Chapter 1. Introduction

This book is about building a network-based intrusion detection system (NIDS) based on the open source application called Snort. Snort got a modest start as the open source project of a software engineer names Martin Roesch (who incidentally was the lead engineer in the development of an IDS solution for GTE). Snort is now a high-performance, full-featured solution that provides competition for some very expensive commercial solutions (and surpasses many).

A context for the use of an NIDS solution is established by examining the challenges confronting a network administrator with regards to security. New technologies are making it easier for remote users and partners to access the insides of the network, bypassing perimeter security entirely. A new breed of Internet worm is attacking from a variety of directions—through email, across the network, and even across virtual private network (VPN) connections. Hacker communities are creating tools that make attacking a network much easier. This gives rise to "script kiddies," who download an attack tool and penetrate an organization's network—all without knowing how the tool they are using works or the effect it will have on the target system.