Snort Cookbook: Solutions and Examples for Snort Administrators"O'Reilly Media, Inc.", 2005. gada 29. marts - 288 lappuses If you are a network administrator, you're under a lot of pressure to ensure that mission-critical systems are completely safe from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is an essential--but often overwhelming--challenge. Snort, the defacto open source standard of intrusion detection tools, is capable of performing real-time traffic analysis and packet logging on IP network. It can perform protocol analysis, content searching, and matching. Snort can save countless headaches; the new Snort Cookbook will save countless hours of sifting through dubious online advice or wordy tutorials in order to leverage the full power of SNORT.Each recipe in the popular and practical problem-solution-discussion O'Reilly cookbook format contains a clear and thorough description of the problem, a concise but complete discussion of a solution, and real-world examples that illustrate that solution. The Snort Cookbook covers important issues that sys admins and security pros will us everyday, such as:
|
Saturs
| 1 | |
Logging Alerts and Output Plugins | 51 |
Rules and Signatures | 90 |
An Introduction | 125 |
Administrative Tools | 157 |
Log Analysis | 203 |
Miscellaneous Other Uses | 225 |
Index | 265 |
Citi izdevumi - Skatīt visu
Bieži izmantoti vārdi un frāzes
ACID active alert alert tcp allows analysis application attack attempt Barnyard binary build C:\Snort\bin>snort changes Chapter Click client command-line option compile configure connection create database default destination detect determine Discussion display distribution edit enable engine example Figure filename flow following command format going graphs host IDScenter includes install interface IP address keep keyword logfile look machine Manager method mode monitor MySQL normal Once option output plug-in packets pass patch performance Perl Policy port preprocessor Problem Problem You want protocol provides Recipe root@localhost root rules scan screen script sensor server session signature Snort Snort rules snort.conf file Solution specify statistics switch Table tion tool traffic unified Windows writing
Populāri fragmenti
5. lappuse - USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License...
168. lappuse - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. Country Name (2 letter code...
65. lappuse - Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 27 to server version: 3.23.55 Type 'help;' or '\h' for help. Type '\c
61. lappuse - See the README. database file for more information about configuring # and using this plugin. # # output database: log, mysql , user=root password=test dbname=db host=localhost # output database: alert, postgresql, user=snort dbname=snort # output database: log, odbc, user=snort dbname=snort # output database: log, mssql, dbname=snort user=snort password=test # output database: log, oracle, dbname=snort user=snort password=test # unified: Snort unified binary format alerting and logging # # The unified...
6. lappuse - Snort you want to install. Check the components you want to install and uncheck the components you don't want to install. Click Next to continue. Select...
72. lappuse - Options," but for a quick overview, here's the section from our snort. conf file: # alert_syslog: log alerts to syslog # # Use one or more syslog facilities as arguments . Win32 can also optionally # specify a particular hostname/port. Under Win32, the default hostname is # '127.0.0.1', and the default port is 514.
49. lappuse - Two arguments are supported. # filename - base filename to write to (current time_t is appended) # limit - maximum size of spool file in MB (default: 128) # # output alert_unified: filename snort. alert, limit 128 # output log_unified: filename snort.log, limit 128 # You can optionally define new rule types and associate one or more output # plugins specifically to that type. # # This example will create a type that will log to just tcpdump. # ruletype suspicious # { # type log # output log_tcpdump:...
168. lappuse - For some fields there will be a default value, If you enter ' . ' , the field will be left blank. Country Name (2 letter code) [GB] : State or Province Name (full name) [Berkshire]:.
3. lappuse - Select package(s) you wish to process (or 'all ' to process all packages), (default: all) [?,??,q...