Intrusion Detection With Snort 2nd Edition

This book is a bit out of date, dealing with issues from Snort 1.8 and RedHat 7.3. I think I glanced at it for about 1 hour total. Just put it on the bookshelf next to the Snort Intrusion Detection 2.0 book which was (if u ask me) a complete reference.

This is one of those "essential, have to have" books. I just got through all of the examples and finished building out a 3-tiered snort network for the company where I work as a senior security engineer. We previously had some older, expensive, ISS realsecure equipment in place, and I made the case to managment to replace the RealSecure stuff with open-source Snort. It wasn't that hard, the maintence cost for an upgrade was going to be more than my whole entire Snort-based design. My company had good experiences with apache on red hat, so it wasn't a super hard sell. Times are tough, and managment is looking for ways to cut costs.This book got me there. I was able to get the meaty technical details I needed, and couldn't find answers to online. Im a highly technical person, Im no (dummy) who gets scared of the command line. Id scoured the snort.org website, mailing lists, newsgroups, securityfocus lists, but they lacked in a lot of areas. Especially, the online articles dont talk about using snort in a corporate or enterprise-size setting. I picked up this book and I was able to put in a very highly effective tuned snort install. I also have moved on to advanced topics, like creating my own custom rules that apply only to my company's network. I use these 20 or so rules to catch traffic that is not supposed to be on my network, but might be normal somewhere else, so there is no offical snort.org rule for them.In short, this is the best book ive read in a few years, at least for a technical book.

I've seen a bunch of reviews for this book on security and open source websites on the internet. I usually don't buy paper books, I prefer to read online howtos and go to the library to check something out. I only buy something if I really think ill be able to get practical skills out of it (such as the Perl Cookbook, etc.) After reading the slashdot review on this book, I figured that it was time I learn snort and intrusion detection.Let me say first, if you are going to actually implement everything in this book, getting through it is going to take some time. This isn't the kind of thing you can learn totally in one night, or even one week. There are just tons of examples and intrusion detection strategies to work through. I like how the author goes through several real-world examples in each chapter, such as teaching you step by step on how to write a snort signature or rule from a raw packet capture. Nowhere on the internet have I seen this, trust me ive looked hard.Also, the book goes beyond using snort. There are a bunch of tools you need to use with snort in order for it to work well. Snort doesnt have any real time email alerting features, remote signature update tools, or even a GUI interface!! All of these things are seperate, and you can't really use snort in the real world without them. This is why I bought this book instead of the other 2 that are out there.

Welcome to the cryptic world of Snort. The author tires to explain how one should go about installing this software and getting your system up and running, but chapter 6 is full of mistakes. The info on MySQL is useless -I worked for 2 days to try and get this database running on my Red Hat box and finally had to throw in the towel. Literally 10 minutes into the install I was already downloading whitepapers and wondering why I spent money on this book.If you are an expert developer and UNIX admin with over 10 years experience, you might get something out of this text, otherwise forget it.

I agree with one of the other reviewers, Chapter 6 has more type o's than a blood bank. I am struggling currently (for the past 3 days) trying to install MySQL from source like it suggests in the book when MySQL's documentation recommends you install from RPMS..... who do you believe? I would recommend finding another book... I am going to look at the documentaton on Snort's webpage, I might have better luck there.

This is a book every system administrator or network engineer should have. Snort has always been one of those cool open source applications that I've wanted to use, but got frustrated when I couldnt figure out what is going on. Im a pretty busy person, and don't have time to figure out what ever damn preprocessor option does by trial and error. I could get snort up and and running, but never efficiently and it often took lots of work paging through megs of logfiles. In the end, i just plain gave up and went on to learning other security tools.This book shows me how to organize alerts, where to put my sensors, and how to build snort. It even has some stuff on intrusion prevention, which seems to be the all the buzz in todays security arena.Now, only if someone would write a good book on tripwire, id be all set!

When I first got this book, I had little idea what Snort did, other than being used for intrusion detection. And while I'm not an expert in Snort now that I've finished it, the book is simply a comprehensive step by step guide to using this useful tool. I am not an expert in computer security by any stretch, but I've read enough computer books to know intelligent, useful information when I read it. Although I do not have a big enough box to run Snort, I feel confident that using the author's instructions as a guideline along with some common sense I could get it up and running, which I will be doing in the near future. I particularly liked the fact that the author discussed other add ons and software that are essential or ease using Snort, but are not part of Snort itself.The book is laid out in a logical, easy to understand manner, and I will definitely using this as my reference once I get a box I can put it on.

No Doubt this book is Good, but the item shipped is defective.Page number 23 to 76 is missing and page 77 to123 is printed twice