Managing Security with Snort and IDS Tools

購買商店

Managing Security with Snort and IDS Tools

$1,188.00

馬上購買

內容描述

Description:

Intrusion detection is not for the faint at heart. But, if you are a
network administrator chances are you're under increasing pressure to ensure
that mission-critical systems are safe--in fact impenetrable--from malicious
code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting
attempts, CGI attacks, and other network intruders. Designing a
reliable way to detect intruders before they get in is a vital but daunting
challenge. Because of this, a plethora of complex, sophisticated, and pricy
software solutions are now available. In terms of raw power and features,
SNORT, the most commonly used Open Source Intrusion Detection System, (IDS)
has begun to eclipse many expensive proprietary IDSes. In terms of
documentation or ease of use, however, SNORT can seem overwhelming. Which
output plugin to use? How do you to email alerts to yourself? Most
importantly, how do you sort through the immense amount of information Snort
makes available to you? Many intrusion detection books are long on
theory but short on specifics and practical examples. Not Managing Security
with Snort and IDS Tools. This new book is a thorough, exceptionally
practical guide to managing network security using Snort 2.1 (the latest
release) and dozens of other high-quality open source other open source
intrusion detection programs. Managing Security with Snort and IDS
Tools covers reliable methods for detecting network intruders, from using
simple packet sniffers to more sophisticated IDS (Intrusion Detection Systems)
applications and the GUI interfaces for managing them. A comprehensive but
concise guide for monitoring illegal entry attempts, this invaluable new book
explains how to shut down and secure workstations, servers, firewalls,
routers, sensors and other network devices. Step-by-step instructions
are provided to quickly get up and running with Snort. Each chapter includes
links for the programs discussed, and additional links at the end of the book
give administrators access to numerous web sites for additional information
and instructional material that will satisfy even the most serious security
enthusiasts. Managing Security with Snort and IDS Tools maps
out a proactive--and effective--approach to keeping your systems safe from
attack.
 
Table of Contents:

Preface

1. Introduction      Disappearing Perimeters
         Defense-in-Depth
         Detecting Intrusions (a Hierarchy of
   Approaches)       What Is NIDS (and What Is an
   Intrusion)?       The Challenges of Network
   Intrusion Detection       Why Snort as an NIDS?
         Sites of Interest
2. Network Traffic Analysis      The TCP/IP
   Suite of Protocols       Dissecting a Network
   Packet       Packet Sniffing
         Installing tcpdump
         tcpdump Basics
         Examining tcpdump Output
         Running tcpdump
         ethereal      
   Sites of Interest
3. Installing Snort      About Snort
         Installing Snort
         Command-Line Options
         Modes of Operation
4. Know Your Enemy      The Bad Guys
         Anatomy of an Attack: The Five Ps
         Denial-of-Service
         IDS Evasion
         Sites of Interest
5. The snort.conf File      Network and
   Configuration Variables       Snort Decoder and
   Detection Engine Configuration       Preprocessor
   Configurations       Output Configurations
         File Inclusions
6. Deploying Snort      Deploy NIDS with Your
   Eyes Open       Initial Configuration
         Sensor Placement
         Securing the Sensor Itself
         Using Snort More Effectively
         Site of Interest
7. Creating and Managing Snort Rules     
   Downloading the Rules       The Rule Sets
         Creating Your Own Rules
         Rule Execution
         Keeping Things Up-to-Date
         Interesting Sites
8. Intrusion Prevention      Intrusion
   Prevention Strategies       IPS Deployment Risks
         Flexible Response with Snort
         The Snort Inline Patch
         Controlling Your Border
         Sites of Interest
9. Tuning and Thresholding      False
   Positives (False Alarms)       False Negatives
   (Missed Alerts)       Initial Configuration and
   Tuning       Pass Rules
         Thresholding and Suppression
10. Using ACID as a Snort IDS Management
    Console      Software Installation and
    Configuration       ACID Console Installation
          Accessing the ACID Console
          Analyzing the Captured Data
          Sites of Interest
11. Using SnortCenter as a Snort IDS Management
    Console      SnortCenter Console Installation
          SnortCenter Agent Installation
          SnortCenter Management Console
          Logging In and Surveying the Layout
          Adding Sensors to the Console
          Managing Tasks
12. Additional Tools for Snort IDS
    Management      Open Source Solutions
          Commercial Solutions
13. Strategies for High-Bandwidth Implementations of
    Snort      Barnyard (and Sguil)
          Commericial IDS Load Balancers
          The IDS Distribution System (I(DS)2)
    A. Snort and ACID Database Schema
    B. The Default snort.conf File
    C. Resources
    Index