Managing Security with Snort and IDS Tools |
By Kerry J. Cox, Christopher Gerg |
| |
Publisher | : O'Reilly |
Pub Date | : August 2004 |
ISBN | : 0-596-00661-6 |
Pages | : 288 |
| | |
| Copyright |
| | Preface |
| | | Audience |
| | | About This Book |
| | | Assumptions This Book Makes |
| | | Chapter Synopsis |
| | | Conventions Used in This Book |
| | | Comments and Questions |
| | | Acknowledgments |
| | Chapter 1. Introduction |
| | | Section 1.1. Disappearing Perimeters |
| | | Section 1.2. Defense-in-Depth |
| | | Section 1.3. Detecting Intrusions (a Hierarchy of Approaches) |
| | | Section 1.4. What Is NIDS (and What Is an Intrusion)? |
| | | Section 1.5. The Challenges of Network Intrusion Detection |
| | | Section 1.6. Why Snort as an NIDS? |
| | | Section 1.7. Sites of Interest |
| | Chapter 2. Network Traffic Analysis |
| | | Section 2.1. The TCP/IP Suite of Protocols |
| | | Section 2.2. Dissecting a Network Packet |
| | | Section 2.3. Packet Sniffing |
| | | Section 2.4. Installing tcpdump |
| | | Section 2.5. tcpdump Basics |
| | | Section 2.6. Examining tcpdump Output |
| | | Section 2.7. Running tcpdump |
| | | Section 2.8. ethereal |
| | | Section 2.9. Sites of Interest |
| | Chapter 3. Installing Snort |
| | | Section 3.1. About Snort |
| | | Section 3.2. Installing Snort |
| | | Section 3.3. Command-Line Options |
| | | Section 3.4. Modes of Operation |
| | Chapter 4. Know Your Enemy |
| | | Section 4.1. The Bad Guys |
| | | Section 4.2. Anatomy of an Attack: The Five Ps |
| | | Section 4.3. Denial-of-Service |
| | | Section 4.4. IDS Evasion |
| | | Section 4.5. Sites of Interest |
| | Chapter 5. The snort.conf File |
| | | Section 5.1. Network and Configuration Variables |
| | | Section 5.2. Snort Decoder and Detection Engine Configuration |
| | | Section 5.3. Preprocessor Configurations |
| | | Section 5.4. Output Configurations |
| | | Section 5.5. File Inclusions |
| | Chapter 6. Deploying Snort |
| | | Section 6.1. Deploy NIDS with Your Eyes Open |
| | | Section 6.2. Initial Configuration |
| | | Section 6.3. Sensor Placement |
| | | Section 6.4. Securing the Sensor Itself |
| | | Section 6.5. Using Snort More Effectively |
| | | Section 6.6. Sites of Interest |
| | Chapter 7. Creating and Managing Snort Rules |
| | | Section 7.1. Downloading the Rules |
| | | Section 7.2. The Rule Sets |
| | | Section 7.3. Creating Your Own Rules |
| | | Section 7.4. Rule Execution |
| | | Section 7.5. Keeping Things Up-to-Date |
| | | Section 7.6. Sites of Interest |
| | Chapter 8. Intrusion Prevention |
| | | Section 8.1. Intrusion Prevention Strategies |
| | | Section 8.2. IPS Deployment Risks |
| | | Section 8.3. Flexible Response with Snort |
| | | Section 8.4. The Snort Inline Patch |
| | | Section 8.5. Controlling Your Border |
| | | Section 8.6. Sites of Interest |
| | Chapter 9. Tuning and Thresholding |
| | | Section 9.1. False Positives (False Alarms) |
| | | Section 9.2. False Negatives (Missed Alerts) |
| | | Section 9.3. Initial Configuration and Tuning |
| | | Section 9.4. Pass Rules |
| | | Section 9.5. Thresholding and Suppression |
| | Chapter 10. Using ACID as a Snort IDS Management Console |
| | | Section 10.1. Software Installation and Configuration |
| | | Section 10.2. ACID Console Installation |
| | | Section 10.3. Accessing the ACID Console |
| | | Section 10.4. Analyzing the Captured Data |
| | | Section 10.5. Sites of Interest |
| | Chapter 11. Using SnortCenter as a Snort IDS Management Console |
| | | Section 11.1. SnortCenter Console Installation |
| | | Section 11.2. SnortCenter Agent Installation |
| | | Section 11.3. SnortCenter Management Console |
| | | Section 11.4. Logging In and Surveying the Layout |
| | | Section 11.5. Adding Sensors to the Console |
| | | Section 11.6. Managing Tasks |
| | Chapter 12. Additional Tools for Snort IDS Management |
| | | Section 12.1. Open Source Solutions |
| | | Section 12.2. Commercial Solutions |
| | Chapter 13. Strategies for High-Bandwidth Implementations of Snort |
| | | Section 13.1. Barnyard (and Sguil) |
| | | Section 13.2. Commericial IDS Load Balancers |
| | | Section 13.3. The IDS Distribution System (I(DS)2) |
| | Appendix A. Snort and ACID Database Schema |
| | | Section A.1. acid_ag |
| | Appendix B. The Default snort.conf File |
| | Appendix C. Resources |
| | | Section C.1. From Chapter 1: Introduction |
| | | Section C.2. From Chapter 2: Network Traffic Analysis |
| | | Section C.3. From Chapter 4: Know Your Enemy |
| | | Section C.4. From Chapter 6: Deploying Snort |
| | | Section C.5. From Chapter 7: Creating and Managing Snort Rules |
| | | Section C.6. From Chapter 8: Intrusion Prevention |
| | | Section C.7. From Chapter 10: Using ACID as a Snort IDS Management Console |
| | | Section C.8. From Chapter 12: Additional Tools for Snort IDS Management |
| | | Section C.9. From Chapter 13: Strategies for High-Bandwidth Implementations of Snort |
| | Colophon |
| | Index |