Copyright

Preface

If you are building a castle, you dig a moat and put up high walls, you may even build two layers of security -a perimeter and a more secure keep -but at the end of the day, you still need a way for supplies and people to get in and out. To make this part of your castle secure, you post watchmen, guards, and soldiers to ensure that only those who should be are getting in. Often you'll find that physical security in a company is similar, complete with locked doors, pass cards, and security guards .

The principles of securing a computer system are no different than those of securing any other system, but often this final layer of security is left out. Too often people assume that the perimeter protection of the firewall is sufficient to keep all attackers at bay, not considering that attackers might just walk over the bridge through the front gate. All firewalls have rules that allow access - otherwise , you might as well not have the network connection in the first place -and usually it is these rules that are used by a malicious attacker to breach your network. Attackers don't kick down the door, they walk through it pretending to be someone else.

An intrusion detection system (IDS) doesn't exist to check the identity of people coming through a firewall; it keeps an eye out for behavior from those people that is against the rules. It is the security guard who watches to see if someone is trying the lock on the door marked "Private."

This book is about Snort, an open source IDS, freely available to all who wish to make use of it, with updates provided by a large community of developers. It covers all topics from installation through tuning it to your needs, even mentioning some things it wasn't originally designed to do. At the end of this book, you should be able to place a security guard on your network to make sure it stays secure.