Preface

This book explains how to manage your network's security using the open source tool Snort. The examples in this book are designed for use primarily on a Red Hat Linux machine. They should be fully functional on the latest Red Hat Enterprise Linux version as well as the latest Fedora release by Red Hat. All instructions were documented using the most recent Red Hat releases, patches, and software. The applications were configured using default packages needed for a standard installation, and each machine was secured according to the latest errata.

The instructions in this book apply to other Linux flavors, such as SuSE, Gentoo, Debian, and most Unix variants, including FreeBSD, OpenBSD, and Solaris. Many of the applications are available for download as source or as precompiled binaries. Since performance is often a consideration when deploying an IDS solution, you will probably find that building the applications from source yields the best results. If you do not have the time, desire, or need to build from source, the prebuilt packages should work just fine and install without trouble on most systems. Consult your Linux distribution or Unix-based operating system for further information regarding source compilation and installation. Snort binaries are also available for the Microsoft Windows platform, and instructions for running Snort on a Windows platform are included.

Links to the applications and their respective web sites are provided throughout and at the end of the chapters. Appendix C also contains a compendium of all software programs and applications referenced. Check all software sites regularly for the latest updates and information regarding their use. Many of the programs are under active development and new versions are posted frequently. Some applications require an update with the release of new Linux versions. Stay current with the most recent release in order to avoid any vulnerabilities or security issues that appear over time.

Topics covered include:

• Packet capture and analysis using a variety of command-line and GUI utilities.

• An introduction to the interpretation of packet headers and content within an IDS environment.

• The threats to your organization's technology assets.

• Instructions for installing, configuring, tuning, and customizing an open source, enterprise-level network intrusion detection system (NIDS) for use in corporate and/or home office environments.

• A discussion of ways to utilize Snort as a sniffer, a network gateway that blocks malicious traffic, and a passive IDS sensor.

• Details on how to configure and tune your Snort IDS installation to maximize the effectiveness and minimize the labor involved in detecting and tracking down attacks.

• An in-depth look at a variety of administration tools that assist in the management of the Snort IDS environment.

• Strategies for deploying an IDS in switched, high-security, and high-bandwidth environments.