Intrusion detection is not for the faint at heart. But, if you are a network administrator chances are you're under increasing pressure to ensure that mission-critical systems are safe--in fact impenetrable--from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is a vital but daunting challenge. Because of this, a plethora of complex, sophisticated, and pricy software solutions are now available. In terms of raw power and features, SNORT, the…mehr
Intrusion detection is not for the faint at heart. But, if you are a network administrator chances are you're under increasing pressure to ensure that mission-critical systems are safe--in fact impenetrable--from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is a vital but daunting challenge. Because of this, a plethora of complex, sophisticated, and pricy software solutions are now available. In terms of raw power and features, SNORT, the most commonly used Open Source Intrusion Detection System, (IDS) has begun to eclipse many expensive proprietary IDSes. In terms of documentation or ease of use, however, SNORT can seem overwhelming. Which output plugin to use? How do you to email alerts to yourself? Most importantly, how do you sort through the immense amount of information Snort makes available to you? Many intrusion detection books are long on theory but short on specifics and practical examples. Not Managing Security with Snort and IDS Tools. This new book is a thorough, exceptionally practical guide to managing network security using Snort 2.1 (the latest release) and dozens of other high-quality open source other open source intrusion detection programs. Managing Security with Snort and IDS Tools covers reliable methods for detecting network intruders, from using simple packet sniffers to more sophisticated IDS (Intrusion Detection Systems) applications and the GUI interfaces for managing them. A comprehensive but concise guide for monitoring illegal entry attempts, this invaluable new book explains how to shut down and secure workstations, servers, firewalls, routers, sensors and other network devices. Step-by-step instructions are provided to quickly get up and running with Snort. Each chapter includes links for the programs discussed, and additional links at the end of the book give administrators access to numerous web sites for additional information and instructional material that will satisfy even the most serious security enthusiasts. Managing Security with Snort and IDS Tools maps out a proactive--and effective--approach to keeping your systems safe from attack.Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Kerry Cox is a knowledgeable and enthusiastic chief administrator/network engineer at Bonneville International/KSL Radio and Television where he manages 40 Red Hat Linux servers, as well as Solaris and FreeBSD, performing installation, patching, hardening, and maintenance. He also handles all Cisco routers, switches, PIX and Checkpoint firewalls, CSS load balancers, IDS sensors and consoles. Kerry has implemented open source solution for monitoring networks, architectures, server processes, and bandwidth. Previously, he worked at network communications companies and ISPs and is the author of two books by Prima: the Linux Productivity Administrator's Guide and Red Hat Linux Administrator's Guide. Christopher Gerg CISSP, CHSP is the Network Security Manager for Berbee Information Networks. His IT career started with phone technical support for Microsoft s launch of Windows 95 and his MCSE dates back to NT 3.51. He s worked as a system and network administrator and has traveled extensively installing WANs and infrastructure for a variety of clients. Five years ago things changed Christopher discovered open-source operating systems (FreeBSD, Debian, and Suse are his favorites) and he s spent three years as a penetration tester with Berbee and then transitioned from attack to defend for the last two years. Christopher is responsible for the network security of two Enterprise-class datacenters, the customers located in them, and the network infrastructure that connects it all (Multiple OC-48 SONET rings and multiple OC-3 s to the Internet). He uses Snort to watch it all.In his free time, Christopher raises rugged mountain alpacas in the wind-swept mountains of South-Central Wisconsin.
