Suchen und Finden
Service
Snort Intrusion Detection 2.0
Syngress
Verlag Elsevier Reference Monographs, 2003
ISBN 9780080481005 , 550 Seiten
Format PDF, ePUB, OL
Kopierschutz DRM
Geräte
Front Cover
1
Snort 2.0 Intrusion Detection
4
Copyright Page
5
Contents
16
Chapter 1. Intrusion Detection Systems
28
Introduction
29
What Is Intrusion Detection?
29
A Trilogy of Vulnerabilities
35
Why Are Intrusion Detection Systems Important?
43
Summary
50
Solutions Fast Track
50
Frequently Asked Questions
53
Chapter 2. Introducing Snort 2.0
54
Introduction
55
What Is Snort?
56
Snort System Requirements
58
Exploring Snort's Features
60
Using Snort on Your Network
68
Security Considerations with Snort
81
Summary
85
Solutions Fast Track
85
Frequently Asked Questions
87
Chapter 3. Installing Snort
88
Introduction
89
A Brief Word about Linux Distributions
90
Installing PCAP
92
Installing Snort
102
Summary
116
Solutions Fast Track
116
Frequently Asked Questions
118
Chapter 4. Snort: The Inner Workings
120
Introduction
121
Snort Components
122
Decoding Packets
130
Processing Packets 101
133
Understanding Rule Parsing and Detection Engines
141
Output and Logs
151
Summary
163
Solutions Fast Track
163
Frequently Asked Questions
165
Chapter 5. Playing by the Rules
168
Introduction
169
Understanding Configuration Files
170
The Rule Header
177
The Rule Body
188
Components of a Good Rule
205
Testing Your Rules
212
Tuning Your Rules
214
Summary
219
Solutions Fast Track
219
Frequently Asked Questions
222
Chapter 6. Preprocessors
224
Introduction
225
What Is a Preprocessor?
226
Preprocessor Options for Reassembling Packets
227
Preprocessor Options for Decoding and Normalizing Protocols
243
Preprocessor Options for Nonrule or Anomaly-Based Detection
251
Experimental Preprocessors
255
Writing Your Own Preprocessor
261
Summary
287
Solutions Fast Track
288
Frequently Asked Questions
291
Chapter 7. Implementing Snort Output Plug-Ins
294
Introduction
295
What Is an Output Plug-In?
295
Exploring Output Plug-In Options
298
Writing Your Own Output Plug-In
316
Summary
326
Solutions Fast Track
327
Frequently Asked Questions
328
Chapter 8. Exploring the Data Analysis Tools
330
Introduction
331
Using Swatch
331
Using ACID
338
Using SnortSnarf
359
Using IDScenter
364
Summary
375
Solutions Fast Track
376
Frequently Asked Questions
377
Chapter 9. Keeping Everything Up to Date
380
Introduction
381
Applying Patches
381
Updating Rules
382
Testing Rule Updates
391
Watching for Updates
396
Summary
397
Solutions Fast Track
397
Frequently Asked Questions
399
Chapter 10. Optimizing Snort
402
Introduction
403
How Do I Choose What Hardware to Use?
403
How Do I Choose What Operating System to Use?
409
Speeding Up Your Snort Installation
416
Benchmarking Your Deployment
422
Summary
433
Solutions Fast Track
434
Frequently Asked Questions
435
Chapter 11. Mucking Around with Barnyard
438
Introduction
439
What Is Barnyard?
440
Preparation and Installation of Barnyard
440
How Does Barnyard Work?
445
What Are the Output Options for Barnyard?
457
But I Want My Output Like "This"
458
Summary
483
Solutions Fast Track
484
Frequently Asked Questions
485
Chapter 12. Advanced Snort
488
Introduction
489
Policy-Based IDS
489
Inline IDS
505
Summary
528
Solutions Fast Track
528
Frequently Asked Questions
529
Index
530
GNU GENERAL PUBLIC LICENSE
551
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
552
END OF TERMS AND CONDITIONS
555
SYNGRESS PUBLISHING LICENSE AGREEMENT
557
Service
Shop