"Snort Cookbook": Solutions and Examples for Snort Administrators
Publication date: Wednesday, 20 April 2005
Sebastopol, CA--The principles of securing a computer system are no different than those of securing any other system, contend Angela Orebaugh, Simon Biles, and Jacob Babbin, authors of the new Snort Cookbook (O'Reilly, US $39.95). For example, if you're building a castle, you'll install a moat and high walls. You may also add a perimeter wall and keep for two additional layers of security. "But at the end of the day, you still need a way for supplies and people to get in and out," they note. "To make this part of your castle secure, you post watchmen, guards, and soldiers to ensure that only those who should be are getting in." Physical security in a company is similar, complete with locked doors, pass cards, and security guards.
But in securing a computer system, this final layer of security is frequently overlooked. "Too often people assume that the perimeter protection of the firewall is sufficient to keep all attackers at bay, not considering that attackers might just walk over the bridge through the front gate," Orebaugh, Biles, and Babbin remind readers. "Attackers don't kick down the door, they walk through it pretending to be someone else."
An intrusion detection system (IDS) doesn't exist to check the identity of people coming through the firewall, but to keep an eye out for behavior that's against the rules, rather like the security guard who watches to see if someone is tampering with the lock on the door marked "Private." Snort, the de facto open source standard of IDS, is capable of performing real-time traffic analysis and packet logging on IP networks. It conducts protocol analysis, content searching, and matching. Snort is the security guard placed on the network to make sure it stays secure.
The Snort Cookbook covers important issues that system administrators and security professionals deal with every day, saving them countless hours of sifting through dubious online advice or wordy tutorials to make use of the full power of Snort. Presented in the popular problem-solution-discussion format of O'Reilly cookbooks, each recipe contains a clear and thorough description of the problem, a concise but complete discussion of a solution, and real-world examples that illustrate that solution. Topics include:
-Rules and signatures
-Detecting common attacks
But the Snort Cookbook offers more than quick cut-and-paste solutions to frustrating security issues. Those who learn best in the trenches--but don't have the hours to spare to hunt down best-practice snippets of advice--will find solutions to immediate problems in this ultimate Snort sourcebook. Its tips and tricks will help readers deploy Snort like security gurus--and still have time to have a life.