Assumptions This Book Makes

This book does not make too many demands on the average reader. It is written in an informal manner and is intended for most security administrators, whether they are using Linux (or another Unix offshoot like BSD) or Windows. The main focus of the book will be running Snort on a Linux platform. Even beginning Linux users should have no trouble grasping the concepts. Most applications—along with their installation and configuration—are clearly spelled out. While this book will provide the average user with the ability to get a Snort sensor up and running, professional deployments of any IDS solution benefit from a good knowledge of networking and system administration. Without this background, discrimination of what is naughty and what is nice will be more difficult.

If any of the steps explained in later chapters do not answer all your questions, please consult the application's home page or subscribe to its mailing list, if one is available. It will be helpful if you are familiar with Usenet newsgroups and can post detailed questions regarding any additional use of the applications presented here. You will find that the open source community surrounding Snort and the related applications is active and incredibly helpful.

This book assumes that you have access to one or more machines, can perform a standard operating system installation, and have a relatively stable connection to the Internet. It also operates on the assumption that a LAN or switched Ethernet network is available for testing purposes. Though this is not required, it does help when monitoring packets flowing between machines and in and out of networks. This book also presupposes that a secure firewall is in place. It is your responsibility to ensure that your network remains safe during the IDS installation and implementation phase. Newly installed systems do not survive long when exposed to the Internet without protection.