Previous Section  < Day Day Up >  Next Section

Chapter Synopsis

Chapter 1

Introduces the concepts behind network security and intrusion detection.

Chapter 2

Goes into some depth on how the systems on your network use the network to accomplish their tasks. The structure of packets will be examined, equipping you to recognize anomalous network traffic.

Chapter 3

Introduces you to getting Snort up and running quickly using the various command-line options. It discusses the various modes in which Snort can be used, including as a sniffer and packet logger.

Chapter 4

We examine how the "bad guys" attempt to probe, penetrate, persist, propagate, and paralyze your network and systems. Methods of detecting these methods are examined.

Chapter 5

Provides an in-depth examination of this central configuration file. The snort.conf file controls how Snort watches the network and detects malicious activity.

Chapter 6

Strategies for making a Snort deployment as effective and successful as possible are discussed in this chapter.

Chapter 7

The core of a signature-based intrusion detection system are the rules that recognize attacks in progress. One of the real strengths of Snort is the flexibility and discrimination of its rule sets.

Chapter 8

Several mechanisms and strategies can be employed that turn Snort from an intrusion detection system into an intrusion prevention system. These strategies are not without their own risks, however.

Chapter 9

This is perhaps the most important chapter. Proper tuning and thresholding allows security administrators to minimize the number of false positives generated by an IDS sensor, making their time spent working with Snort more efficient and effective.

Chapter 10

ACID is a popular, powerful, web-based IDS management system for managing alerts generated by Snort.

Chapter 11

SnortCenter makes administering multiple IDS sensors much easier.

Chapter 12

A wide variety of tools can help manage a Snort-based IDS deployment. Some of these solutions are more effective than others.

Chapter 13

If your intention is to deploy Snort as an IDS in a high-demand environment, this chapter will help by discussing strategies that ensure nothing is missed by overburdened sensors.

Appendix A

Provides the schemas for the Snort and ACID database tables in order to aid developers in creating new tools or modifying existing tools.

Appendix B

Presents the default snort.conf file for reference when reading the book and configuring sensors. The comments are actually quite good, too.

Appendix C

Provides a compilation of web resources and download sources from throughout the book.

    Previous Section  < Day Day Up >  Next Section