Sebastopol, CA–In olden days–say two or so years ago–an administrator would use a firewall to protect a network from attack. It was easy then to establish where your network ended and the Internet began. Not so today. “Technological advances and decreasing costs for wide area network technologies have eroded this concept of a perimeter,” explain Kerry Cox and Christopher Gerg, authors of “Managing Security with Snort and IDS Tools” (O’Reilly, US $39.95). “Virtual private networks, or VPNs, have all but replaced conventional dial-up modem pools,” they observe. “Most users have high-speed DSL or Cable Modem service, and the VPN makes the user feel like he’s sitting at his desk. Some VPNs use an appliance that sits on the perimeter of the network and has the capability of controlling how the network is used remotely.” While this is convenient for telecommuters, it’s a real risk for most networks. A virus- or worm-infected system on the user’s home network will have unfettered access to your network–a high-speed highway that allows rapid propagation of an aggressive worm.
But there are effective defenses, maintain Cox and Gerg: configure systems according to industry-accepted best practices, securely aggregate system logs in one place, segregate the network to control access and “wall-off” remote connections, and so on. And finally, take steps to detect and prevent intrusions on the network and systems. “The important thing to remember is not to trust a single component of your security framework for all your security,” Cox and Gerg remind readers. “If you are able to, apply security as close to the thing you are trying to secure as possible. These steps will help you stop at least eighty percent of the attacks. Intrusion detection should catch the remaining twenty percent.”
In “Managing Security with Snort and IDS Tools,” the authors show network and system administrators how to effectively employ the Snort Intrusion Detection System to fend off attack. A powerful open source tool, Snort watches a network constantly, inspecting all the traffic, on guard for suspicious activity, then warning the administrator when something fishy is going on.
As coauthor Gerg explains, Snort regularly outperforms more expensive and elaborate intrusion detection systems. “When consulting with clients looking into integrating intrusion detection into their environment, I found that many were looking for a commercial solution from one of the ‘big boys’ in the network security industry, but Snort is almost universally the right choice for people interested in network intrusion detection.”
Network, system, and security administrators who take a disciplined approach to security management will especially benefit from the book, Gerg notes. “These are people that check their system logs, know their environment, and know how the systems in their organization are used. These folks will benefit most from implementing network intrusion detection. And the content of our book is careful to explain things in a clear, step-by-step manner, so readers don’t have to be a guru-level security experts to put this information to work.”
While exploring the full range of Snort’s capabilities in “Managing Security with Snort and IDS Tools,” readers will learn how to:
-Use Snort as a simple packet sniffer, packet logger, or full-blown IDS
-Install and configure Snort
-Use Snort to detect attacks
-Manage Snort rules
-Customize Snort rules for or write new rules to respond to new kinds of attacks
-Use Snort as an Intrusion Prevention System
-Use Snort management consoles ACID and SnortCenter
-Use Oinkmaster for automatic rule updates and other tools
-Use Snort on high-bandwidth networks with tools like Barnyard, Sguil, and I(DS)2
Anyone who has ever watched traffic on a network knows how frequently it’s attacked. Although it is impossible to personally monitor even the most moderate bandwidth, administrators don’t have to operate blind. “Managing Security with Snort and IDS Tools” shows readers how to monitor their networks constantly, even while sleeping.
Chapter 6, “Deploying Snort,” is available online at:
For more information about the book, including table of contents, index, author bios, and samples, see:
For a cover graphic in JPEG format, go to:
Managing Security with Snort and IDS Tools
Kerry Cox and Christopher Gerg
ISBN 0-596-00661-6, 269 pages, $39.95 US, $57.95 CA
O’Reilly Media, Inc. is the premier information source for leading-edge computer technologies. The company’s books, conferences, and web sites bring to light the knowledge of technology innovators. O’Reilly books, known for the animals on their covers, occupy a treasured place on the shelves of the developers building the next generation of software. O’Reilly conferences and summits bring alpha geeks and forward-thinking business leaders together to shape the revolutionary ideas that spark new industries. From the Internet to XML, open source, .NET, Java, and web services, O’Reilly puts technologies on the map. For more information: http://www.oreilly.com