Snort 2.0: Intrusion Detection {With Cd-Rom}

I've been running Snort for since the earliest versions and spend a lot of time on the mail lists, working through problems with other users, etc. I got this book about 6 months ago, read it all the way through, and since then have been referring to it whenever I've had questions or problems with Snort. I was initially going to post a review after my initial reading, but wanted to see if I experienced any buyer's remorse after putting the book through it's paces a little bit more. Well, its' half a year later and I'm more impressed with it now than after my initial read. Every time I've had a question, I've found an answer in this book. I'm not quite sure what web site the reader from Maryland is visiting (it's certainly not the Snort site) where he found information anything like the Preproccesors chatper in this book. That chatper was obviously the result of some serious, independent research.

Snorty the pig has long needed a trustworthy manual, the free one on snort.org is good, but this book is great. Congratulations to the very knowledgeable author and reviewer team! Thank you for sparing a rehash of how TCP works or a general survey of intrusion detection, focusing on what matters and sharing your hard earned Snort wisdom with us! This is a book about Snort, not about intrusion detection. You learn about all the parts of Snort, how to write a rule and tons and tons of auxiliary tools. Would I recommend this book to someone already running Snort? Yes! Would I recommend this book to someone considering deploying an IDS? Heck yes! In fact, if you attempt to deploy Snort on a production network without reading this book you should be instantly teleported out of your organization and into the "welcome to Walmart" greeter position at the nearest bigbox store of the world's largest corporation.The book is laid out in the typical readable, user friendly, Syngress fashion including the FAQ at the end of the chapter. I like that.I have two very minor complaints ( this is really 4.99999 stars instead of 5). The multiple pages of code without explanation in the back of the book should have been omitted or heavily commented. And I do not think sending the CDROM with the book was a good idea, Snort gets updated every couple weeks and the authors themselves "strongly recommend" getting the latest code from snort.org on page 75.Well worth the money, if you are even thinking about running an IDS, especially Snort, get the book now!

This is a feature link from Snort.org for good reason. First, Brian Caswell knows more about Snort than anyone on the planet and it shows here. Secondly, the book is over 500 pages long, and is full of configuration examples. It is the ONE Snort book you need if you're actually running a corporate IDS. It's also the only book out there that includes Snort on CD (as well as ACID, BARNYARD AND SWATCH). Some of the other books are long on theory and short on substance---not this one.This pig flies. Highly recommended.

I teach a graduate level course on Intrusion Detection. The core textbook is long on security concepts, network topographies, and is about 900 pages. It's long on theory and short on specifics---even shorter on actual tools and products.This book has proven to be a breath of fresh air. It provides detailed product specifics and is a reliable roadmap to actually rolling out an IDS. And I really appreciate the CD with Snort and the other IDS utilities. The author team is well connected with Snort.org and they obviously had cart blanche in writing this book. I've looked at the other books that have just come out andnotice that (1) they are shorter and have much less information on the actual sstme administration of Snort and (2) they don;t include software.

I've been using Snort for some time. I really like it, but I've always found it a little difficult to keep up with all of the features and everything. If you spend a lot of time on the snort.org site and on the mail lists you can learn a lot from everybody. But I don't always have the time to monitor the list or go through the archives. It is great now having everything I need to know in one book. Brian Caswell is the guy who makes all of the releases and keeps everything on the site maintained and he definitely knows his stuff.