|
Snort IDS & IPS Toolkit
This fully integrated book, CD, and Web toolkit covers
everything from packet inspection to optimizing Snort for
speed to using the most advanced features of Snort to defend
even the largest and most congested enterprise networks.
Leading Snort experts Brian Caswell, Andrew Baker, and Jay
Beale analyze traffic from real attacks
to demonstrate the
best practices for implementing the most powerful Snort
features. The accompanying CD contains examples from real
attacks allowing readers test their new skills.
The book begins with a discussion of packet inspection and
the progression from intrusion detection to intrusion
prevention. The authors provide examples of packet
inspection methods including: protocol standards compliance,
protocol anomaly detection, application control, and
signature matching. In addition, application-level
vulnerabilities including Binary Code in HTTP headers,
HTTP/HTTPS Tunneling, URL Directory Traversal, Cross-Site
Scripting, and SQL Injection will also be analyzed.
Next, a detailed chapter on configuring Snort highlights
various methods for fine tuning your installation to
optimize Snort performance including hardware/OS selection,
finding and eliminating bottlenecks, and benchmarking and
testing your deployment. A special chapter also details how
to use Barnyard to improve the overall performance of Snort.
Next, best practices will be presented allowing readers to
enhance the performance of Snort for even the largest and
most complex networks. The next chapter reveals the inner
workings of Snort by analyzing the source code. The next
several chapters will detail how to write, modify, and
fine-tune basic to advanced rules and pre-processors.
Detailed analysis of real packet captures will be provided
both in the book and the accompanying CD.
The last part of the book contains several chapters on
active response, intrusion prevention, and using Snort's
most advanced capabilities for everything from forensics and
incident handling to building and analyzing honey pots. Data
from real world attacks will be presented throughout this
part as well as on the accompanying CD.
Chapter 1: From IDS to IPS and Beyond
Chapter 2: Packet Inspection for Intrusion Analysis
Chapter 3: Installing Snort for Optimum Performance
Chapter 4: Fine Tuning Snort for Speed
Chapter 5: Improving Snort Performance with Barnyard
Chapter 6: Analyzing Snorts Source Code and Inner Workings
Chapter 7: Writing, Modifying, and Optimizing Preprocessors
Chapter 8: Writing, Modifying, and Optimizing Rules
Chapter 9: Mastering Output Plug-Ins, Reporting, and Log Management
Chapter 10: Best Practices for Monitoring Sensors
Chapter 11: Real World Attack Analysis
Chapter 12: Active Response and Intrusion Prevention
Chapter 13: Forensic Analysis and Incident Handling
Chapter 14: Building a Honeynet with Snort
|
