Book Review - Snort 2.0 Intrusion Detection

Networking/Security Forums -> News // Columns // Articles

Author: alt.don PostPosted: Sun Aug 10, 2003 9:33 pm    Post subject: Book Review - Snort 2.0 Intrusion Detection
Snort 2.0 Intrusion Detection

Author: Jay Beale, James C. Taylor, Jerry Posluns
Publisher: Syngress
Book Specifications: Soft-cover, 523 pages, with CD-ROM
Category: Intrusion Detection
User Level: Intermediate-Advanced (Knowledge of tcp/ip principles required as well as package installation experience in either Win32 or Linux/BSD/Solaris)
Suggested Publisher Price: $49.95USA/$69.95CAN/£28.15
ISBN: 1-931836-74-4 Snort 2.0 Intrusion Detection

Info from Cover: "The incredible low maintenance costs of snort combined with its powerful security features make it one of the fastest growing Intrusion Detection Systems within corporate IT departments. Snort 2.0 Intrusion Detection is the first book dealing with the Snort IDS and is co-written by Brian Caswell of Readers will gain valuable insight into the code base of Snort and in-depth tutorials covering complex installations, configurations, and troubleshooting scnearios"


Having just finished a review on another Snort book recently I was very curious to see how this book would stack up against it. I am pleased to noted that this book was able to actually one-up the earlier book that I reviewed on Snort. This book covers all things Snort in a very clear, and easy to understand format. It deals with almost every possible Snort plugin available today, which is very nice as it gives the reader more options when implementing this truly excellent IDS.


The book is laid out over 12 separate chapters with faq's, quizzes, and chapter summaries at the end of every chapter.

Run down of chapters/sections/contents(I believe to be key)

Chapter 1: Intrusion Detection Systems

This chapter deals with the definition of an IDS systems in itís various configurations ie: NIDS/HIDS. It also explains several recent cases of well known exploits such as Code Red and Nimda. Also covered here are reasons why an IDS is needed and some specific places where one could, and or should be placed. This is a nice introduction to the rest of the book, and sets out some much needed terminology and itís definitions.

Chapter 2: Introducing Snort 2.0

This chapter covers the hardware requirements, and software requirements needed to successfully install Snort onto your computer. Covered as well here are the various uses for Snort (Packet sniffer/NIDS). Lastly the shortcomings of Snort are gone over as well. It is nice indeed that they have pointed out Snortís few pitfalls here as well.

Chapter 5: Playing by the Rules

This chapter covers creating Snort rules in excellent detail, and providing much needed granularity as required. This is a topic that those of you who will be deploying Snort must become very adept with in order to use Snort to itís full potential. As an added bonus within this chapter is the coverage of such TCP/IP metrics as IP ID numbers, and various other fields within the TCP/IP header. This chapter is well worth reading many times to make this information become second nature to you as an analyst.

Chapter 8: Exploring the Data Analysis Tools

As important as it is in getting Snort to generate finely tuned alerts is the interpretation, and presentation of said alerts. Enclosed within this chapter are four of the most popular tools used to accomplish the task of Snort log files. This is of great importance due to the fact that many people are intimidated by the ďpacket on the wireĒ representation of the logged packets. Using any of these tools helps to alleviate this problem.

Style and Detail

This bookís overall flow, and writing style are nothing short of superb. The book has no flaws that I could see in itís layout. At the end of each chapter are several frequently asked questions, as well as a quiz section testing your comprehension of the material just covered. This coupled with the succinct summary at the end of each chapter make this a truly exceptional book. Each chapterís wrap up as noted above ensures that you have absorbed the subject matter.


This book is ďtheĒ definitive book on Snort, and itís usage. It also gives excellent coverage of other plugins available to manage Snort itself. The superb layout combined with the clarity of the subject matter covered make this a must buy for someone contemplating implementing Snort.

This book gets a 10 out of 10, as there are no real holes in the book itself. There is a great deal of information rendered in an excellent fashion.

This review is copyright 2003 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.

Author: tutaepakiLocation: New Zealand PostPosted: Mon Aug 11, 2003 12:28 am    Post subject:
bah....all these good book reviews are stretching my budget to the limit.

Nice review....I guess you're impressed with this book huh. Smile

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Mon Aug 11, 2003 12:35 am    Post subject:
Aye I'm very tempted to get this book now, for someone that works with IDS and Snort a lot, to give it a 10/10 must mean it's spot on.

Nice review don, and thanks for the heads up Smile

Author: viksitLocation: India PostPosted: Thu Aug 28, 2003 10:22 am    Post subject:
Wow! this is an amazing book. Its a bit of a wallop on my wallet though. Fortunately, i convinced my library to get both the books on snort.. This review was printed and shown to the librarian, hehe.. thanks, alt_don!

and guess whos got issue privliges for the book Wink?

Networking/Security Forums -> News // Columns // Articles

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group