Inhaltsangabe
Preface Audience About This Book Assumptions This Book Makes Chapter Synopsis Conventions Used in This Book Comments and Questions Acknowledgments Chapter 1: Introduction 1.1 Disappearing Perimeters 1.2 Defense-in-Depth 1.3 Detecting Intrusions (a Hierarchy of Approaches) 1.4 What Is NIDS (and What Is an Intrusion)? 1.5 The Challenges of Network Intrusion Detection 1.6 Why Snort as an NIDS? 1.7 Sites of Interest Chapter 2: Network Traffic Analysis 2.1 The TCP/IP Suite of Protocols 2.2 Dissecting a Network Packet 2.3 Packet Sniffing 2.4 Installing tcpdump 2.5 tcpdump Basics 2.6 Examining tcpdump Output 2.7 Running tcpdump 2.8 ethereal 2.9 Sites of Interest Chapter 3: Installing Snort 3.1 About Snort 3.2 Installing Snort 3.3 Command-Line Options 3.4 Modes of Operation Chapter 4: Know Your Enemy 4.1 The Bad Guys 4.2 Anatomy of an Attack: The Five Ps 4.3 Denial-of-Service 4.4 IDS Evasion 4.5 Sites of Interest Chapter 5: The snort.conf File 5.1 Network and Configuration Variables 5.2 Snort Decoder and Detection Engine Configuration 5.3 Preprocessor Configurations 5.4 Output Configurations 5.5 File Inclusions Chapter 6: Deploying Snort 6.1 Deploy NIDS with Your Eyes Open 6.2 Initial Configuration 6.3 Sensor Placement 6.4 Securing the Sensor Itself 6.5 Using Snort More Effectively 6.6 Sites of Interest Chapter 7: Creating and Managing Snort Rules 7.1 Downloading the Rules 7.2 The Rule Sets 7.3 Creating Your Own Rules 7.4 Rule Execution 7.5 Keeping Things Up-to-Date 7.6 Sites of Interest Chapter 8: Intrusion Prevention 8.1 Intrusion Prevention Strategies 8.2 IPS Deployment Risks 8.3 Flexible Response with Snort 8.4 The Snort Inline Patch 8.5 Controlling Your Border 8.6 Sites of Interest Chapter 9: Tuning and Thresholding 9.1 False Positives (False Alarms) 9.2 False Negatives (Missed Alerts) 9.3 Initial Configuration and Tuning 9.4 Pass Rules 9.5 Thresholding and Suppression Chapter 10: Using ACID as a Snort IDS Management Console 10.1 Software Installation and Configuration 10.2 ACID Console Installation 10.3 Accessing the ACID Console 10.4 Analyzing the Captured Data 10.5 Sites of Interest Chapter 11: Using SnortCenter as a Snort IDS Management Console 11.1 SnortCenter Console Installation 11.2 SnortCenter Agent Installation 11.3 SnortCenter Management Console 11.4 Logging In and Surveying the Layout 11.5 Adding Sensors to the Console 11.6 Managing Tasks Chapter 12: Additional Tools for Snort IDS Management 12.1 Open Source Solutions 12.2 Commercial Solutions Chapter 13: Strategies for High-Bandwidth Implementations of Snort 13.1 Barnyard (and Sguil) 13.2 Commericial IDS Load Balancers 13.3 The IDS Distribution System (I(DS)2) Appendix A: Snort and ACID Database Schema A.1 acid_ag Appendix B: The Default snort.conf File Appendix C: Resources C.1 From Chapter 1: Introduction C.2 From Chapter 2: Network Traffic Analysis C.3 From Chapter 4: Know Your Enemy C.4 From Chapter 6: Deploying Snort C.5 From Chapter 7: Creating and Managing Snort Rules C.6 From Chapter 8: Intrusion Prevention C.7 From Chapter 10: Using ACID as a Snort IDS Management Console C.8 From Chapter 12: Additional Tools for Snort IDS Management C.9 From Chapter 13: Strategies for High-Bandwidth Implementations of Snort Colophon
