« Review: Mr & Mrs. Smith Original Motion Picture Soundtrack | Main | Rehnquist Retirement Monday? »

June 25, 2005

Review: Snort Cookbook

Anyone in information security knows the de facto standard for network intrusion detection is Snort. The problem is that while the documentation for Snort is ok, many of tha add-on functions, plugins, and associated applications is lacking or non-existent. This book tries to bring into one place all the things one could want to do with Snort and put it in one place. In a large part it succeeds.

It does miss a few things along the way, such as management tools like BASE (the replacement for ACID which is not being developed anymore), and sguil. It also tends to more explain how to do things than why to do things and I believe the section on sensor placement could be expanded. Lastly, I think the portion on legal aspects of intrusion detection and evidence can be expanded, but that might need to be taken with a grain of salt because I am a legal wonk. To be fair, a book of this type can't cover everything in great detail.

As someone who does run snort and has been working on ways to expand some of the data I get to it, it has proven to be a valuable resource which far outweighs the few things I found lacking. It is the only resource of its kind I know to exist. It brings to light some tools which I haven't thought of using the way it suggests, like perfmonitor and clamav. I came away from reading this book with solid ideas and tools which I plan to add into snort. If you are looking for solid documentation on Snort and the tools and tricks you can use with it, this is your book.

Posted by John Bambenek at June 25, 2005 12:24 PM

Trackback Pings

TrackBack URL for this entry:
http://jcb.pentex-net.com/mt/mt-tb.cgi/626

Listed below are links to weblogs that reference Review: Snort Cookbook:

» Book Review: Snort Cookbook from Blogcritics
Anyone in information security knows the de facto standard for network intrusion detection is Snort. The problem is that while... [Read More]

Tracked on June 25, 2005 12:34 PM

Comments

Post a comment

Thanks for signing in, . Now you can comment. (sign out)

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


Remember me?