Snort 2.0 Intrusion Detection
Brian Caswell, Jay Beale, James C. Foster, Jeremy FairclothISBN: 1931836744; 9781931836746;
Written by lead engineers of the Snort Development team, this will be the first book available on the most commonly used Open Source Intrusion Detection System. Readers will be given invaluable insight into the code base of Snort, and in depth tutorials of complex installation, configuration, and troubleshooting scenarios. Snort has three primary uses: as a straight packet sniffer, a packet logger, or as a full-blown network intrusion detection system. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes. Snort uses a flexible rules language to describe traffic that it should collect or pass, a detection engine that utilizes a modular plug-in architecture, and a real-time alerting capability. A CD containing the latest version of Snort as well as other Open Source security utilities will accompany the book.