05534nam 2200733Ia 450 991045634790332120200520144314.01-281-05609-X97866110560940-08-048100-0(CKB)111086906342794(EBL)294371(OCoLC)174131088(SSID)ssj0000763214(PQKBManifestationID)11393826(PQKBTitleCode)TC0000763214(PQKBWorkID)10761930(PQKB)11265429(SSID)ssj0000078026(PQKBManifestationID)11110364(PQKBTitleCode)TC0000078026(PQKBWorkID)10060837(PQKB)11752647(MiAaPQ)EBC294371(CaSebORM)9780080481005(Au-PeEL)EBL294371(CaPaEBR)ebr10026374(CaONFJC)MIL105609(OCoLC)935246404(EXLCZ)9911108690634279420030519d2003 uy 0engur|n|---|||||txtccrSnort 2.0 intrusion detection[electronic resource] /Jay Beale, James C. Foster1st editionRockland Syngress ;Oxford Elsevier Sciencec20031 online resource (559 p.)Includes index.1-931836-74-4 Front Cover; Snort 2.0 Intrusion Detection; Copyright Page; Contents; Chapter 1. Intrusion Detection Systems; Introduction; What Is Intrusion Detection?; A Trilogy of Vulnerabilities; Why Are Intrusion Detection Systems Important?; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 2. Introducing Snort 2.0; Introduction; What Is Snort?; Snort System Requirements; Exploring Snort's Features; Using Snort on Your Network; Security Considerations with Snort; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 3. Installing Snort; IntroductionA Brief Word about Linux DistributionsInstalling PCAP; Installing Snort; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 4. Snort: The Inner Workings; Introduction; Snort Components; Decoding Packets; Processing Packets 101; Understanding Rule Parsing and Detection Engines; Output and Logs; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 5. Playing by the Rules; Introduction; Understanding Configuration Files; The Rule Header; The Rule Body; Components of a Good Rule; Testing Your Rules; Tuning Your Rules; Summary; Solutions Fast TrackFrequently Asked QuestionsChapter 6. Preprocessors; Introduction; What Is a Preprocessor?; Preprocessor Options for Reassembling Packets; Preprocessor Options for Decoding and Normalizing Protocols; Preprocessor Options for Nonrule or Anomaly-Based Detection; Experimental Preprocessors; Writing Your Own Preprocessor; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 7. Implementing Snort Output Plug-Ins; Introduction; What Is an Output Plug-In?; Exploring Output Plug-In Options; Writing Your Own Output Plug-In; Summary; Solutions Fast Track; Frequently Asked QuestionsChapter 8. Exploring the Data Analysis ToolsIntroduction; Using Swatch; Using ACID; Using SnortSnarf; Using IDScenter; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 9. Keeping Everything Up to Date; Introduction; Applying Patches; Updating Rules; Testing Rule Updates; Watching for Updates; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 10. Optimizing Snort; Introduction; How Do I Choose What Hardware to Use?; How Do I Choose What Operating System to Use?; Speeding Up Your Snort Installation; Benchmarking Your Deployment; Summary; Solutions Fast TrackFrequently Asked QuestionsChapter 11. Mucking Around with Barnyard; Introduction; What Is Barnyard?; Preparation and Installation of Barnyard; How Does Barnyard Work?; What Are the Output Options for Barnyard?; But I Want My Output Like ""This""; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 12. Advanced Snort; Introduction; Policy-Based IDS; Inline IDS; Summary; Solutions Fast Track; Frequently Asked Questions; Index; GNU GENERAL PUBLIC LICENSE; TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION; END OF TERMS AND CONDITIONSSYNGRESS PUBLISHING LICENSE AGREEMENTThe incredible low maintenance costs of Snort combined with its powerful security features make it one of the fastest growing IDSs within corporate IT departments. Snort 2.0 Intrusion Detection is the first book dealing with the Snort IDS and is written by a member of Snort.org. Readers will receive valuable insight to the code base of Snort and in-depth tutorials of complex installation, configuration, and troubleshooting scenarios. The primary reader will be an individual who has a working knowledge of the TCP/IP protocol, expertise in some arena of IT infrastructure, and is Computer networksSecurity measuresComputer securityElectronic books.Computer networksSecurity measures.Computer security.005.8Beale Jay627575Foster James C156401MiAaPQMiAaPQMiAaPQBOOK9910456347903321Snort 2.0 intrusion detection2465463UNINA