Snort

About This Book

Snort For Dummies is a reference guide for installing, configuring, deploying and managing Snort IDS sensors on your network. This book covers every­thing from why you need an IDS, to installing Snort, to dealing with network attacks, to deploying multiple Snort sensors. There are thousands of ways that Snort can be deployed and a myriad of databases, logging systems, and tools it works with. We focus on the tools and techniques that are widely deployed and known to work best with Snort, all the while remaining generic enough that the information should be helpful no matter what your situation.

How This Book Is Organized

This book is organized into four parts: three regular-chapter parts and a Part of Tens. There’s also an Appendix. These parts are modular, so you can jump around from part to part if needed. Each chapter provides practical installa­tion, configuration, and administration information on running a Snort IDS and its more useful components.

Part I: Getting to Know Snort and Intrusion Detection

This part covers the basics of getting Snort up and running. It starts by show­ing you what Snort is capable of and why it’s one of the best intrusion detec­tion systems out there. It then shows you where to put Snort on your network. Finally, it shows you how to install Snort on both Linux and Windows systems.

Part II: Administering Your Snort Box

This part covers the day-to-day tasks of running your Snort IDS. It starts by showing you how to use Snort’s primary output: logs and alerts. Once you have that down, it takes you through installing the ACID console for getting visuals. Snort’s intrusion detection rules are at the core of its operation, so it shows you how to create new rules and tweak them to reduce alerts that don’t pertain to you. Finally, it shows you how to deal with an actual attack against your computer systems!

Part III: Moving Beyond the Basics

This part takes you into some of those more advanced features of Snort. It starts by showing you how to send yourself real-time alerts when your net­work is being attacked. Upgrading your Snort rules or Snort itself can seem like daunting tasks, but we show you how to do both. If you have a large net­work, you should take advantage of Snort’s scalability and run multiple Snort sensors. Finally, this part shows you how to use Snort’s unified logging fea­ture and Barnyard to offload log processing from your Snort sensors.

Part IV: The Part of Tens

This part points you to tools and resources to help you get the most out of your Snort IDS. It starts by showing you the top ten coolest tools for Snort, many of which help you visualize what Snort’s telling you, or e-mail you con­venient summaries of Snort’s alert information. Finally, it tells you where you can go for extra Snort help and information.
Read Comments To Download