Rating: 
Summary: Helpful book, Linux-centric
Review: This is a very handy book, if only because it presents a lot of Snort documentation in a friendly, easy-to-read format. Is every chapter a joyous literary experience? No. But it beats reading manpages and after a few hours of reading from my monitor my eyes sting.So the material.... This book introduces Snort, what it is/does, etc, then moves on to how it works. I really enjoyed chapter 3, which looks into all the preprocessors and a brief desciption of Snort's order of operations and modularity. I would especially recommend chapters 4 and 5 to new Snorters since design issues comprise a huge part of the questions posed to the Snort mailing list, most of which have easy or standard answers. After that, the installation/configuration chapters demonstrate how to get a running setup using RedHat. I've read a couple complaints in earlier reviews that these instructions don't work and I must say that it is exceedingly difficult to write an installation procedure that incorporates half a dozen different pieces of software, all of which are under seperate development. I actually know about this because I maintain the FreeBSD install guide on the snort site and the instructions that work one week are slightly off the next week. Use the instructions in this book as a guide and you probably won't have much dirty work to figure out on your own. The rest of the book gets into the nitty-gritty of using Snort and I think it does a pretty good job. This includes tuning signature sets to use less memory/CPU and to generate more reliable alerts. False positives are the bane of the IDS world. If you're new to Snort/IDS then you'll enjoy learning of several great tools like Swatch and Barnyard that this book explores. Overall I think this book is well worth the 31 clams I coughed up on Amazon.
Rating:
Summary: Helpful book, Linux-centric
Review: This is a very handy book, if only because it presents a lot of Snort documentation in a friendly, easy-to-read format. Is every chapter a joyous literary experience? No. But it beats reading manpages and after a few hours of reading from my monitor my eyes sting. So the material.... This book introduces Snort, what it is/does, etc, then moves on to how it works. I really enjoyed chapter 3, which looks into all the preprocessors and a brief desciption of Snort's order of operations and modularity. I would especially recommend chapters 4 and 5 to new Snorters since design issues comprise a huge part of the questions posed to the Snort mailing list, most of which have easy or standard answers. After that, the installation/configuration chapters demonstrate how to get a running setup using RedHat. I've read a couple complaints in earlier reviews that these instructions don't work and I must say that it is exceedingly difficult to write an installation procedure that incorporates half a dozen different pieces of software, all of which are under seperate development. I actually know about this because I maintain the FreeBSD install guide on the snort site and the instructions that work one week are slightly off the next week. Use the instructions in this book as a guide and you probably won't have much dirty work to figure out on your own. The rest of the book gets into the nitty-gritty of using Snort and I think it does a pretty good job. This includes tuning signature sets to use less memory/CPU and to generate more reliable alerts. False positives are the bane of the IDS world. If you're new to Snort/IDS then you'll enjoy learning of several great tools like Swatch and Barnyard that this book explores. Overall I think this book is well worth the 31 clams I coughed up on Amazon.
Rating: 
Summary: Amazing book
Review: This is one of those "essential, have to have" books. I just got through all of the examples and finished building out a 3-tiered snort network for the company where I work as a senior security engineer. We previously had some older, expensive, ISS realsecure equipment in place, and I made the case to managment to replace the RealSecure stuff with open-source Snort. It wasn't that hard, the maintence cost for an upgrade was going to be more than my whole entire Snort-based design. My company had good experiences with apache on red hat, so it wasn't a super hard sell. Times are tough, and managment is looking for ways to cut costs. This book got me there. I was able to get the meaty technical details I needed, and couldn't find answers to online. Im a highly technical person, Im no (dummy) who gets scared of the command line. Id scoured the snort.org website, mailing lists, newsgroups, securityfocus lists, but they lacked in a lot of areas. Especially, the online articles dont talk about using snort in a corporate or enterprise-size setting. I picked up this book and I was able to put in a very highly effective tuned snort install. I also have moved on to advanced topics, like creating my own custom rules that apply only to my company's network. I use these 20 or so rules to catch traffic that is not supposed to be on my network, but might be normal somewhere else, so there is no offical snort.org rule for them. In short, this is the best book ive read in a few years, at least for a technical book.
Rating:
Summary: Broader in scope, not just snort
Review: Unlike the "Snort 2.0 Intrusion Detection", this book talks more on intrusion detection. If you are a planner on intrusion detection, this book is a perfect match. If you are the engineer setting up snort, the "Snort 2.0 Intrusion Detection" might be easier to follow.
Rating: 
Summary: Awful
Review: Welcome to the cryptic world of Snort. The author tires to explain how one should go about installing this software and getting your system up and running, but chapter 6 is full of mistakes. The info on MySQL is useless -I worked for 2 days to try and get this database running on my Red Hat box and finally had to throw in the towel. Literally 10 minutes into the install I was already downloading whitepapers and wondering why I spent money on this book. If you are an expert developer and UNIX admin with over 10 years experience, you might get something out of this text, otherwise forget it.
Rating:
Summary: Awful
Review: Welcome to the cryptic world of Snort. The author tires to explain how one should go about installing this software and getting your system up and running, but chapter 6 is full of mistakes. The info on MySQL is useless -I worked for 2 days to try and get this database running on my Red Hat box and finally had to throw in the towel. Literally 10 minutes into the install I was already downloading whitepapers and wondering why I spent money on this book. If you are an expert developer and UNIX admin with over 10 years experience, you might get something out of this text, otherwise forget it.
Rating:
Summary: A keeper
Review: When I first got this book, I had little idea what Snort did, other than being used for intrusion detection. And while I'm not an expert in Snort now that I've finished it, the book is simply a comprehensive step by step guide to using this useful tool. I am not an expert in computer security by any stretch, but I've read enough computer books to know intelligent, useful information when I read it. Although I do not have a big enough box to run Snort, I feel confident that using the author's instructions as a guideline along with some common sense I could get it up and running, which I will be doing in the near future. I particularly liked the fact that the author discussed other add ons and software that are essential or ease using Snort, but are not part of Snort itself.
The book is laid out in a logical, easy to understand manner, and I will definitely using this as my reference once I get a box I can put it on.
Rating:
Summary: A comprehensive and instructive book
Review: When I first got this book, I had little idea what Snort did, other than being used for intrusion detection. And while I'm not an expert in Snort now that I've finished it, the book is simply a comprehensive step by step guide to using this useful tool. I am not an expert in computer security by any stretch, but I've read enough computer books to know intelligent, useful information when I read it. Although I do not have a big enough box to run Snort, I feel confident that using the author's instructions as a guideline along with some common sense I could get it up and running, which I will be doing in the near future. I particularly liked the fact that the author discussed other add ons and software that are essential or ease using Snort, but are not part of Snort itself.
The book is laid out in a logical, easy to understand manner, and I will definitely using this as my reference once I get a box I can put it on.
| 
