The Bottom Line
This book is an excellent source for someone looking to implement an intrusion detection system. Additionally, it shows you how to use other open source products to make your IDS even more valuable.
Pros
- Excellent book on this popular open source IDS
- Shows how to use open source tools together
- Plenty of examples to help illustrate the info
Cons
- Does not cover most recent Snort version
Description
- Great introduction to intrusion detection and how to effectively implement it with Snort
- Discusses how to write and update Snort rules to detect new threats and attacks
- Shows how to use MySQL for logging and ACID for queries and analysis of your Snort data.
- Book applies to version 1.9 of Snort- not the latest version (currently 2.0).
Guide Review - Book Review: Intrusion Detection With Snort
Intrusion detection is a popular topic. There are many products out there and some of them are rather expensive. Snort on the other hand is free. Snort is an open source IDS (intrusion detection system) which is just as powerful and popular as any commercial product. The big down side is that you don't have customer support to help you out and you have to teach yourself how to install, configure and maintain your IDS. This book can help you do that as well as helping you use other open source software such as Apache, MySQL and ACID to maxmize your productivity with Snort. The book is well-written and full of examples to get you on your way. It is based on the older version of Snort, but the core info is still valid and will still work.