Suchen und Finden
Front Cover
1
SnortĀ® IDS and IPS Toolkit
4
Copyright Page
5
Contents
18
Foreword
34
Chapter 1. Intrusion Detection Systems
36
Introduction
37
What Is Intrusion Detection?
37
How an IDS Works
43
Why Are Intrusion Detection Systems Important?
50
What Else Can You Do with Intrusion Detection Systems?
58
What About Intrusion Prevention?
60
Summary
62
Solutions Fast Track
62
Frequently Asked Questions
65
Chapter 2. Introducing Snort 2.6
66
Introduction
67
What Is Snort?
68
What's New in Snort 2.6
70
Snort System Requirements
72
Exploring Snort's Features
74
Using Snort on Your Network
82
Security Considerations with Snort
97
Summary
100
Solutions Fast Track
100
Frequently Asked Questions
102
Chapter 3. Installing Snort 2.6
104
Introduction
105
Choosing the Right OS
105
Hardware Platform Considerations
125
Installing Snort
133
Configuring Snort
143
Testing Snort
156
Maintaining Snort
161
Updating Snort
162
Summary
164
Solutions Fast Track
164
Frequently Asked Questions
166
Chapter 4. Configuring Snort and Add-Ons
168
Placing Your NIDS
169
Configuring Snort on a Windows System
171
Configuring Snort on a Linux System
188
Other Snort Add-Ons
201
Demonstrating Effectiveness
204
Summary
206
Solutions Fast Track
206
Frequently Asked Questions
208
Chapter 5. Inner Workings
210
Introduction
211
Snort Initialization
211
Snort Packet Processing
214
Inside the Detection Engine
224
The Dynamic Detection Engine
231
Summary
256
Solutions Fast Track
256
Frequently Asked Questions
258
Chapter 6. Preprocessors
260
Introduction
261
What Is a Preprocessor?
261
Preprocessor Options for Reassembling Packets
262
Preprocessor Options for Decoding and Normalizing Protocols
286
Preprocessor Options for Nonrule or Anomaly-Based Detection
302
Dynamic Preprocessors
312
Experimental Preprocessors
323
Summary
325
Solutions Fast Track
326
Frequently Asked Questions
327
Chapter 7. Playing by the Rules
330
Introduction
331
What Is a Rule?
331
Understanding Rules
337
Other Advanced Options
349
Ordering for Performance
352
Thresholding
353
Suppression
355
Packet Analysis
356
Rules for Vulnerabilities, Not Exploits
356
A Rule: Start to Finish
357
Rules of Note
361
Stupid Rule Tricks
364
Keeping Rules Up to Date
367
Summary
375
Solutions Fast Track
375
Frequently Asked Questions
376
Chapter 8. Snort Output Plug-Ins
378
Introduction
379
What Is an Output Plug-In?
380
Exploring Snort's Output Plug-In Options
382
Writing Your Own Output Plug-In
405
Troubleshooting Output Plug-In Problems
431
Add-On Tools
433
Summary
441
Solutions Fast Track
442
Frequently Asked Questions
443
Chapter 9. Exploring IDS Event Analysis, Snort Style
446
Introduction
447
What Is Data Analysis?
447
Data Analysis Tools
458
Analyzing Snort Events
511
Reporting Snort Events
525
Summary
528
Solutions Fast Track
529
Frequently Asked Questions
531
Chapter 10. Optimizing Snort
534
Introduction
535
How Do I Choose the Hardware to Use?
535
How Do I Choose the Operating System to Use?
544
Speeding Up Snort
551
Cranking Up the Database
558
Benchmarking and Testing the Deployment
561
Summary
586
Solutions Fast Track
587
Frequently Asked Questions
589
Chapter 11. Active Response
592
Introduction
593
Active Response versus Intrusion Prevention
593
SnortSam
605
Fwsnort
621
snort_Inline
639
Summary
652
Solutions Fast Track
652
Frequently Asked Questions
654
Chapter 12. Advanced Snort
656
Introduction
657
Monitoring the Network
657
Configuring Channel Bonding for Linux
658
Snort Rulesets
659
Plug-Ins
663
Preprocessor Plug-Ins
664
Detection Plug-Ins
671
Output Plug-Ins
672
Snort Inline
673
Solving Specific Security Requirements
673
Summary
677
Solutions Fast Track
677
Frequently Asked Questions
679
Chapter 13. Mucking Around with Barnyard
680
Introduction
681
What Is Barnyard?
682
Understanding the Snort Unified Files
682
Installing Barnyard
688
Configuring Barnyard
691
Understanding the Output Plug-Ins
699
Running Barnyard in Batch-Processing Mode
716
Using the Continual-Processing Mode
721
Deploying Barnyard
726
Writing a New Output Plug-In
732
Secret Capabilities of Barnyard
744
Summary
745
Solutions Fast Track
745
Frequently Asked Questions
749
Index
752
GNU General Public License
766
Alle Preise verstehen sich inklusive der gesetzlichen MwSt.