snort Inline Patch
SnortSam
Summary

Troubleshooting
Snort Issues
ACID Issues
IDS Strategy

Rule Documentation
Not Suspicious Traffic
Unknown Traffic
Potentially Bad Traffic
Attempted Information Leak
Attempted Denial of Service
Attempted User Privilege Gain
Unsuccessful User Privilege Gain
Attempted Administrator Privilege Gain
Successful Administrator Privilege Gain
Index

---

Availability

Detail Information

Series Title

-

Call Number

005.8 KOZ i

Publisher

Indianapolis : Sams Publishing., 2003

Collation

xx, 360 hlm; 23 cm

Language

English

ISBN/ISSN

9781578702817

Classification

005.8

Content Type

-

Media Type

-

Carrier Type

-

Edition

-

Subject(s)

Computer security
Computer networks--Security measures.
Computers--Access control.

Specific Detail Info

-

Statement of Responsibility

Jack Koziol

Other version/related

File Attachment

Comments

---

You must be logged in to post a comment