Re: snort.org recommended reading? (was Re: General Snort Help!)

[twig les <twigles () yahoo com>]

I would love to attend the SANS course on ID, in fact
I keep trying to volunteer when they hit southern
california.  But 3 grand just isn't in most IT budgets
anymores, and it certainly isn't in my personal one. 
If anyone *does* have a training budget, here is the
course:
http://www.sans.org/SANS2003/track3.php


--- JOHN R BLACKMORE <JBLACKMORE () ATPCO NET> wrote:
> Attend a SANS seminar/course on IDS.
> www.sans.org
-----------------------------------------------------------------------------------
> From: twigles () yahoo com
> To: erek () snort org, LCannavale () americanhm com
> Cc: snort-users () lists sourceforge net
> Date: Tue, 21 Jan 2003 20:36:16 -0800
> Subject: snort.org recommended reading? (was Re:
> [Snort-users] General Snort Help!)
>
> I was reading this message and thinking that maybe
> it
> would be a good idea for snort.org to have a little
> tab under the /docs page for recommended reading
> (books).  I didn't want to suggest it since snort
> developers may not want to seem to endorse certain
> authors, but then Ereks reply named 4 books, the
> first
> 3 which had popped into my head.  Specifically the
> two
> Northcutts and the Stevens books.
>
> Just a thought.
>
>
> --- Erek Adams <erek () snort org> wrote:
> > On Tue, 21 Jan 2003, Lorraine Cannavale wrote:
> >
> > > Hello, I am very new at the whole Intrusion
> > Detection Process and especially
> > > snort.
> > > There is a network administrator here that has
> > installed an IDS utilizing
> > > snort, etc and is responsible for maintaining
> the
> > system.
> > > I was hired by the Security Administrator to
> help
> > monitor the alerts on a
> > > daily basis, analyze the data, and help reduce
> the
> > false positives.
> > > So, I have the easy job, but I'm having major
> > difficulties understanding
> > > what the alerts actually mean and deciphering
> what
> > is a false positive, true
> > > intrusion, or just an informational alert.  I
> have
> > read the Snort user
> > > manual, understand how to read the rules, and
> have
> > found some information on
> > > the alerts, but it is still confusing to me.
> > >
> > > Can anyone recommend additional resources that
> > would help me (books, on-line
> > > manuals, or web sites)?
> > > I've read emails from the Snort mailing list and
> > this all seems to make a
> > > lot of sense to everyone else, I'm curious how
> you
> > all obtained your
> > > knowledge and if there is anything you can share
> > with me!?
> >
> > [...snip...]
> >
> > In my opinion, in order of need/usefulness:
> >
> > TCP/IP Illustrated, Volume 1 The Protocols by W.
> > Richard Stevens
> >      ISBN 0201633469
> >
> > Network Intrusion Detection An Analyst's Handbook
> by
> >  Stephen Northcutt
> >      ISBN 0735708681
> >
> > Intrusion Signatures and Analysis by Stephen
> > Northcutt
> >      ISBN 0735710635
> >
> > Intrusion Detection by Rebecca G. Bace
> >      ISBN 1578701856
> >
> > The rest....  Well, just get on a .edu network and
> > learn.  ;-)
> >
> > Hope that's of some help!
> >
> > -----
> > Erek Adams
> >
> >    "When things get weird, the weird turn pro."
> > H.S. Thompson
-------------------------------------------------------
> > This SF.net email is sponsored by: Scholarships
> for
> > Techies!
> > Can't afford IT training? All 2003 ictp students
> > receive scholarships.
> > Get hands-on training in Microsoft, Cisco, Sun,
> > Linux/UNIX, and more.
> > www.ictp.com/training/sourceforge.asp
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or
> > unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> =====
-----------------------------------------------------------
> Know yourself and know your enemy and you will never
> fear defeat.
-----------------------------------------------------------
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up
> now.
> http://mailplus.yahoo.com
-------------------------------------------------------
> This SF.net email is sponsored by: Scholarships for
> Techies!
> Can't afford IT training? All 2003 ictp students
> receive scholarships.
> Get hands-on training in Microsoft, Cisco, Sun,
> Linux/UNIX, and more.
> www.ictp.com/training/sourceforge.asp
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or
> unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
Know yourself and know your enemy and you will never fear defeat.         
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com


-------------------------------------------------------
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
www.ictp.com/training/sourceforge.asp
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users