- Chapter 1
Introduces the concepts behind network security and intrusion
- Chapter 2
Goes into some depth on how the systems on your network use the
network to accomplish their tasks. The structure of packets will be
examined, equipping you to recognize anomalous network traffic.
- Chapter 3
Introduces you to getting Snort up and running quickly using the
various command-line options. It discusses the various modes in which
Snort can be used, including as a sniffer and packet logger.
- Chapter 4
We examine how the "bad guys"
attempt to probe, penetrate, persist, propagate, and paralyze your
network and systems. Methods of detecting these methods are examined.
- Chapter 5
Provides an in-depth examination of this central configuration file.
The snort.conf file controls how Snort watches
the network and detects malicious activity.
- Chapter 6
Strategies for making a Snort deployment as effective and successful
as possible are discussed in this chapter.
- Chapter 7
The core of a signature-based intrusion detection system are the
rules that recognize attacks in progress. One of the real strengths
of Snort is the flexibility and discrimination of its rule sets.
- Chapter 8
Several mechanisms and strategies can be employed that turn Snort
from an intrusion detection system into an intrusion prevention
system. These strategies are not without their own risks, however.
- Chapter 9
This is perhaps the most important chapter. Proper tuning and
thresholding allows security administrators to minimize the number of
false positives generated by an IDS sensor, making their time spent
working with Snort more efficient and effective.
- Chapter 10
ACID is a popular, powerful, web-based IDS management system for
managing alerts generated by Snort.
- Chapter 11
SnortCenter makes administering multiple IDS sensors much easier.
- Chapter 12
A wide variety of tools can help manage a Snort-based IDS deployment.
Some of these solutions are more effective than others.
- Chapter 13
If your intention is to deploy Snort as an IDS in a high-demand
environment, this chapter will help by discussing strategies that
ensure nothing is missed by overburdened sensors.
- Appendix A
Provides the schemas for the Snort and ACID database tables in order
to aid developers in creating new tools or modifying existing tools.
- Appendix B
Presents the default snort.conf file for
reference when reading the book and configuring sensors. The comments
are actually quite good, too.
- Appendix C
Provides a compilation of web resources and download sources from
throughout the book.