REVIEW: "Intrusion Detection with Snort", Rafeeq Ur Rehman
- BKIDWSAI.RVW 20030902
"Intrusion Detection with Snort", Rafeeq Ur Rehman, 2003,
%A Rafeeq Ur Rehman
%C One Lake St., Upper Saddle River, NJ 07458
%I Prentice Hall
%O U$39.99/C$62.99 +1-201-236-7139 fax: +1-201-236-7131
%P 263 p.
%T "Intrusion Detection with Snort"
Chapter one is a very simple introduction to intrusion detection and
Snort. Beginning with a brief look at topology, chapter two runs
through an installation of Snort, but does not provide much in the way
of explanation or recommendation at the various points. The coverage
of Snort rule creation and syntax, in chapter three, is clear and
reasonable, but could use more examples of malicious packets and how
they might be identified. Chapter four does explain some exploit
rules, in discussing preprocessors, but briefly, and then goes on to
output options. Chapters five, six, and seven describe MySQL, ACID
(Analysis Console for Intrusion Databases), and other tools for using
Snort in conjunction with collected information.
This is a decent printed documentation for the system, but not much
copyright Robert M. Slade, 2003 BKIDWSAI.RVW 20030902
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
Of all things, good sense is the most fairly distributed:
everyone thinks he is so well supplied with it that even those
who are the hardest to satisfy in every other respect never
desire more of it than they already have.
- Rene Descartes (1596-1650), Discours de la Methode (1637)
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade