Order from a Major Online Bookstore
Ultimate Book Price Comparison Engine
Save Your Time And Money
| AnyBook4Less.com | Order from a Major Online Bookstore |
|
| Home | Store List | FAQ | Contact Us | | ||
| Ultimate Book Price Comparison Engine Save Your Time And Money |
||
 |
Title: Snort 2.0 Intrusion Detection by Brian Caswell, Jay Beale, James C. Foster, Jeremy Faircloth ISBN: 1-931836-74-4 Publisher: Syngress Publishing Pub. Date: February, 2003 Format: Paperback Volumes: 1 List Price(USD): $49.95 |
Average Customer Rating: 4.28 (18 reviews)
Rating: 5
Summary: Very Good and much needed book
Comment: I just finished reading this book and found it to be very comprehensive and accurate all the way through. There are really no other books yet on Snort, so the authors did a very good job of writing a book that can be used by people of varying levels. Some technical books are too simple for some but too advanced for others. This book starts with the basics on installation, configuration, etc. to get you going. It then goes on to much more advanced chapters on optimization, rules, etc. The authors also do a very good job of explaining in very clear writing how Snort actually works. Like most things, if you can actually understand what is going on,it becomes much easier to use. Definitely recommended if you have been using Snort for some time and always wanted one, good book. Or, if you've stayed away from Snort in the past because there was no documentaion.
Rating: 4
Summary: The current leader in the Snort IDS book arms race
Comment: "Snort 2.0" offers content not found in other books on Snort, such as Tim Crothers' more generic "Implementing IDS" (4 stars) and Rafeeq Rehman's "Intrusion Detection with Snort." (3 stars) I've read the best IDS books, and used IDS technology, since 1998, and "Snort 2.0" is the first to give real insight into an IDS' inner workings. Thanks to the technical knowledge of the author team, "Snort 2.0" earns the reader's appreciation by explaining how and why the open source Snort IDS works its magic.
"Snort 2.0" starts well with a short history of Marty Roesch's favorite project, followed by solid explanations of the key elements of Snort's architecture in ch. 2. The actual workings of the Snort code is expanded upon in ch. 4 (modes), 5 (rules), and 6 (packet handling and preprocessors). One could read these sections and get a real sense of how the stream4 preprocessor works, for example. These sections are augmented by helpful tangents on compiling source code (ch. 3) and updates via CVS (ch. 9). This attention to detail and desire to include related information demonstrates a high level of commitment to the reader's education.
"Snort 2.0" has several technical errors or typos which prevented me from giving a 5 star review. p. 110's diagram of a TCP sessions should say "SYN, SYN-ACK, ACK", not "SYN, ACK, SYN-ACK". Later on that page, the author claims "The server replies with a SYN/ACK if the port is open, and a SYN/RST if the port is not listening." The correct closed response is "RST/ACK". p. 203 implies one can scan for open ports with the ACK flag set to evade stateless packet filters. This is wrong, as scanning with the ACK flag set only helps host discovery. I found the reprinting of multiple pages of C code unnecessary. I also wished the sections on building preprocessors had started from scratch, rather than explain an existing preprocessor.
Overall, I found "Snort 2.0" enlightening. The authors have a powerful understanding of the workings of Snort, and apply it in novel ways. "Policy-based IDS" in ch. 12 is one example, while the "rule categorization" chart in ch. 10 is another. Only the Wiley "Deploying Snort 2.0" book, due this fall, has a chance to displace "Snort 2.0" in the Snort-focused IDS book arena.
Rating: 5
Summary: Most powerful open-source security tool I've ever seen!
Comment: You'll learn how to use Snort as a straight packet sniffer, a packet logger (for network traffic debugging), and a full-blown network intrusion detection system. The book also provides instructions for running Snort on various hardware platforms and OS configurations.
A companion CD-ROM contains a fully functional copy of Snort 2.0, the Barnyard alert output utility, the browsing and analyzing tool Analysis Console for Intrusion Databases (ACID), the response automation tool Swatch, and other helpful tools.
If you want to tap into the power of Snort, make sure you have all the information you need to make the most of it. Let Snort 2.0 Intrusion Detection help you take your current computer security system up a notch with the most powerful open-source security tool available. - Raffiudeen Illahideen, IL, USA
Thank you for visiting www.AnyBook4Less.com and enjoy your savings!
Copyright� 2001-2021 Send your comments
