Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > REVIEW: "Intrusion Detection with Snort", Jack Koziol

Thread Tools

REVIEW: "Intrusion Detection with Snort", Jack Koziol

Rob Slade, doting grandpa of Ryan and Trevor
Posts: n/a

"Intrusion Detection with Snort", Jack Koziol, 2003, 1-57870-281-X,
%A Jack Koziol
%C 201 W. 103rd Street, Indianapolis, IN 46290
%D 2003
%G 1-57870-281-X
%I Macmillan Computer Publishing (MCP)
%O U$45.00/C$69.99/UK#32.99 800-858-7674 Removed)
%P 340 p.
%T "Intrusion Detection with Snort"

Chapter one is a good introduction to the basics of intrusion
detection, although it is odd that the list of detection methods is
missing some important entries, such as heuristic rule-based and
statistical methods. The background overview of Snort, in chapter
two, describes alerts, related applications, and even has
recommendations for sensor net architecture. Most of the content in
regard to the components of Snort, in chapter three, deals with the
preprocessors, and various attack signatures. Chapter four's advice
about planning for the installation of Snort is broadly based,
addressing policy, architecture, and even incident response, but the
material is quite abstract, and could have benefitted from more
practical examples. Some of these missing considerations are dealt
with in chapter five, which looks at hardware and operating system
factors. The text concentrates on server and sensor performance, but
also addresses the network connection. Directions on building a Snort
server under Red Hat Linux version 7.3 are given in chapter six. The
sensor and console instructions are provided in chapters seven and
eight, respectively. A few optional architectures are described in
chapter nine.

Chapter ten deals with tuning various rulesets and components in order
to reduce the level of false alarms. Creating real-time alert systems
is discussed in chapter eleven. Chapter twelve is a major one,
outlining the creation and modification of rules for filtering and
analyzing traffic. Chapter thirteen is supposed to be about upgrading
and maintaining Snort, but concentrates on ancillary management tools.
Advanced or unusual configurations of Snort are described in chapter

The book is generally lucidly written and easy to study, but it
contains many typographical errors and a great deal of clumsy wording
in the text. Better copy editing word have improved readability, as
well as confidence in the reliability of various commands and
settings. However, the meaning is usually clear, even if the
expression is sometimes jarring. For those planning to use Snort,
this should be a serviceable introduction.

copyright Robert M. Slade, 2003 BKINDTSN.RVW 20030901

(E-Mail Removed) (E-Mail Removed) (E-Mail Removed)
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
============= for back issues:
[Base URL] site
or mirror
CISSP refs: [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Security Educ.:
Review mailing list: send mail to (E-Mail Removed)

Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
re basic info (fao Jack) geepeetee Wireless Networking 1 03-28-2006 11:04 PM
Supply Telephone Voice Modular Adapters,Telephone Modular Couplers,Modular Duplex Jack,Triplex Adapters,Telephone extension Cord Cisco 1 11-13-2005 09:23 AM
Supply Telephone Accessories,Modular Adapters Couplers,Duplex Jack,Triplex Adapters,ADSL Adapters,Plug With RJ12 Jacks Cisco 0 11-10-2005 07:47 AM
SMA Jack-Plug-Jack Tee Jim Wireless Networking 2 10-25-2004 09:45 AM
Best place to jack off on the internet Consultant MCSD 0 08-31-2004 06:52 AM