• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Book Review - Snort 2.0 Intrusion Detection

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> News // Columns // Articles

View previous topic :: View next topic  
Author Message
alt.don
SF Boss
SF Boss


Joined: 04 Mar 2003
Posts: 16777079


Offline

PostPosted: Sun Aug 10, 2003 9:33 pm    Post subject: Book Review - Snort 2.0 Intrusion Detection Reply with quote

Snort 2.0 Intrusion Detection

Author: Jay Beale, James C. Taylor, Jerry Posluns
Publisher: Syngress
Book Specifications: Soft-cover, 523 pages, with CD-ROM
Category: Intrusion Detection
User Level: Intermediate-Advanced (Knowledge of tcp/ip principles required as well as package installation experience in either Win32 or Linux/BSD/Solaris)
Suggested Publisher Price: $49.95USA/$69.95CAN/£28.15
ISBN: 1-931836-74-4
Amazon.com: Snort 2.0 Intrusion Detection



Info from Cover: "The incredible low maintenance costs of snort combined with its powerful security features make it one of the fastest growing Intrusion Detection Systems within corporate IT departments. Snort 2.0 Intrusion Detection is the first book dealing with the Snort IDS and is co-written by Brian Caswell of Snort.org. Readers will gain valuable insight into the code base of Snort and in-depth tutorials covering complex installations, configurations, and troubleshooting scnearios"

Introduction


Having just finished a review on another Snort book recently I was very curious to see how this book would stack up against it. I am pleased to noted that this book was able to actually one-up the earlier book that I reviewed on Snort. This book covers all things Snort in a very clear, and easy to understand format. It deals with almost every possible Snort plugin available today, which is very nice as it gives the reader more options when implementing this truly excellent IDS.

Contents

The book is laid out over 12 separate chapters with faq's, quizzes, and chapter summaries at the end of every chapter.


Run down of chapters/sections/contents(I believe to be key)


Chapter 1: Intrusion Detection Systems

This chapter deals with the definition of an IDS systems in it’s various configurations ie: NIDS/HIDS. It also explains several recent cases of well known exploits such as Code Red and Nimda. Also covered here are reasons why an IDS is needed and some specific places where one could, and or should be placed. This is a nice introduction to the rest of the book, and sets out some much needed terminology and it’s definitions.


Chapter 2: Introducing Snort 2.0

This chapter covers the hardware requirements, and software requirements needed to successfully install Snort onto your computer. Covered as well here are the various uses for Snort (Packet sniffer/NIDS). Lastly the shortcomings of Snort are gone over as well. It is nice indeed that they have pointed out Snort’s few pitfalls here as well.


Chapter 5: Playing by the Rules

This chapter covers creating Snort rules in excellent detail, and providing much needed granularity as required. This is a topic that those of you who will be deploying Snort must become very adept with in order to use Snort to it’s full potential. As an added bonus within this chapter is the coverage of such TCP/IP metrics as IP ID numbers, and various other fields within the TCP/IP header. This chapter is well worth reading many times to make this information become second nature to you as an analyst.


Chapter 8: Exploring the Data Analysis Tools

As important as it is in getting Snort to generate finely tuned alerts is the interpretation, and presentation of said alerts. Enclosed within this chapter are four of the most popular tools used to accomplish the task of Snort log files. This is of great importance due to the fact that many people are intimidated by the “packet on the wire” representation of the logged packets. Using any of these tools helps to alleviate this problem.


Style and Detail

This book’s overall flow, and writing style are nothing short of superb. The book has no flaws that I could see in it’s layout. At the end of each chapter are several frequently asked questions, as well as a quiz section testing your comprehension of the material just covered. This coupled with the succinct summary at the end of each chapter make this a truly exceptional book. Each chapter’s wrap up as noted above ensures that you have absorbed the subject matter.


Conclusion

This book is “the” definitive book on Snort, and it’s usage. It also gives excellent coverage of other plugins available to manage Snort itself. The superb layout combined with the clarity of the subject matter covered make this a must buy for someone contemplating implementing Snort.

This book gets a 10 out of 10, as there are no real holes in the book itself. There is a great deal of information rendered in an excellent fashion.



This review is copyright 2003 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.
Back to top
View user's profile Send private message Visit poster's website
tutaepaki
Trusted SF Member
Trusted SF Member


Joined: 02 May 2002
Posts: 3
Location: New Zealand

Offline

PostPosted: Mon Aug 11, 2003 12:28 am    Post subject: Reply with quote

bah....all these good book reviews are stretching my budget to the limit.
Wink

Nice review....I guess you're impressed with this book huh. Smile
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Mon Aug 11, 2003 12:35 am    Post subject: Reply with quote

Aye I'm very tempted to get this book now, for someone that works with IDS and Snort a lot, to give it a 10/10 must mean it's spot on.

Nice review don, and thanks for the heads up Smile
Back to top
View user's profile Send private message Visit poster's website
viksit
SF Reviewer
SF Reviewer


Joined: 07 Aug 2003
Posts: 3
Location: India

Offline

PostPosted: Thu Aug 28, 2003 10:22 am    Post subject: Reply with quote

Wow! this is an amazing book. Its a bit of a wallop on my wallet though. Fortunately, i convinced my library to get both the books on snort.. This review was printed and shown to the librarian, hehe.. thanks, alt_don!

and guess whos got issue privliges for the book Wink?
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> News // Columns // Articles All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register