Intrusion Detection with SNORT:Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID - Rafeeq Ur Rehman - 9780131407336 - Sicherheit - Pearson Schweiz AG - Der Fachverlag fuer Bildungsmedien - 978-0-1314-0733-6

Home > Informatik > Sicherheit > Intrusion Detection with SNORT:Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID

Intrusion Detection with SNORT:Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID
Seite senden! 

Titel:   Intrusion Detection with SNORT:Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID
Reihe:   Prentice Hall
Autor:   Rafeeq Ur Rehman
Verlag:   Prentice Hall
Einband:   Softcover
Auflage:   1
Sprache:   Englisch
Seiten:   263
Erschienen:   Mai 2003
ISBN13:   9780131407336
ISBN10:   0-13-140733-3
Status:   Der Titel ist leider nicht mehr lieferbar. Sorry, This title is no longer available. Malheureusement ce titre est épuisé.
 

Intrusion Detection with SNORT:Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID

Description

Part of the Bruce Perens' Open Source Series, this book starts with introduction to intrusion detection and covers the five basic areas of Snort: 1)Installation. 2)Managing rules. 3)Managing input and out plugins. 4)Using MySQL with Snort to keep data in a database. 5)Web based user interface (ACID and Snortsnarf) to analyze data generated by Snort. In addition, the book contains appendices to provide information to readers including packet headers, XML DTD and so on.


Table of Contents


1. Introduction to Intrusion Detection and Snort.

What is Intrusion Detection? IDS Policy. Components of Snort. Dealing with Switches. TCP Stream Follow Up. Supported Platforms. How to Protect IDS Itself. References.



2. Installing Snort and Getting Started.

Snort Installation Scenarios. Installing Snort. Running Snort on Multiple Network Interfaces. Snort Command Line Options. Step-By-Step Procedure to Compile and Install Snort From Source Code. Location of Snort Files. Snort Modes. Snort Alert Modes. Running Snort in Stealth Mode. References.



3. Working with Snort Rules.

TCP/IP Network Layers. The First Bad Rule. CIDR. Structure of a Rule. Rule Headers. Rule Options. The Snort Configuration File. Order of Rules Based upon Action. Automatically Updating Snort Rules. Default Snort Rules and Classes. Sample Default Rules. Writing Good Rules. References.



4. Plugins, Preprocessors and Output Modules.

Preprocessors. Output Modules. Using BPF Fileters. References.



5. Using Snort with MySQL.

Making Snort Work with MySQL. Secure Logging to Remote Databases Securely Using Stunnel. Snort Database Maintenance. References.



6. Using ACID and SnortSnarf with Snort.

What is ACID? Installation and Configuration. Using ACID. SnortSnarf. Barnyard. References.



7. Miscellaneous Tools.

SnortSam. IDS Policy Manager. Securing the ACID Web Console. Easy IDS. References.



Appendix A: Introduction to tcpdump.


Appendix B: Getting Started with MySQL.


Appendix C: Packet Header Formats.


Appendix D: Glossary.


Appendix E: SNML DTD.


Index.
Zum Seitenanfang

Back Cover

Protect your network with Snort: the high-performance, open source IDS

Snort gives network administrators an open source intrusion detection system that outperforms proprietary alternatives. Now, Rafeeq Ur Rehman explains and simplifies every aspect of deploying and managing Snort in your network. You'll discover how to monitor all your network traffic in real time; update Snort to reflect new security threats; automate and analyze Snort alerts; and more. Best of all, Rehman's custom scripts integrate Snort with Apache, MySQL, PHP, and ACID-so you can build and optimize a complete IDS solution more quickly than ever before.

  • An expert introduction to intrusion detection and the role of Snort
  • Writing and updating Snort rules to reflect the latest attacks and exploits
  • Contains detailed coverage of Snort plug-ins, preprocessors, and output modules
  • Logging alerts to a MySQL database
  • Using ACID to search, process, and analyze security alerts
  • Using SnortSnarf to analyze Snort log files
  • XML support for Snort via the Simple Network Markup Language (SNML)
FTP Site

The accompanying ftp site contains all the software, scripts, and rules you need to get started with Snort.

About the Open Source Series

Bruce Perens' Open Source Series is a definitive series of Linux and Open Source books by the world's leading Linux software developers. Bruce Perens is the primary author of The Open Source Definition, the formative document of the open source movement, and the former Debian GNU/Linux Project Leader. The text of this book is Open Source licensed

Zum Seitenanfang

Author

RAFEEQ UR REHMAN is founding director of Argus Network Security Services, Inc. He is an HP Certified System Administrator and CCNA with more than nine years' experience in UNIX and network administration, as well as C and database programming. His books include The Linux Development Platform; Solaris 8 Training Guide (310-043): Network Administrator Certification; and HP Certified: HP-UX System Administration. He is a contributing writer for SysAdmin Journal and Linux Journal.
Zum Seitenanfang