My Account Log in

1 option

Managing security with Snort and IDS tools / Kerry Cox and Christopher Gerg.

O'Reilly Online Learning: Academic/Public Library Edition Available online

View online
Format:
Book
Author/Creator:
Cox, Kerry.
Contributor:
Gerg, Christopher.
Language:
English
Subjects (All):
Snort (Software).
Computer security.
Computers--Access control.
Computers.
Intrusion detection systems (Computer security).
Physical Description:
1 online resource (288 p.)
Edition:
First edition.
Place of Publication:
Beijing ; Sebastopol, California : O'Reilly, 2004.
Language Note:
English
System Details:
text file
Summary:
Intrusion detection is not for the faint at heart. But, if you are a network administrator chances are you're under increasing pressure to ensure that mission-critical systems are safe--in fact impenetrable--from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is a vital but daunting challenge. Because of this, a plethora of complex, sophisticated, and pricy software solutions are now available. In terms of raw power and features
Contents:
Managing Security with Snort and IDS Tools; About This Book; Assumptions This Book Makes; Chapter Synopsis; Conventions Used in This Book; Comments and Questions; Acknowledgments; Christopher Gerg; 1. Introduction; 1.2. Defense-in-Depth; 1.3. Detecting Intrusions (a Hierarchy of Approaches); 1.4. What Is NIDS (and What Is an Intrusion)?; 1.5. The Challenges of Network Intrusion Detection; 1.5.2. False Positives; 1.5.3. Missing Prerequisites; 1.5.4. Unrealistic Expectations; 1.6. Why Snort as an NIDS?; 1.7. Sites of Interest; 2. Network Traffic Analysis; 2.1.2. UDP; 2.1.3. IP; 2.1.4. ICMP
2.1.5. ARP2.2. Dissecting a Network Packet; 2.2.2. The TCP Header; 2.3. Packet Sniffing; 2.4. Installing tcpdump; 2.5. tcpdump Basics; 2.6. Examining tcpdump Output; 2.7. Running tcpdump; 2.7.2. tcpdump Filters; 2.7.3. tcpdump Capture of the TCP Three-Way Handshake; 2.8. ethereal; 2.8.2. Available Options; 2.8.3. ethereal Capture of TCP Three-Way Handshake; 2.8.4. Tethereal; 2.9. Sites of Interest; 3. Installing Snort; 3.2. Installing Snort; 3.2.2. Windows Installations; 3.2.3. Staying Current; 3.3. Command-Line Options; 3.4. Modes of Operation; 3.4.2. Snort as a Packet Logger
3.4.3. Snort as an NIDS: Quick and Dirty3.4.3.2. Initial configuration of the snort.conf file; 4. Know Your Enemy; 4.1.2. Professionals; 4.1.3. Disgruntled Current and Former Employees and Contractors; 4.1.4. Robots and Worms; 4.2. Anatomy of an Attack: The Five Ps; 4.2.1.2. Portscans and software version-mapping; 4.2.1.3. Automated vulnerability scanners; 4.2.1.4. Web page scanners; 4.2.1.5. Other probe tools; 4.2.2. Penetrate; 4.2.2.2. Buffer overflows; 4.2.2.3. Application behavior boundary flaws; 4.2.2.4. System configuration errors; 4.2.2.5. User input validation problems; 4.2.3. Persist
4.2.4. Propagate4.2.5. Paralyze; 4.3. Denial-of-Service; 4.4. IDS Evasion; 4.5. Sites of Interest; 5. The snort.conf File; 5.2. Snort Decoder and Detection Engine Configuration; 5.3. Preprocessor Configurations; 5.3.2. frag2; 5.3.3. stream4; 5.3.4. stream4_reassemble; 5.3.5. HTTP Inspect Preprocessor; 5.3.5.2. http_inspect_server; 5.3.6. rpc_decode; 5.3.7. bo; 5.3.8. telnet_decode; 5.3.9. flow-portscan; 5.3.10. arpspoof; 5.3.11. perfmonitor; 5.4. Output Configurations; 5.4.2. log_tcpdump; 5.4.3. Database; 5.4.3.2. PostgreSQL; 5.4.3.3. ODBC; 5.4.3.4. MsSQL; 5.4.3.5. Oracle; 5.4.4. unified
5.5. File Inclusions6. Deploying Snort; 6.2. Initial Configuration; 6.3. Sensor Placement; 6.3.2. Creating Connection Points; 6.3.3. Encrypted Traffic; 6.4. Securing the Sensor Itself; 6.4.2. Configure Interfaces; 6.4.3. Disable Unnecessary Services; 6.4.4. Apply Patches and Updates; 6.4.5. Utilize Robust Authentication; 6.4.6. Monitor System Logs; 6.5. Using Snort More Effectively; 6.6. Sites of Interest; 7. Creating and Managing Snort Rules; 7.2. The Rule Sets; 7.3. Creating Your Own Rules; 7.3.2. Rule Options; 7.3.3. Common Rule Options; 7.4. Rule Execution; 7.5. Keeping Things Up-to-Date
7.6. Sites of Interest
Notes:
Includes index.
Description based on online resource; title from PDF title page (ebrary, viewed October 5, 2013).
ISBN:
9780596517847
059651784X
9780596552435
0596552432
OCLC:
609840885

The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.

Find

Home Release notes

My Account

Shelf Request an item Bookmarks Fines and fees Settings

Guides

Using the Find catalog Using Articles+ Using your account