Preface Audience About This Book Assumptions This Book Makes Chapter Synopsis Conventions Used in This Book Comments and Questions Acknowledgments Chapter 1: Introduction 1.1 Disappearing Perimeters 1.2 Defense-in-Depth 1.3 Detecting Intrusions (a Hierarchy of Approaches) 1.4 What Is NIDS (and What Is an Intrusion)? 1.5 The Challenges of Network Intrusion Detection 1.6 Why Snort as an NIDS? 1.7 Sites of Interest Chapter 2: Network Traffic Analysis 2.1 The TCP/IP Suite of Protocols 2.2 Dissecting a Network Packet 2.3 Packet Sniffing 2.4 Installing tcpdump 2.5 tcpdump Basics 2.6 Examining tcpdump Output 2.7 Running tcpdump 2.8 ethereal 2.9 Sites of Interest Chapter 3: Installing Snort 3.1 About Snort 3.2 Installing Snort 3.3 Command-Line Options 3.4 Modes of Operation Chapter 4: Know Your Enemy 4.1 The Bad Guys 4.2 Anatomy of an Attack: The Five Ps 4.3 Denial-of-Service 4.4 IDS Evasion 4.5 Sites of Interest Chapter 5: The snort.conf File 5.1 Network and Configuration Variables 5.2 Snort Decoder and Detection Engine Configuration 5.3 Preprocessor Configurations 5.4 Output Configurations 5.5 File Inclusions Chapter 6: Deploying Snort 6.1 Deploy NIDS with Your Eyes Open 6.2 Initial Configuration 6.3 Sensor Placement 6.4 Securing the Sensor Itself 6.5 Using Snort More Effectively 6.6 Sites of Interest Chapter 7: Creating and Managing Snort Rules 7.1 Downloading the Rules 7.2 The Rule Sets 7.3 Creating Your Own Rules 7.4 Rule Execution 7.5 Keeping Things Up-to-Date 7.6 Sites of Interest Chapter 8: Intrusion Prevention 8.1 Intrusion Prevention Strategies 8.2 IPS Deployment Risks 8.3 Flexible Response with Snort 8.4 The Snort Inline Patch 8.5 Controlling Your Border 8.6 Sites of Interest Chapter 9: Tuning and Thresholding 9.1 False Positives (False Alarms) 9.2 False Negatives (Missed Alerts) 9.3 Initial Configuration and Tuning 9.4 Pass Rules 9.5 Thresholding and Suppression Chapter 10: Using ACID as a Snort IDS Management Console 10.1 Software Installation and Configuration 10.2 ACID Console Installation 10.3 Accessing the ACID Console 10.4 Analyzing the Captured Data 10.5 Sites of Interest Chapter 11: Using SnortCenter as a Snort IDS Management Console 11.1 SnortCenter Console Installation 11.2 SnortCenter Agent Installation 11.3 SnortCenter Management Console 11.4 Logging In and Surveying the Layout 11.5 Adding Sensors to the Console 11.6 Managing Tasks Chapter 12: Additional Tools for Snort IDS Management 12.1 Open Source Solutions 12.2 Commercial Solutions Chapter 13: Strategies for High-Bandwidth Implementations of Snort 13.1 Barnyard (and Sguil) 13.2 Commericial IDS Load Balancers 13.3 The IDS Distribution System (I(DS)2) Appendix A: Snort and ACID Database Schema A.1 acid_ag Appendix B: The Default snort.conf File Appendix C: Resources C.1 From Chapter 1: Introduction C.2 From Chapter 2: Network Traffic Analysis C.3 From Chapter 4: Know Your Enemy C.4 From Chapter 6: Deploying Snort C.5 From Chapter 7: Creating and Managing Snort Rules C.6 From Chapter 8: Intrusion Prevention C.7 From Chapter 10: Using ACID as a Snort IDS Management Console C.8 From Chapter 12: Additional Tools for Snort IDS Management C.9 From Chapter 13: Strategies for High-Bandwidth Implementations of Snort Colophon
Rezensionen
"Dieses Buch beschreibt weit mehr als nur Snort. (...) Alles in allem finde ich dieses Buch durchaus empfehlenswert für Netzwerkadminstratoren, die ihr Netz im Auge haben wollen und dafür ein (N)IDS installieren möchten, oder auch für die, die bereits Snort installiert haben. Denn für letztere gibt es eine ganze Reihe Tipps, die sehr nützlich sind." -- Linux Usergroup Kassel, 04/2005 Lesen Sie die vollständige Rezension unter: http://lug-kassel.de/review/index.html#3
Es gelten unsere Allgemeinen Geschäftsbedingungen: www.buecher.de/agb
Impressum
www.buecher.de ist ein Internetauftritt der buecher.de internetstores GmbH
Geschäftsführung: Monica Sawhney | Roland Kölbl | Günter Hilger
Sitz der Gesellschaft: Batheyer Straße 115 - 117, 58099 Hagen
Postanschrift: Bürgermeister-Wegele-Str. 12, 86167 Augsburg
Amtsgericht Hagen HRB 13257
Steuernummer: 321/5800/1497
