Intrusion Detection with Snort

I noticed some other reviewers had problems installing MySQL. If you type in the commands exactly as they are in the book, you must the verison of MySQL used in the book, 3.23.52. This version is somewhat burried on the website. If you type these exact commands, without making use of any common sense, the latest version of MySQL the source compile will fail. As most open source applications change rapidly, I didnt find this to be a major stumbling block, and got on to the Snort content quickly.

Rating:
Summary: Intermediate and advanced snort
Review: Book covers intermediate and advanced Snort usage. Excellent topics, easy to understand.

Rating:
Summary: Good book
Review: Highly recommended. Everything possible about using/configuring/updating snort, plus all of the other tools that work with snort.

Rating:
Summary: Conceptual info is great, directions are bad
Review: I agree with one of the other reviewers, Chapter 6 has more type o's than a blood bank. I am struggling currently (for the past 3 days) trying to install MySQL from source like it suggests in the book when MySQL's documentation recommends you install from RPMS..... who do you believe? I would recommend finding another book... I am going to look at the documentaton on Snort's webpage, I might have better luck there.

Rating:
Summary: The Art of Intrusion Detection and Snort
Review: I teach networking and security courses at a local unversity, and I have been using this book for a portion of the courseware this semester. A significant portion of the course is hands-on, and this book helps my students understand how intrusion detection is used in the real world.

The chapter on creating rules from packet captures is invaluable --- as is the Snort internals chapter. I understand how Snort works, how to deploy it, and most importantly, the pragmatic side of using Snort in the real world.

This is by far the best of the Snort books out right now, the others are either low on detail or are extremely poorly written. The Snort 2.0 book was disappointing. I was expecting it to be the best book, it stuffed with filler chapters, and overly wordy.

Rating:
Summary: Impressive book
Review: I've seen a bunch of reviews for this book on security and open source websites on the internet. I usually don't buy paper books, I prefer to read online howtos and go to the library to check something out. I only buy something if I really think ill be able to get practical skills out of it (such as the Perl Cookbook, etc.) After reading the slashdot review on this book, I figured that it was time I learn snort and intrusion detection.

Let me say first, if you are going to actually implement everything in this book, getting through it is going to take some time. This isn't the kind of thing you can learn totally in one night, or even one week. There are just tons of examples and intrusion detection strategies to work through. I like how the author goes through several real-world examples in each chapter, such as teaching you step by step on how to write a snort signature or rule from a raw packet capture. Nowhere on the internet have I seen this, trust me ive looked hard.

Also, the book goes beyond using snort. There are a bunch of tools you need to use with snort in order for it to work well. Snort doesnt have any real time email alerting features, remote signature update tools, or even a GUI interface!! All of these things are seperate, and you can't really use snort in the real world without them. This is why I bought this book instead of the other 2 that are out there.

Rating:
Summary: Worth It
Review: Ive worked with Snort now off and on for over a year. I had pieced together and printed out most of the online freebies into a big 3 ring binder. There were still a number of things that I had heard of people doing, but were never able to figure out on my own, such as configuring snort to send alerts over email or writing my own attack signatures. I purchased this book about 6 weeks ago and now have snort doing everything I want it to.

I highly recommend this book, it really bridged the gap.

Rating:
Summary: A keeper
Review: The solid ratings and reviews for this book are appropriate. It is well written, informative, and moves at a nice clip. Very helpful considering the modest documentation available on the snort site.

Rating:
Summary: Not for the security professional...
Review: This book is a bit out of date, dealing with issues from Snort 1.8 and RedHat 7.3. I think I glanced at it for about 1 hour total. Just put it on the bookshelf next to the Snort Intrusion Detection 2.0 book which was (if u ask me) a complete reference.

Rating:
Summary: Thorough guide to Snort
Review: This is a book every system administrator or network engineer should have. Snort has always been one of those cool open source applications that I've wanted to use, but got frustrated when I couldnt figure out what is going on. Im a pretty busy person, and don't have time to figure out what ever damn preprocessor option does by trial and error. I could get snort up and and running, but never efficiently and it often took lots of work paging through megs of logfiles. In the end, i just plain gave up and went on to learning other security tools.

This book shows me how to organize alerts, where to put my sensors, and how to build snort. It even has some stuff on intrusion prevention, which seems to be the all the buzz in todays security arena.

Now, only if someone would write a good book on tripwire, id be all set!