Network security has become an important part of corporate IT strategy and safeguarding all the nooks and crannies of your network can be timely and expensive. This book provides information about how to use free Open Source tools to build and manage an Intrusion Detection System. Rehman provides detailed information about using SNORT as an IDS and using Apache, MySQL, PHP and ACID to analyze intrusion data. The book contains custom scripts, real-life examples for SNORT, and to-the-point information about installing SNORT IDS so readers can build and run their sophisticated intrusion detection systems.SNORT is your network's packet sniffer that monitors network traffic in real time, scrutinizing each packet closely to detect a dangerous payload or suspicious anomalies.NSS Group, a European network security testing organization, tested SNORT along with intrusion detection system (IDS) products from 15 major vendors including Cisco, Computer Associates, and Symantec. According to NSS, SNORT, which was the sole Open Source freeware product tested, clearly outperformed the proprietary products.Part of the Bruce Perens' Open Source Series
To facilitate your exploration of Snort, we are providing links to the online resources listed in the reference section at the end of each chapter.
Download the Sample Chapter related to this title.
1. Introduction to Intrusion Detection and Snort.
What is Intrusion Detection? IDS Policy. Components of Snort. Dealing with Switches. TCP Stream Follow Up. Supported Platforms. How to Protect IDS Itself. References.
Snort Installation Scenarios. Installing Snort. Running Snort on Multiple Network Interfaces. Snort Command Line Options. Step-By-Step Procedure to Compile and Install Snort From Source Code. Location of Snort Files. Snort Modes. Snort Alert Modes. Running Snort in Stealth Mode. References.
TCP/IP Network Layers. The First Bad Rule. CIDR. Structure of a Rule. Rule Headers. Rule Options. The Snort Configuration File. Order of Rules Based upon Action. Automatically Updating Snort Rules. Default Snort Rules and Classes. Sample Default Rules. Writing Good Rules. References.
Preprocessors. Output Modules. Using BPF Fileters. References.
Making Snort Work with MySQL. Secure Logging to Remote Databases Securely Using Stunnel. Snort Database Maintenance. References.
What is ACID? Installation and Configuration. Using ACID. SnortSnarf. Barnyard. References.
SnortSam. IDS Policy Manager. Securing the ACID Web Console. Easy IDS. References.
Download the Index
file related to this title.