IDS mailing list archives

Re: Can anyone recommend a good book?

From: belka () att net
Date: Wed, 05 Nov 2003 03:51:28 +0000

Try Snort 2.0, Intrusion Detection, by Brian Caswell, Jay Beale, James C. 
Foster, and Jeffrey Posluns.  You can get it from Amazon.com.

The book is about the Snort IDS, and not IDS in general.  But, it walks your 
throuh how IDS work, how Snort works, how to set up Snort, Snor reporting 
tools, web-based reports using ACID, etc.  By the time you finish the book, 
you will know all about Snort -- but better still, all teh information is 
transferrable in general terms to Cisco, Symantec or any other IDS.  The 
features may vary, but in principle, IDS all work the same.

Perhaps teh best part of the Snort book is all the files are on the CD and 
Snort is free (Snort.org) and runs on Linux (also free).  If you wanted a lab 
to test an IDS, you can't even touch a commercial IDS, even a used one on 
eBay, for less than a thousand dollars. For the price of the book, an old 
computer and Linux, you have all you need to learn about IDS.

Set up a Snort box and put it on your DSL connection.  You will get to see 
all the attacks in the world.  That's the way to learn how-to for IDS.

--
Rob Frazier
www.xakephet.com
915-695-7238
817-271-7557

I'm looking for a book on IDS.  One that is at a beginner to intermediate level.  
This is to be used as training material in a classroom environment so a book 
that is put together in a way that it could easily be adapted to a classroom 
learning environment would be great.  Lastly, a book that has hands-on 
structured labs on using IDS tools and implementing IDS solutions.
 
Does such a book exist?
 
Thanks,
David Jackson, GSEC


---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 
and use priority code SF4.
---------------------------------------------------------------------------

Current thread:

Can anyone recommend a good book? David J. Jackson (Nov 04)
- Re: Can anyone recommend a good book? Mike Coliton (Nov 05)
- Re: Can anyone recommend a good book? Jason Boykin (Nov 05)
- Re: Can anyone recommend a good book? Joe Bowling (Nov 05)
  - Re: Can anyone recommend a good book? Patrick L. Knight (Nov 05)
- Re: Can anyone recommend a good book? Brett Hutley (Nov 05)
- Re: Can anyone recommend a good book? Byron Sonne (Nov 05)
  - Re: Can anyone recommend a good book? Stephen Person (Nov 05)
- <Possible follow-ups>
- RE: Can anyone recommend a good book? Bohling James CONT JBC (Nov 05)
- Re: Can anyone recommend a good book? belka (Nov 05)
- Re: Can anyone recommend a good book? Richard Bejtlich (Nov 05)
- RE: Can anyone recommend a good book? David J. Jackson (Nov 06)
  - Re: Can anyone recommend a good book? Get Safe (Nov 07)