Managing Security with Snort and IDS Tools

  
Managing Security with Snort and IDS Tools
By Kerry J. Cox, Christopher Gerg
 
Publisher: O'Reilly
Pub Date: August 2004
ISBN: 0-596-00661-6
Pages: 288
   


This practical guide to managing network security coversreliable methods for detecting network intruders, from usingsimple packet sniffers to more sophisticated IDS (IntrusionDetection Systems) applications and the GUI interfaces formanaging them. A comprehensive resource for monitoringillegal entry attempts, Managing Security withSnort and IDS Tools provides step-by-stepinstructions on getting up and running with Snort 2.1, andhow to shut down and secure workstations, servers,firewalls, routers, sensors and other network devices.

   
  
• Table of Contents
• Index
• Reviews
• Reader Reviews
• Errata
• Academic
Managing Security with Snort and IDS Tools
By Kerry J. Cox, Christopher Gerg
 
Publisher: O'Reilly
Pub Date: August 2004
ISBN: 0-596-00661-6
Pages: 288
   
Copyright
   Preface
     Audience
     About This Book
     Assumptions This Book Makes
     Chapter Synopsis
     Conventions Used in This Book
     Comments and Questions
     Acknowledgments
      Chapter 1.  Introduction
     Section 1.1.  Disappearing Perimeters
     Section 1.2.  Defense-in-Depth
     Section 1.3.  Detecting Intrusions (a Hierarchy of Approaches)
     Section 1.4.  What Is NIDS (and What Is an Intrusion)?
     Section 1.5.  The Challenges of Network Intrusion Detection
     Section 1.6.  Why Snort as an NIDS?
     Section 1.7.  Sites of Interest
      Chapter 2.  Network Traffic Analysis
     Section 2.1.  The TCP/IP Suite of Protocols
     Section 2.2.  Dissecting a Network Packet
     Section 2.3.  Packet Sniffing
     Section 2.4.  Installing tcpdump
     Section 2.5.  tcpdump Basics
     Section 2.6.  Examining tcpdump Output
     Section 2.7.  Running tcpdump
     Section 2.8.  ethereal
     Section 2.9.  Sites of Interest
      Chapter 3.  Installing Snort
     Section 3.1.  About Snort
     Section 3.2.  Installing Snort
     Section 3.3.  Command-Line Options
     Section 3.4.  Modes of Operation
      Chapter 4.  Know Your Enemy
     Section 4.1.  The Bad Guys
     Section 4.2.  Anatomy of an Attack: The Five Ps
     Section 4.3.  Denial-of-Service
     Section 4.4.  IDS Evasion
     Section 4.5.  Sites of Interest
      Chapter 5.  The snort.conf File
     Section 5.1.  Network and Configuration Variables
     Section 5.2.  Snort Decoder and Detection Engine Configuration
     Section 5.3.  Preprocessor Configurations
     Section 5.4.  Output Configurations
     Section 5.5.  File Inclusions
      Chapter 6.  Deploying Snort
     Section 6.1.  Deploy NIDS with Your Eyes Open
     Section 6.2.  Initial Configuration
     Section 6.3.  Sensor Placement
     Section 6.4.  Securing the Sensor Itself
     Section 6.5.  Using Snort More Effectively
     Section 6.6.  Sites of Interest
      Chapter 7.  Creating and Managing Snort Rules
     Section 7.1.  Downloading the Rules
     Section 7.2.  The Rule Sets
     Section 7.3.  Creating Your Own Rules
     Section 7.4.  Rule Execution
     Section 7.5.  Keeping Things Up-to-Date
     Section 7.6.  Sites of Interest
      Chapter 8.  Intrusion Prevention
     Section 8.1.  Intrusion Prevention Strategies
     Section 8.2.  IPS Deployment Risks
     Section 8.3.  Flexible Response with Snort
     Section 8.4.  The Snort Inline Patch
     Section 8.5.  Controlling Your Border
     Section 8.6.  Sites of Interest
      Chapter 9.  Tuning and Thresholding
     Section 9.1.  False Positives (False Alarms)
     Section 9.2.  False Negatives (Missed Alerts)
     Section 9.3.  Initial Configuration and Tuning
     Section 9.4.  Pass Rules
     Section 9.5.  Thresholding and Suppression
      Chapter 10.  Using ACID as a Snort IDS Management Console
     Section 10.1.  Software Installation and Configuration
     Section 10.2.  ACID Console Installation
     Section 10.3.  Accessing the ACID Console
     Section 10.4.  Analyzing the Captured Data
     Section 10.5.  Sites of Interest
      Chapter 11.  Using SnortCenter as a Snort IDS Management Console
     Section 11.1.  SnortCenter Console Installation
     Section 11.2.  SnortCenter Agent Installation
     Section 11.3.  SnortCenter Management Console
     Section 11.4.  Logging In and Surveying the Layout
     Section 11.5.  Adding Sensors to the Console
     Section 11.6.  Managing Tasks
      Chapter 12.  Additional Tools for Snort IDS Management
     Section 12.1.  Open Source Solutions
     Section 12.2.  Commercial Solutions
      Chapter 13.  Strategies for High-Bandwidth Implementations of Snort
     Section 13.1.  Barnyard (and Sguil)
     Section 13.2.  Commericial IDS Load Balancers
     Section 13.3.  The IDS Distribution System (I(DS)2)
      Appendix A.  Snort and ACID Database Schema
     Section A.1.  acid_ag
      Appendix B.  The Default snort.conf File
      Appendix C.  Resources
     Section C.1.  From Chapter 1: Introduction
     Section C.2.  From Chapter 2: Network Traffic Analysis
     Section C.3.  From Chapter 4: Know Your Enemy
     Section C.4.  From Chapter 6: Deploying Snort
     Section C.5.  From Chapter 7: Creating and Managing Snort Rules
     Section C.6.  From Chapter 8: Intrusion Prevention
     Section C.7.  From Chapter 10: Using ACID as a Snort IDS Management Console
     Section C.8.  From Chapter 12: Additional Tools for Snort IDS Management
     Section C.9.  From Chapter 13: Strategies for High-Bandwidth Implementations of Snort
   Colophon
   Index
flylib.com © Copyright 2008-2013. All Rights Reserved. If you may any questions please contact us: flylib@qtcs.net