Previous Section  < Day Day Up >  Next Section

  
• Table of Contents
• Index
• Reviews
• Reader Reviews
• Errata
• Academic
Managing Security with Snort and IDS Tools
By Kerry J. Cox, Christopher Gerg
 
Publisher: O'Reilly
Pub Date: August 2004
ISBN: 0-596-00661-6
Pages: 288
   


   Copyright
   Preface
      Audience
      About This Book
      Assumptions This Book Makes
      Chapter Synopsis
      Conventions Used in This Book
      Comments and Questions
      Acknowledgments
      Chapter 1.  Introduction
      Section 1.1.  Disappearing Perimeters
      Section 1.2.  Defense-in-Depth
      Section 1.3.  Detecting Intrusions (a Hierarchy of Approaches)
      Section 1.4.  What Is NIDS (and What Is an Intrusion)?
      Section 1.5.  The Challenges of Network Intrusion Detection
      Section 1.6.  Why Snort as an NIDS?
      Section 1.7.  Sites of Interest
      Chapter 2.  Network Traffic Analysis
      Section 2.1.  The TCP/IP Suite of Protocols
      Section 2.2.  Dissecting a Network Packet
      Section 2.3.  Packet Sniffing
      Section 2.4.  Installing tcpdump
      Section 2.5.  tcpdump Basics
      Section 2.6.  Examining tcpdump Output
      Section 2.7.  Running tcpdump
      Section 2.8.  ethereal
      Section 2.9.  Sites of Interest
      Chapter 3.  Installing Snort
      Section 3.1.  About Snort
      Section 3.2.  Installing Snort
      Section 3.3.  Command-Line Options
      Section 3.4.  Modes of Operation
      Chapter 4.  Know Your Enemy
      Section 4.1.  The Bad Guys
      Section 4.2.  Anatomy of an Attack: The Five Ps
      Section 4.3.  Denial-of-Service
      Section 4.4.  IDS Evasion
      Section 4.5.  Sites of Interest
      Chapter 5.  The snort.conf File
      Section 5.1.  Network and Configuration Variables
      Section 5.2.  Snort Decoder and Detection Engine Configuration
      Section 5.3.  Preprocessor Configurations
      Section 5.4.  Output Configurations
      Section 5.5.  File Inclusions
      Chapter 6.  Deploying Snort
      Section 6.1.  Deploy NIDS with Your Eyes Open
      Section 6.2.  Initial Configuration
      Section 6.3.  Sensor Placement
      Section 6.4.  Securing the Sensor Itself
      Section 6.5.  Using Snort More Effectively
      Section 6.6.  Sites of Interest
      Chapter 7.  Creating and Managing Snort Rules
      Section 7.1.  Downloading the Rules
      Section 7.2.  The Rule Sets
      Section 7.3.  Creating Your Own Rules
      Section 7.4.  Rule Execution
      Section 7.5.  Keeping Things Up-to-Date
      Section 7.6.  Sites of Interest
      Chapter 8.  Intrusion Prevention
      Section 8.1.  Intrusion Prevention Strategies
      Section 8.2.  IPS Deployment Risks
      Section 8.3.  Flexible Response with Snort
      Section 8.4.  The Snort Inline Patch
      Section 8.5.  Controlling Your Border
      Section 8.6.  Sites of Interest
      Chapter 9.  Tuning and Thresholding
      Section 9.1.  False Positives (False Alarms)
      Section 9.2.  False Negatives (Missed Alerts)
      Section 9.3.  Initial Configuration and Tuning
      Section 9.4.  Pass Rules
      Section 9.5.  Thresholding and Suppression
      Chapter 10.  Using ACID as a Snort IDS Management Console
      Section 10.1.  Software Installation and Configuration
      Section 10.2.  ACID Console Installation
      Section 10.3.  Accessing the ACID Console
      Section 10.4.  Analyzing the Captured Data
      Section 10.5.  Sites of Interest
      Chapter 11.  Using SnortCenter as a Snort IDS Management Console
      Section 11.1.  SnortCenter Console Installation
      Section 11.2.  SnortCenter Agent Installation
      Section 11.3.  SnortCenter Management Console
      Section 11.4.  Logging In and Surveying the Layout
      Section 11.5.  Adding Sensors to the Console
      Section 11.6.  Managing Tasks
      Chapter 12.  Additional Tools for Snort IDS Management
      Section 12.1.  Open Source Solutions
      Section 12.2.  Commercial Solutions
      Chapter 13.  Strategies for High-Bandwidth Implementations of Snort
      Section 13.1.  Barnyard (and Sguil)
      Section 13.2.  Commericial IDS Load Balancers
      Section 13.3.  The IDS Distribution System (I(DS)2)
      Appendix A.  Snort and ACID Database Schema
      Section A.1.  acid_ag
      Appendix B.  The Default snort.conf File
      Appendix C.  Resources
      Section C.1.  From Chapter 1: Introduction
      Section C.2.  From Chapter 2: Network Traffic Analysis
      Section C.3.  From Chapter 4: Know Your Enemy
      Section C.4.  From Chapter 6: Deploying Snort
      Section C.5.  From Chapter 7: Creating and Managing Snort Rules
      Section C.6.  From Chapter 8: Intrusion Prevention
      Section C.7.  From Chapter 10: Using ACID as a Snort IDS Management Console
      Section C.8.  From Chapter 12: Additional Tools for Snort IDS Management
      Section C.9.  From Chapter 13: Strategies for High-Bandwidth Implementations of Snort
   Colophon
   Index
Previous Section  < Day Day Up >  Next Section