Intrusion detection is not for the faint at heart. But, if you are a network administrator chances are you're under increasing pressure to ensure that mission-critical systems are safe--in fact impenetrable--from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is a vital but daunting challenge. Because of this, a plethora of complex, sophisticated, and pricy software solutions are now available. In terms of raw power and features, SNORT, the most commonly used Open Source Intrusion Detection System, (IDS) has begun to eclipse many expensive proprietary IDSes. In terms of documentation or ease of use, however, SNORT can seem overwhelming. Which output plugin to use? How do you to email alerts to yourself? Most importantly, how do you sort through the immense amount of information Snort makes available to you? Many intrusion detection books are long on theory but short on specifics and practical examples. Not Managing Security with Snort and IDS Tools. This new book is a thorough, exceptionally practical guide to managing network security using Snort 2.1 (the latest release) and dozens of other high-quality open source other open source intrusion detection programs. Managing Security with Snort and IDS Tools covers reliable methods for detecting network intruders, from using simple packet sniffers to more sophisticated IDS (Intrusion Detection Systems) applications and the GUI interfaces for managing them. A comprehensive but concise guide for monitoring illegal entry attempts, this invaluable new book explains how to shut down and secure workstations, servers, firewalls, routers, sensors and other network devices. Step-by-step instructions are provided to quickly get up and running with Snort. Each chapter includes links for the programs discussed, and additional links at the end of the book give administrators access to numerous web sites for additional information and instructional material that will satisfy even the most serious security enthusiasts. Managing Security with Snort and IDS Tools maps out a proactive--and effective--approach to keeping your systems safe from attack.
Implement enterprise-wide security solutions based on detailed traffic and attack analysis In today’s converged networking environment, cyber crime is on the rise and getting more sophisticated every day. Malicious hackers lurk in dark corners, scanning for vulnerable systems and launching debilitating attacks. Intrusion Detection & Prevention shows you, step-by-step, how to mount a comprehensive defense, perform real-time security monitoring, and implement a proactive incident response plan. Major examples of IDS software are covered, including TCPDump, RealSecure, Cisco Secure IDS, Network Flight Recorder, and Snort 2.0. You’ll learn how to properly place and configure network sensors, analyze packets and TCP streams, correlate data, and counter attempted break-ins. Plus, you’ll get vital coverage of legal standards, business guidelines, and the future of intrusion prevention. Inside, learn to: * Identify and eliminate abnormal network traffic patterns and application-level abuses * Capture, store, and analyze network transactions with TCPDump * Deploy sensors, agents, and manager components in single-tiered, multi-tiered, and peer-to-peer architectures * Grab, filter, decode, and process data packets and TCP streams * Manage RealSecure Network Sensors, alerts, encryption keys, and reports * Implement ISS’s new central management system, SiteProtector 2.0 * Administer Cisco Secure IDS, Cisco Threat Response, and the Cisco Security Agent * Distribute CSIDS 4200 Series Sensors and Catalyst 6000 IDS modules * Use Snort 2.0 rules, outputs, and plug-ins to detect unauthorized activity * Monitor transactions with the Snort 2.0 Protocol Flow Analyzer * Perform packet inspection and protocol anomaly detection with Network Flight Recorder * Assess threat levels using data correlation, fusion, and vulnerability scanning
This superior text on computer security is extremely rich in information, based on experience, and a pleasure to read. In addition, the author is donating part of his royalties from this book to various charities--initially, a foundation that fights child abuse. Escamilla begins by exploring intrusion prevention systems--firewalls, user authentication routines, and access controls--and telling how to properly set up such systems. He then describes mechanisms that identify and minimize damage caused by electronic break-ins once they occur. The author covers both system-level and network-level intrusion-detection systems, describing tools that attempt to catch not only outsiders who have broken in, but also legitimate system users who are up to no good. Escamilla details several anti-intruder tools, including packet sniffers and vulnerability scanners. He describes a lot of Unix hacks and tells what you can do to prevent them from taking place on your systems. Other chapters focus on intrusions in Windows NT environments and what to do when your system is under attack. Escamilla closes with references to other sources. --David Wall Product Description A complete nuts-and-bolts guide to improving network security using today's best intrusion detection products