View previous topic :: View next topic |
Author |
Message |
alt.don SF Boss
Joined: 04 Mar 2003 Posts: 16777079
|
Posted: Sun Aug 10, 2003 9:33 pm Post subject: Book Review - Snort 2.0 Intrusion Detection |
|
|
Snort 2.0 Intrusion Detection
Author: Jay Beale, James C. Taylor, Jerry Posluns
Publisher: Syngress
Book Specifications: Soft-cover, 523 pages, with CD-ROM
Category: Intrusion Detection
User Level: Intermediate-Advanced (Knowledge of tcp/ip principles required as well as package installation experience in either Win32 or Linux/BSD/Solaris)
Suggested Publisher Price: $49.95USA/$69.95CAN/£28.15
ISBN: 1-931836-74-4
Amazon.com: Snort 2.0 Intrusion Detection
Info from Cover: "The incredible low maintenance costs of snort combined with its powerful security features make it one of the fastest growing Intrusion Detection Systems within corporate IT departments. Snort 2.0 Intrusion Detection is the first book dealing with the Snort IDS and is co-written by Brian Caswell of Snort.org. Readers will gain valuable insight into the code base of Snort and in-depth tutorials covering complex installations, configurations, and troubleshooting scnearios"
Introduction
Having just finished a review on another Snort book recently I was very curious to see how this book would stack up against it. I am pleased to noted that this book was able to actually one-up the earlier book that I reviewed on Snort. This book covers all things Snort in a very clear, and easy to understand format. It deals with almost every possible Snort plugin available today, which is very nice as it gives the reader more options when implementing this truly excellent IDS.
Contents
The book is laid out over 12 separate chapters with faq's, quizzes, and chapter summaries at the end of every chapter.
Run down of chapters/sections/contents(I believe to be key)
Chapter 1: Intrusion Detection Systems
This chapter deals with the definition of an IDS systems in it’s various configurations ie: NIDS/HIDS. It also explains several recent cases of well known exploits such as Code Red and Nimda. Also covered here are reasons why an IDS is needed and some specific places where one could, and or should be placed. This is a nice introduction to the rest of the book, and sets out some much needed terminology and it’s definitions.
Chapter 2: Introducing Snort 2.0
This chapter covers the hardware requirements, and software requirements needed to successfully install Snort onto your computer. Covered as well here are the various uses for Snort (Packet sniffer/NIDS). Lastly the shortcomings of Snort are gone over as well. It is nice indeed that they have pointed out Snort’s few pitfalls here as well.
Chapter 5: Playing by the Rules
This chapter covers creating Snort rules in excellent detail, and providing much needed granularity as required. This is a topic that those of you who will be deploying Snort must become very adept with in order to use Snort to it’s full potential. As an added bonus within this chapter is the coverage of such TCP/IP metrics as IP ID numbers, and various other fields within the TCP/IP header. This chapter is well worth reading many times to make this information become second nature to you as an analyst.
Chapter 8: Exploring the Data Analysis Tools
As important as it is in getting Snort to generate finely tuned alerts is the interpretation, and presentation of said alerts. Enclosed within this chapter are four of the most popular tools used to accomplish the task of Snort log files. This is of great importance due to the fact that many people are intimidated by the “packet on the wire” representation of the logged packets. Using any of these tools helps to alleviate this problem.
Style and Detail
This book’s overall flow, and writing style are nothing short of superb. The book has no flaws that I could see in it’s layout. At the end of each chapter are several frequently asked questions, as well as a quiz section testing your comprehension of the material just covered. This coupled with the succinct summary at the end of each chapter make this a truly exceptional book. Each chapter’s wrap up as noted above ensures that you have absorbed the subject matter.
Conclusion
This book is “the” definitive book on Snort, and it’s usage. It also gives excellent coverage of other plugins available to manage Snort itself. The superb layout combined with the clarity of the subject matter covered make this a must buy for someone contemplating implementing Snort.
This book gets a 10 out of 10, as there are no real holes in the book itself. There is a great deal of information rendered in an excellent fashion.
This review is copyright 2003 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.
|
|
Back to top |
|
|
tutaepaki Trusted SF Member
Joined: 02 May 2002 Posts: 3 Location: New Zealand
|
Posted: Mon Aug 11, 2003 12:28 am Post subject: |
|
|
bah....all these good book reviews are stretching my budget to the limit.
Nice review....I guess you're impressed with this book huh.
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Mon Aug 11, 2003 12:35 am Post subject: |
|
|
Aye I'm very tempted to get this book now, for someone that works with IDS and Snort a lot, to give it a 10/10 must mean it's spot on.
Nice review don, and thanks for the heads up
|
|
Back to top |
|
|
viksit SF Reviewer
Joined: 07 Aug 2003 Posts: 3 Location: India
|
Posted: Thu Aug 28, 2003 10:22 am Post subject: |
|
|
Wow! this is an amazing book. Its a bit of a wallop on my wallet though. Fortunately, i convinced my library to get both the books on snort.. This review was printed and shown to the librarian, hehe.. thanks, alt_don!
and guess whos got issue privliges for the book ?
|
|
Back to top |
|
|
|