Re: Can anyone recommend a good book?

[Byron Sonne <blsonne () rogers com>]

> I'm looking for a book on IDS.  One that is at a beginner to intermediate level.
> This is to be used as training material in a classroom environment so a book that
> is put together in a way that it could easily be adapted to a classroom learning
> environment would be great. Lastly, a book that has hands-on structured labs on
> using IDS tools and implementing IDS solutions.

I don't know about books; half the time when something comes out in dead 
tree format it's already out of date. For this reason I prefer online 
documentation.

Check out the snort.org site, they have a good documentation link page:

        http://www.snort.org/docs/

There is also a section in there that has info germane to IDS in 
general, not just snort.

By going over these docs and picking/choosing what you need (please do 
check with the authors where appropriate) I think you'll be in fine 
shape. Considering the open source nature of snort, it should lend 
itself very well to being used in class as it is pretty easy to setup 
and lets you see the guts of how a good IDS works. Not to mention that 
snort performs as well or better than practically every IDS out there, 
commercial and otherwise.

Mind you snort is really just the backend, but there are a number of 
decent to very good interfaces available as well.

--

        For good, return good. For evil, return justice.


---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 
and use priority code SF4.
---------------------------------------------------------------------------