If you are a network administrator, you're under a lot of pressure to
ensure that mission-critical systems are completely safe from malicious
code, buffer overflows, stealth port scans, SMB probes, OS
fingerprinting attempts, CGI attacks, and other network intruders.
Designing a reliable way to detect intruders before they get in is an
essential--but often overwhelming--challenge. Snort, the defacto open
source standard of intrusion detection tools, is capable of performing
real-time traffic analysis and packet logging on IP network. It can
perform protocol analysis, content searching, and matching. Snort can
save countless headaches; the new Snort Cookbook will save countless
hours of sifting through dubious online advice or wordy tutorials in
order to leverage the full power of SNORT.Each recipe in the popular and
practical problem-solution-discussion O'Reilly cookbook format contains
a clear and thorough description of the problem, a concise but complete
discussion of a solution, and real-world examples that illustrate that
solution. The Snort Cookbook covers important issues that sys admins
and security pros will us everyday, such as:
- installation
- optimization
- logging
- alerting
- rules and signatures
- detecting viruses
- countermeasures
- detecting common attacks
- administration
- honeypots
- log analysis
But the Snort Cookbook offers far more than quick cut-and-paste
solutions to frustrating security issues. Those who learn best in the
trenches--and don't have the hours to spare to pore over tutorials or
troll online for best-practice snippets of advice--will find that the
solutions offered in this ultimate Snort sourcebook not only solve
immediate problems quickly, but also showcase the best tips and tricks
they need to master be security gurus--and still have a life.