Snort 2.0 intrusion detection. (2003)
- Record Type:
- Book
- Title:
- Snort 2.0 intrusion detection. (2003)
- Main Title:
- Snort 2.0 intrusion detection
- Further Information:
- Note: Jay Beale, James C. Foster.
- Other Names:
- Beale, Jay
Foster, James C - Contents:
- Foreword; ; Chapter 1 Intrusion Detection Systems; ; Introduction; ; What Is Intrusion Detection; ; Network IDS; ; Host-Based IDS; ; Distributed IDS; ; A Trilogy of Vulnerabilities; ; Directory Traversal Vulnerability; ; CodeRed Worm; ; Nimda Worm; ; What Is an Intrusion; ; Using Snort to Catch Intrusions; ; Why Are Intrusion Detection Systems Important; ; Why Are Attackers Interested in Me; ; Where Does an IDS Fit with the Rest of My Security Plan; ; Doesn’t My Firewall Serve as an IDS; ; Where Else Should I Be Looking for Intrusions; ; What Else Can Be Done with Intrusion Detection; ; Monitoring Database Access; ; Monitoring DNS Functions; ; E-Mail Server Protection; ; Using an IDS to Monitor My Company Policy; ; Summary; ; Solutions Fast Track; ; Frequently Asked Questions; ; Chapter 2 Introducing Snort 2.0; ; Introduction; ; What Is Snort; ; Snort System Requirements; ; Hardware; ; Exploring Snort’s Features; ; Packet Sniffer; ; Preprocessor; ; Detection Engine; ; Alerting/Logging Component; ; Using Snort on Your Network; ; Snort’s Uses; ; Snort and Your Network Architecture; ; Pitfalls When Running Snort; ; Security Considerations with Snort; ; Snort Is Susceptible to Attacks; ; Securing Your Snort System; ; Summary; ; Solutions Fast Track; ; Frequently Asked Questions; ; Chapter 3 Installing Snort; ; Introduction ; ; A Brief Word about Linux Distributions; ; Debian; ; Slackware; ; Gentoo; ; Installing PCAP; ; Installing libpcap from Source; ; Installing libpcap fromForeword; ; Chapter 1 Intrusion Detection Systems; ; Introduction; ; What Is Intrusion Detection; ; Network IDS; ; Host-Based IDS; ; Distributed IDS; ; A Trilogy of Vulnerabilities; ; Directory Traversal Vulnerability; ; CodeRed Worm; ; Nimda Worm; ; What Is an Intrusion; ; Using Snort to Catch Intrusions; ; Why Are Intrusion Detection Systems Important; ; Why Are Attackers Interested in Me; ; Where Does an IDS Fit with the Rest of My Security Plan; ; Doesn’t My Firewall Serve as an IDS; ; Where Else Should I Be Looking for Intrusions; ; What Else Can Be Done with Intrusion Detection; ; Monitoring Database Access; ; Monitoring DNS Functions; ; E-Mail Server Protection; ; Using an IDS to Monitor My Company Policy; ; Summary; ; Solutions Fast Track; ; Frequently Asked Questions; ; Chapter 2 Introducing Snort 2.0; ; Introduction; ; What Is Snort; ; Snort System Requirements; ; Hardware; ; Exploring Snort’s Features; ; Packet Sniffer; ; Preprocessor; ; Detection Engine; ; Alerting/Logging Component; ; Using Snort on Your Network; ; Snort’s Uses; ; Snort and Your Network Architecture; ; Pitfalls When Running Snort; ; Security Considerations with Snort; ; Snort Is Susceptible to Attacks; ; Securing Your Snort System; ; Summary; ; Solutions Fast Track; ; Frequently Asked Questions; ; Chapter 3 Installing Snort; ; Introduction ; ; A Brief Word about Linux Distributions; ; Debian; ; Slackware; ; Gentoo; ; Installing PCAP; ; Installing libpcap from Source; ; Installing libpcap from RPM; ; Installing Snort; ; Installing Snort from Source; ; Customizing Your Installation: Editing the snort.conf File; ; Installing Snort from RPM; ; Installation on the Microsoft Windows Platform; ; Installing Bleeding-Edge Versions of Snort; ; Summary; ; Solutions Fast Track; ; Frequently Asked Questions; ; Chapter 4 Snort: The Inner Workings; ; Introduction; ; Snort Components; ; Capturing Network Traffic; ; Packet Sniffing; ; Decoding Packets; ; Storage of Packets; ; Processing Packets 101; ; Preprocessors ; ; Understanding Rule Parsing and Detection Engines; ; Rules Builder; ; Detection Plug-Ins; ; Output