Book Review: “Snort Cookbook” – Securing your computer system

This book is for those charged with securing computer systems
The principles of securing a computer system are no different than those of securing any other system, contend Angela Orebaugh, Simon Biles, and Jacob Babbin, authors of the new “Snort Cookbook” (O’Reilly, US $39.95). For example, if you’re building a castle, you’ll install a moat and high walls. You may also add a perimeter wall and keep for two additional layers of security. “But at the end of the day, you still need a way for supplies and people to get in and out,” they note. “To make this part of your castle secure, you post watchmen, guards, and soldiers to ensure that only those who should be are getting in.” Physical security in a company is similar, complete with locked doors, pass cards, and security guards.
But in securing a computer system, this final layer of security is
frequently overlooked. “Too often people assume that the perimeter
protection of the firewall is sufficient to keep all attackers at bay, not
considering that attackers might just walk over the bridge through the
front gate,” Orebaugh, Biles, and Babbin remind readers. “Attackers don’t
kick down the door, they walk through it pretending to be someone else.”
An intrusion detection system (IDS) doesn’t exist to check the identity of
people coming through the firewall, but to keep an eye out for behavior
that’s against the rules, rather like the security guard who watches to
see if someone is tampering with the lock on the door marked “Private.”
Snort, the de facto open source standard of IDS, is capable of performing
real-time traffic analysis and packet logging on IP networks. It conducts
protocol analysis, content searching, and matching. Snort is the security
guard placed on the network to make sure it stays secure.
The “Snort Cookbook” covers important issues that system administrators
and security professionals deal with every day, saving them countless
hours of sifting through dubious online advice or wordy tutorials to make
use of the full power of Snort. Presented in the popular
problem-solution-discussion format of O’Reilly cookbooks, each recipe
contains a clear and thorough description of the problem, a concise but
complete discussion of a solution, and real-world examples that illustrate
that solution. Topics include:
-Rules and signatures
-Detecting viruses
-Detecting common attacks
-Log analysis
But the “Snort Cookbook” offers more than quick cut-and-paste solutions to
frustrating security issues. Those who learn best in the trenches–but
don’t have the hours to spare to hunt down best-practice snippets of
advice–will find solutions to immediate problems in this ultimate Snort
sourcebook. Its tips and tricks will help readers deploy Snort like
security gurus–and still have time to have a life.