O’Reilly news

"Managing Security with Snort and IDS Tools": Intrusion Detection with Open Source Tools

September 13, 2004

Sebastopol, CA--In olden days--say two or so years ago--an administrator would use a firewall to protect a network from attack. It was easy then to establish where your network ended and the Internet began. Not so today. "Technological advances and decreasing costs for wide area network technologies have eroded this concept of a perimeter," explain Kerry Cox and Christopher Gerg, authors of Managing Security with Snort and IDS Tools (O'Reilly, US $39.95). "Virtual private networks, or VPNs, have all but replaced conventional dial-up modem pools," they observe. "Most users have high-speed DSL or Cable Modem service, and the VPN makes the user feel like he's sitting at his desk. Some VPNs use an appliance that sits on the perimeter of the network and has the capability of controlling how the network is used remotely." While this is convenient for telecommuters, it's a real risk for most networks. A virus- or worm-infected system on the user's home network will have unfettered access to your network--a high-speed highway that allows rapid propagation of an aggressive worm.

But there are effective defenses, maintain Cox and Gerg: configure systems according to industry-accepted best practices, securely aggregate system logs in one place, segregate the network to control access and "wall-off" remote connections, and so on. And finally, take steps to detect and prevent intrusions on the network and systems. "The important thing to remember is not to trust a single component of your security framework for all your security," Cox and Gerg remind readers. "If you are able to, apply security as close to the thing you are trying to secure as possible. These steps will help you stop at least eighty percent of the attacks. Intrusion detection should catch the remaining twenty percent."

In Managing Security with Snort and IDS Tools, the authors show network and system administrators how to effectively employ the Snort Intrusion Detection System to fend off attack. A powerful open source tool, Snort watches a network constantly, inspecting all the traffic, on guard for suspicious activity, then warning the administrator when something fishy is going on.

As coauthor Gerg explains, Snort regularly outperforms more expensive and elaborate intrusion detection systems. "When consulting with clients looking into integrating intrusion detection into their environment, I found that many were looking for a commercial solution from one of the 'big boys' in the network security industry, but Snort is almost universally the right choice for people interested in network intrusion detection."

Network, system, and security administrators who take a disciplined approach to security management will especially benefit from the book, Gerg notes. "These are people that check their system logs, know their environment, and know how the systems in their organization are used. These folks will benefit most from implementing network intrusion detection. And the content of our book is careful to explain things in a clear, step-by-step manner, so readers don't have to be a guru-level security experts to put this information to work."

While exploring the full range of Snort's capabilities in Managing Security with Snort and IDS Tools, readers will learn how to:

  • Use Snort as a simple packet sniffer, packet logger, or full-blown IDS
  • Install and configure Snort
  • Use Snort to detect attacks
  • Manage Snort rules
  • Customize Snort rules for or write new rules to respond to new kinds of attacks
  • Use Snort as an Intrusion Prevention System
  • Use Snort management consoles ACID and SnortCenter
  • Use Oinkmaster for automatic rule updates and other tools
  • Use Snort on high-bandwidth networks with tools like Barnyard, Sguil, and I(DS)2
  • Anyone who has ever watched traffic on a network knows how frequently it's attacked. Although it is impossible to personally monitor even the most moderate bandwidth, administrators don't have to operate blind. Managing Security with Snort and IDS Tools shows readers how to monitor their networks constantly, even while sleeping.

    Additional Resources:

    Managing Security with Snort and IDS Tools
    Kerry Cox and Christopher Gerg
    ISBN 0-596-00661-6, 269 pages, $39.95 US, $57.95 CA
    1-800-998-9938; 1-707-827-7000

    About O’Reilly

    O’Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O’Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying “faint signals” from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.

    Email a link to this press release