Snort mailing list archives
Re: snort.org recommended reading? (was Re: General Snort Help!)
From: twig les <twigles () yahoo com>
Date: Wed, 22 Jan 2003 09:19:08 -0800 (PST)
I would love to attend the SANS course on ID, in fact I keep trying to volunteer when they hit southern california. But 3 grand just isn't in most IT budgets anymores, and it certainly isn't in my personal one. If anyone *does* have a training budget, here is the course: http://www.sans.org/SANS2003/track3.php --- JOHN R BLACKMORE <JBLACKMORE () ATPCO NET> wrote:
Attend a SANS seminar/course on IDS. www.sans.org
-----------------------------------------------------------------------------------
From: twigles () yahoo com To: erek () snort org, LCannavale () americanhm com Cc: snort-users () lists sourceforge net Date: Tue, 21 Jan 2003 20:36:16 -0800 Subject: snort.org recommended reading? (was Re: [Snort-users] General Snort Help!) I was reading this message and thinking that maybe it would be a good idea for snort.org to have a little tab under the /docs page for recommended reading (books). I didn't want to suggest it since snort developers may not want to seem to endorse certain authors, but then Ereks reply named 4 books, the first 3 which had popped into my head. Specifically the two Northcutts and the Stevens books. Just a thought. --- Erek Adams <erek () snort org> wrote:On Tue, 21 Jan 2003, Lorraine Cannavale wrote:Hello, I am very new at the whole IntrusionDetection Process and especiallysnort. There is a network administrator here that hasinstalled an IDS utilizingsnort, etc and is responsible for maintainingthesystem.I was hired by the Security Administrator tohelpmonitor the alerts on adaily basis, analyze the data, and help reducethefalse positives.So, I have the easy job, but I'm having majordifficulties understandingwhat the alerts actually mean and decipheringwhatis a false positive, trueintrusion, or just an informational alert. Ihaveread the Snort usermanual, understand how to read the rules, andhavefound some information onthe alerts, but it is still confusing to me. Can anyone recommend additional resources thatwould help me (books, on-linemanuals, or web sites)? I've read emails from the Snort mailing list andthis all seems to make alot of sense to everyone else, I'm curious howyouall obtained yourknowledge and if there is anything you can sharewith me!? [...snip...] In my opinion, in order of need/usefulness: TCP/IP Illustrated, Volume 1 The Protocols by W. Richard Stevens ISBN 0201633469 Network Intrusion Detection An Analyst's HandbookbyStephen Northcutt ISBN 0735708681 Intrusion Signatures and Analysis by Stephen Northcutt ISBN 0735710635 Intrusion Detection by Rebecca G. Bace ISBN 1578701856 The rest.... Well, just get on a .edu network and learn. ;-) Hope that's of some help! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson
-------------------------------------------------------
This SF.net email is sponsored by: ScholarshipsforTechies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
=====
-----------------------------------------------------------
Know yourself and know your enemy and you will never fear defeat.
-----------------------------------------------------------
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
-------------------------------------------------------
This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users ===== ----------------------------------------------------------- Know yourself and know your enemy and you will never fear defeat. ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: snort.org recommended reading? (was Re: General Snort Help!) twig les (Jan 22)