REVIEW: "Intrusion Detection with Snort", Jack Koziol

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Oct 7, 2003.

  1. BKINDTSN.RVW 20030901

    "Intrusion Detection with Snort", Jack Koziol, 2003, 1-57870-281-X,
    %A Jack Koziol
    %C 201 W. 103rd Street, Indianapolis, IN 46290
    %D 2003
    %G 1-57870-281-X
    %I Macmillan Computer Publishing (MCP)
    %O U$45.00/C$69.99/UK#32.99 800-858-7674
    %P 340 p.
    %T "Intrusion Detection with Snort"

    Chapter one is a good introduction to the basics of intrusion
    detection, although it is odd that the list of detection methods is
    missing some important entries, such as heuristic rule-based and
    statistical methods. The background overview of Snort, in chapter
    two, describes alerts, related applications, and even has
    recommendations for sensor net architecture. Most of the content in
    regard to the components of Snort, in chapter three, deals with the
    preprocessors, and various attack signatures. Chapter four's advice
    about planning for the installation of Snort is broadly based,
    addressing policy, architecture, and even incident response, but the
    material is quite abstract, and could have benefitted from more
    practical examples. Some of these missing considerations are dealt
    with in chapter five, which looks at hardware and operating system
    factors. The text concentrates on server and sensor performance, but
    also addresses the network connection. Directions on building a Snort
    server under Red Hat Linux version 7.3 are given in chapter six. The
    sensor and console instructions are provided in chapters seven and
    eight, respectively. A few optional architectures are described in
    chapter nine.

    Chapter ten deals with tuning various rulesets and components in order
    to reduce the level of false alarms. Creating real-time alert systems
    is discussed in chapter eleven. Chapter twelve is a major one,
    outlining the creation and modification of rules for filtering and
    analyzing traffic. Chapter thirteen is supposed to be about upgrading
    and maintaining Snort, but concentrates on ancillary management tools.
    Advanced or unusual configurations of Snort are described in chapter

    The book is generally lucidly written and easy to study, but it
    contains many typographical errors and a great deal of clumsy wording
    in the text. Better copy editing word have improved readability, as
    well as confidence in the reliability of various commands and
    settings. However, the meaning is usually clear, even if the
    expression is sometimes jarring. For those planning to use Snort,
    this should be a serviceable introduction.

    copyright Robert M. Slade, 2003 BKINDTSN.RVW 20030901


    "If you do buy a computer, don't turn it on." - Richards' 2nd Law
    ============= for back issues:
    [Base URL] site
    or mirror
    CISSP refs: [Base URL]mnbksccd.htm
    Security Dict.: [Base URL]secgloss.htm
    Security Educ.: [Base URL]comseced.htm
    Book reviews: [Base URL]mnbk.htm
    [Base URL]review.htm
    Security Educ.:
    Review mailing list: send mail to
    Rob Slade, doting grandpa of Ryan and Trevor, Oct 7, 2003
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jim

    SMA Jack-Plug-Jack Tee

    Jim, Oct 19, 2004, in forum: Wireless Networking
    Nov 10, 2005
    Jayesh Sharma
    Nov 13, 2005
  4. Lord Shaolin
    Lord Shaolin
    Aug 12, 2003
  5. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Intrusion Detection with Snort", Rafeeq Ur Rehman

    Rob Slade, doting grandpa of Ryan and Trevor, Oct 13, 2003, in forum: Computer Security
    Oct 13, 2003

Share This Page