Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Intrusion Detection with Snort", Jack Koziol

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKINDTSN.RVW 20030901 Intrusion Detection with Snort , Jack Koziol, 2003, 1-57870-281-X, U$45.00/C$69.99/UK#32.99 %A Jack Koziol %C 201 W. 103rd Street,
    Message 1 of 1 , Oct 6, 2003
    • 0 Attachment
      BKINDTSN.RVW 20030901

      "Intrusion Detection with Snort", Jack Koziol, 2003, 1-57870-281-X,
      U$45.00/C$69.99/UK#32.99
      %A Jack Koziol
      %C 201 W. 103rd Street, Indianapolis, IN 46290
      %D 2003
      %G 1-57870-281-X
      %I Macmillan Computer Publishing (MCP)
      %O U$45.00/C$69.99/UK#32.99 800-858-7674 info@...
      %O http://www.amazon.com/exec/obidos/ASIN/157870281X/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/157870281X/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/157870281X/robsladesin03-20
      %P 340 p.
      %T "Intrusion Detection with Snort"

      Chapter one is a good introduction to the basics of intrusion
      detection, although it is odd that the list of detection methods is
      missing some important entries, such as heuristic rule-based and
      statistical methods. The background overview of Snort, in chapter
      two, describes alerts, related applications, and even has
      recommendations for sensor net architecture. Most of the content in
      regard to the components of Snort, in chapter three, deals with the
      preprocessors, and various attack signatures. Chapter four's advice
      about planning for the installation of Snort is broadly based,
      addressing policy, architecture, and even incident response, but the
      material is quite abstract, and could have benefitted from more
      practical examples. Some of these missing considerations are dealt
      with in chapter five, which looks at hardware and operating system
      factors. The text concentrates on server and sensor performance, but
      also addresses the network connection. Directions on building a Snort
      server under Red Hat Linux version 7.3 are given in chapter six. The
      sensor and console instructions are provided in chapters seven and
      eight, respectively. A few optional architectures are described in
      chapter nine.

      Chapter ten deals with tuning various rulesets and components in order
      to reduce the level of false alarms. Creating real-time alert systems
      is discussed in chapter eleven. Chapter twelve is a major one,
      outlining the creation and modification of rules for filtering and
      analyzing traffic. Chapter thirteen is supposed to be about upgrading
      and maintaining Snort, but concentrates on ancillary management tools.
      Advanced or unusual configurations of Snort are described in chapter
      fourteen.

      The book is generally lucidly written and easy to study, but it
      contains many typographical errors and a great deal of clumsy wording
      in the text. Better copy editing word have improved readability, as
      well as confidence in the reliability of various commands and
      settings. However, the meaning is usually clear, even if the
      expression is sometimes jarring. For those planning to use Snort,
      this should be a serviceable introduction.

      copyright Robert M. Slade, 2003 BKINDTSN.RVW 20030901


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      The size of a man is determined by what makes him mad.
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.