contact contact contact
  Articles | Editorials | Reviews | InfoSec Directory | News | Press Releases
"Snort Cookbook": Solutions and Examples for Snort Administrators
Publication date: Wednesday, 20 April 2005

Sebastopol, CA--The principles of securing a computer system are no different than those of securing any other system, contend Angela Orebaugh, Simon Biles, and Jacob Babbin, authors of the new Snort Cookbook (O'Reilly, US $39.95). For example, if you're building a castle, you'll install a moat and high walls. You may also add a perimeter wall and keep for two additional layers of security. "But at the end of the day, you still need a way for supplies and people to get in and out," they note. "To make this part of your castle secure, you post watchmen, guards, and soldiers to ensure that only those who should be are getting in." Physical security in a company is similar, complete with locked doors, pass cards, and security guards.

But in securing a computer system, this final layer of security is frequently overlooked. "Too often people assume that the perimeter protection of the firewall is sufficient to keep all attackers at bay, not considering that attackers might just walk over the bridge through the front gate," Orebaugh, Biles, and Babbin remind readers. "Attackers don't kick down the door, they walk through it pretending to be someone else."

An intrusion detection system (IDS) doesn't exist to check the identity of people coming through the firewall, but to keep an eye out for behavior that's against the rules, rather like the security guard who watches to see if someone is tampering with the lock on the door marked "Private." Snort, the de facto open source standard of IDS, is capable of performing real-time traffic analysis and packet logging on IP networks. It conducts protocol analysis, content searching, and matching. Snort is the security guard placed on the network to make sure it stays secure.

The Snort Cookbook covers important issues that system administrators and security professionals deal with every day, saving them countless hours of sifting through dubious online advice or wordy tutorials to make use of the full power of Snort. Presented in the popular problem-solution-discussion format of O'Reilly cookbooks, each recipe contains a clear and thorough description of the problem, a concise but complete discussion of a solution, and real-world examples that illustrate that solution. Topics include:

-Rules and signatures
-Detecting viruses
-Detecting common attacks
-Log analysis

But the Snort Cookbook offers more than quick cut-and-paste solutions to frustrating security issues. Those who learn best in the trenches--but don't have the hours to spare to hunt down best-practice snippets of advice--will find solutions to immediate problems in this ultimate Snort sourcebook. Its tips and tricks will help readers deploy Snort like security gurus--and still have time to have a life.

SecurityWatch - 24x7 advisory and vulnerability automated monitoring service.

GFI LANguard Network Security Scanner - Network-wide security vulnerability scanning & fixing - Free version available.

Network Security Software - Sponsored by GFI Network Security.

InfoSec Directory
» Smart-Phone Attacks and Defenses
» Preventing Spyware Infestation
» Preliminary study: Bluetooth Security
» An initiative extending SMTP to include email sender identity and reputation
» Identity Assurance in a Virtual World
Latest Press Releases
» Kavado Announces Defiance Risk Management System (RMS) to Support Compliance Reporting for Web Applications Security
» The Middleburgh Telephone Company Chooses Motorola’s Multi-Service Access Platform to Deliver Next Generation Triple-Play Services
» Keynesis Ltd. Announces the Release of Lockngo Professional Version 3.0
» Customises SHOUT Family to Deliver VoIP Migration Appliance (VMA)
» Free Vulnerability Scan Now Available for SANS Top 20 Quarterly Update
» WiFi Manager Integrates Support For DLINK, SMC, LINKSYS and Nomadix Wireless devic
More Articles
» Understanding Rich Internet Applications
» Voice and Data Convergence - a Vendor’s Perspective
» Making Firewall Do the Work: Stateful Packet Inspection
» Four Things You Must Know Before Deploying Wireless LANs
» Put spyware on the security map
 Copyright © 2000 - 2005 eBCVG IT Security Affiliates :: RSS feeds :: Privacy 
Site Meter