Snort Cookbook Solutions and Examples for Snort Administrators

Name: Snort Cookbook Solutions and Examples for Snort Administrators
Availability: InStock
ISBN: 9780596007911

ISBN-10: 0596007914

ISBN-13: 9780596007911

Edition: 2005

Authors: Angela Orebaugh, Simon Biles, Jacob Babbin

List price: $39.99

30 day, 100% satisfaction guarantee!

Buy used: $6.95

Buy new: $27.33

Marketplace

3 new & used from $7.61

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

If you are a network administrator, you're under a lot of pressure to ensure that mission-critical systems are completely safe from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is an essential--but often overwhelming--challenge. Snort, the defacto open source standard of intrusion detection tools, is capable of performing real-time traffic analysis and packet logging on IP network. It can perform protocol analysis, content searching, and matching. Snort can save countless headaches; the new "Snort Cookbook will save countless hours of…

Book details

List price: $39.99
Copyright year: 2005
Publisher: O'Reilly Media, Incorporated
Publication date: 4/19/2005
Binding: Paperback
Pages: 286
Size: 7.17" wide x 9.09" long x 0.61" tall
Weight: 0.990
Language: English

Angela Orebaugh (, GCIA, GCFW, GCIH, GSEC, CCNA) is a Senior Scientist in the Advanced Technology Research Center of Sytex, Inc. where she works with a specialized team to advance the state of the art in information systems security. She has over 10 years experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. She has a Masters in Computer Science, and is currently pursuing her Ph.D. with a concentration in Information Security at George Mason University.



Preface



Installation and Optimization



Installing Snort from Source on Unix



Installing Snort Binaries on Linux



Installing Snort on Solaris



Installing Snort on Windows



Uninstalling Snort from Windows



Installing Snort on Mac OS X



Uninstalling Snort from Linux



Upgrading Snort on Linux



Monitoring Multiple Network Interfaces



Invisibly Tapping a Hub



Invisibly Sniffing Between Two Network Points



Invisibly Sniffing 100 MB Ethernet



Sniffing Gigabit Ethernet



Tapping a Wireless Network



Positioning Your IDS Sensors



Capturing and Viewing Packets



Logging Packets That Snort Captures



Running Snort to Detect Intrusions



Reading a Saved Capture File



Running Snort as a Linux Daemon



Running Snort as a Windows Service



Capturing Without Putting the Interface into Promiscuous Mode



Reloading Snort Settings



Debugging Snort Rules



Building a Distributed IDS (Plain Text)



Building a Distributed IDS (Encrypted)



Logging, Alerts, and Output Plug-ins



Logging to a File Quickly



Logging Only Alerts



Logging to a CSV File



Logging to a Specific File



Logging to Multiple Locations



Logging in Binary



Viewing Traffic While Logging



Logging Application Data



Logging to the Windows Event Viewer



Logging Alerts to a Database



Installing and Configuring MySQL



Configuring MySQL for Snort



Using PostgreSQL with Snort and ACID



Logging in PCAP Format (TCPDump)



Logging to Email



Logging to a Pager or Cell Phone



Optimizing Logging



Reading Unified Logged Data



Generating Real-Time Alerts



Ignoring Some Alerts



Logging to System Logfiles



Fast Logging



Logging to a Unix Socket



Not Logging



Prioritizing Alerts



Capturing Traffic from a Specific TCP Session



Killing a Specific Session



Rules and Signatures



How to Build Rules



Keeping the Rules Up to Date



Basic Rules You Shouldn't Leave Home Without



Dynamic Rules



Detecting Binary Content



Detecting Malware



Detecting Viruses



Detecting IM



Detecting P2P



Detecting IDS Evasion



Countermeasures from Rules



Testing Rules



Optimizing Rules



Blocking Attacks in Real Time



Suppressing Rules



Thresholding Alerts



Excluding from Logging



Carrying Out Statistical Analysis



Preprocessing: An Introduction



Detecting Stateless Attacks and Stream Reassembly



Detecting Fragmentation Attacks and Fragment Reassembly with Frag2



Detecting and Normalizing HTTP Traffic



Decoding Application Traffic



Detecting Port Scans and Talkative Hosts



Getting Performance Metrics



Experimental Preprocessors



Writing Your Own Preprocessor



Administrative Tools



Managing Snort Sensors



Installing and Configuring IDScenter



Installing and Configuring SnortCenter



Installing and Configuring Snortsnarf



Running Snortsnarf Automatically



Installing and Configuring ACID



Securing ACID



Installing and Configuring Swatch



Installing and Configuring Barnyard



Administering Snort with IDS Policy Manager



Integrating Snort with Webmin



Administering Snort with HenWen



Newbies Playing with Snort Using EagleX



Log Analysis



Generating Statistical Output from Snort Logs



Generating Statistical Output from Snort Databases



Performing Real-Time Data Analysis



Generating Text-Based Log Analysis



Creating HTML Log Analysis Output



Tools for Testing Signatures



Analyzing and Graphing Logs



Analyzing Sniffed (Pcap) Traffic



Writing Output Plug-ins



Miscellaneous Other Uses



Monitoring Network Performance



Logging Application Traffic



Recognizing HTTP Traffic on Unusual Ports



Creating a Reactive IDS



Monitoring a Network Using Policy-Based IDS



Port Knocking



Obfuscating IP Addresses



Passive OS Fingerprinting



Working with Honeypots and Honeynets



Performing Forensics Using Snort



Snort and Investigations



Snort as Legal Evidence in the U.S.



Snort as Evidence in the U.K.



Snort as a Virus Detection Tool



Staying Legal


Index