< Day Day Up > |
About This BookSnort can be used for a variety of applications, from acting as a simple network sniffer to an enterprise-class gateway intrusion detection system (IDS). This book discusses the various ways to use Snort, and methods of configuring, tuning, and customizing the application to best suit your environment. Implementing an IDS solution can be a labor-intensive and sometimes overwhelming project. This book helps streamline the processes of the initial setup and ongoing care and feeding of Snort. All the source code discussed here is freely available for download off the Internet. I have avoided any software that is closed source, requires a license, or costs money. Though links and source code versions do change over time, every effort has been made to keep listings and release numbers for each application as up-to-date as possible. If you find the URL does not work as listed, please check with some of the major open source repositories: http://freshmeat.net and http://sourceforge.net. If you are unable to locate the applications, use a search engine such as http://www.google.com to find the program's new home or current web site. Links to required libraries or associated applications are usually found on the home pages of most programs. For example, links to SnortCenter and Barnyard are found on the main Snort page at http://www.snort.org. Now that you know what this book is about, here is what it's not about. This book is not a beginner's guide to packet analysis. It is intended to help you implement viable solutions to everyday intrusion detection problems. This book does not spend countless pages examining the nuances and vagaries of every type of fragmented packet or possible buffer overflow. Instead, it explains how to quickly capture a sampling of network traffic and look for the tell-tale signs that indicate hostile activity. If you are searching for a theoretical manual that provides detailed insight into every possible security application or that explains how to dissect new intrusive packets, you won't find it here. This book deals with strategies and speedy implementations using a reasonable, common-sense approach. By the end of this book, the reader will understand that a network-based intrusion detection system is one part of a larger strategy of defense-in-depth. The book is based on the experience of a Network Security Engineer who has both attacked and defended very large corporate networks and systems. Whether you are looking for something to help secure your home network, or looking for an Enterprise-class solution that can watch 2 Gbps of bandwidth in near-real-time, this book will help. |
< Day Day Up > |