and Logs; ; Snort as a Quick Sniffer; ; Intrusion Detection Mode; ; Snort for Honeypot Capture and Analysis; ; Logging to Databases; ; Alerting Using SNMP; ; Barnyard and Unified Output; ; Summary; ; Solutions Fast Track; ; Frequently Asked Questions; ; Chapter 5 Playing by the Rules; ; Introduction; ; Understanding Configuration Files; ; Defining and Using Variables; ; Including Rule Files; ; The Rule Header; ; Rule Action Options; ; Supported Protocols; ; Assigning Source and Destination IP Addresses to Rules; ; Assigning Source and Destination Ports; ; Understanding Direction Operators; ; Activate and Dynamic Rule Characteristics; ; The Rule Body; ; Rule Content; ; Components of a Good Rule; ; Action Events; ; Ensuring Proper Content; ; Merging Subnet Masks; ; Testing Your Rules; ; Stress Tests; ; Individual Snort Rule Tests; ; Berkeley Packet Filter Tests; ; Tuning Your Rules; ; Configuring Rule Variables; ; Disabling Rules; ; Berkeley Packet Filters; ; Summary; ; Solutions Fast Track; ; Frequently Asked Questions; ; Chapter 6 Preprocessors; ; Introduction; ; What Is a Preprocessor; ; Preprocessor Options for Reassembling Packets; ; The stream4 Preprocessor; ; frag2-Fragment Reassembly and Attack Detection; ; Preprocessor Options for Decoding and Normalizing Protocols; ; Telnet Negotiation; ; HTTP Normalization; ; rpc_decode; ; Preprocessor Options for Nonrule or Anomaly-Based Detection; ; portscan; ; Back Orifice; ; General Nonrule-Based Detection; ; Experimental Preprocessors; ; arpspoof; ; asn1_decode; ; fnord; ; portscan2 and conversation; ; perfmonitor; ; Writing Your Own Preprocessor; ; Reassembling Packets; ; Decoding Protocols; ; Nonrule or Anomaly-Based Detection; ; Setting Up My Preprocessor; ; What Am I Given by Snort; ; Adding the Preprocessor into Snort; ; Summary; ; Solutions Fast Track; ; Frequently Asked Questions; ; Chapter 7 Implementing Snort Output Plug-Ins; ; Introduction; ; What Is an Output Plug-In; ; Key Components of an Output Plug-In; ; Exploring Output Plug-In Options; ; Default Logging; ; Syslog; ; PCAP Logging; ; Snortdb; ; Unified Logs; ; Writing Your Own Output Plug-In; ; Why Should I Write an Output Plug-In; ; Setting Up My Output Plug-In; ; Dealing with Snort Output; ; Summary; ; Solutions Fast Track; ; Frequently Asked Questions; ; Chapter 8 Exploring the Data Analysis Tools; ; Introduction; ; Using Swatch; ; Performing a Swatch Installation; ; Configuring Swatch; ; Using Swatch; ; Using ACID; ; Installing ACID; ; Configuring ACID; ; Using ACID; ; Using SnortSnarf; ; Installing SnortSnarf; ; Configuring Snort to Work with SnortSnarf; ; Basic Usage of SnortSnarf; ; Using IDScenter; ; Installing IDScenter; ; Configuring IDScenter; ; Basic Usage of IDScenter; ; Summary; ; Solutions Fast Track; ; Frequently Asked Questions; ; Chapter 9 Keeping Everything Up to Date; ; Introduction; ; Applying Patches; ; Updating Rules; ; How Are the Rules Maintained; ; How Do I Get Updates to the Rules; ; How Do I Merge These Changes; ; Testing Rule Upda … (more)
- Publisher Details:
- Place of publication not identified : Syngress
- Publication Date:
- 2003
- Extent:
- 1 online resource (550 pages)
- Subjects:
- 005.8
Intrusion detection systems (Computer security)
Computer security
Computer security
Intrusion detection systems (Computer security)
Snort 2.0
Snort 2.0 - Languages:
- English
- ISBNs:
- 9780080481005
0080481000 - Access Rights:
- Legal Deposit; Only available on premises controlled by the deposit library and to one user at any one time; The Legal Deposit Libraries (Non-Print Works) Regulations (UK).
- Access Usage:
- Restricted: Printing from this resource is governed by The Legal Deposit Libraries (Non-Print Works) Regulations (UK) and UK copyright law currently in force.
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD.DS.32896
- Ingest File:
- 02_111.xml