Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID (Bruce Perens' Open Source Series)

This book is an effective introduction 2 Intruder Detection, demonstrating how popular open-source tools can be used. I found the code samples, table, diagrams & screenshots 2 be clear & useful. I learned what I'd hoped 2 learn & feel empowered 2 set up an IDS myself. Plenty of links & resources when I want 2 learn more.

I read a few of the other reviews here after I read the book... especially Richard B's. I noticed some of the same techinical mistakes, but don't feel that they are a big deal. As a sr. software engineer & techinical editor, I always read critically, just mentally note them & continue. They aren't the kind of mistakes that make the code useless, or would confuse/mislead any level of reader. Another editing pass would help most books, & I none of the grammar mistakes annoy me - I read 2 learn what I can & move on, not 2 nitpick or get annoyed.

As far as 1.9 vs. 2.0, I've looked at the snort site & agree that the release is signficant, but it doesn't break backwards compatibility, so it doesn't make this book any less revelant. 2.0 seems 2 mostly change the backend implementation - *the application is used identically* so I suspect the vast majority of this book is unaffected. The Syngress book covers 2.0, yet so does the website, which hypes this two-times-more-expensive book. That book too will no doubt soon be superceded, so read whatever you buy immediately ;-)

I really like books that are 2 the point & filled with examples. This is such a book. It enables the reader 2 get up & going quickly. The reader is guided through installation & each component of SNORT. Once the basics are covered, the author moves 2 more advanced topics & integrating other tools like Apache, MySQL, & ACID. All told, it presents an excellent approach 2 building an IDS.

"Intrusion Detection with Snort: Advanced IDS, etc." (IDWS) was the second of this year's intrusion detection books I've reviewed. The first was Tim Crothers' "Implementing Intrusion Detection Systems" (4 stars). I was disappointed by IDWS, since I have a high opinion of Prentice Hall & the new "Bruce Perens' Open Source Series." (I'm looking forward 2 the book on CIFS, 4 example.) IDWS read poorly & doesn't deliver as much useful content as the competing Syngress book "Snort 2.0."

The most difficult aspect of reading IDWS is the author's grammar, particularly his avoidance of using definitive articles like "the", & other important words. For instance, p. 3 says "Apache web server takes help from ACID, etc." p. 133 claims "However, if you are using HTTP decode preprocessor, this attempt can detected." Beyond grammar, the author demonstrates weak knowledge of the IDS field, stating on p. 1 "Intrusion detection methods starting appearing in the last few years." James Anderson led the way in 1980, followed by Denning & Neumann in 1983 & Todd Heberlein in 1990! The author also repeatedly compares IDS 2 anti-virus signatures, which is simplistic & incorrect.

Technical errors further hamper IDWS. p. 89 makes the mistake of saying TCP sequence numbers count packets; they really count bytes of application data. p. 96-97 confuses the use of standard Boolean operators (AND, OR, NOT) with their use in Snort, which is different. (SF+ means SYN & FIN & zero or more other flags, not SYN AND FIN alone.) The fuzzy diagrams don't appear professional, & acronyms like "PHP" are defined incorrectly as "Pretty Home Page" (rather than the self-referencing "PHP Hypertext Processor.")

Coverage of important topics is lacking or outdated. First, Snort 1.9 is the basis 4 the text. However, 2.0 is available & covered by the Syngress book. The output system Barnyard & unified logging receive a total of one page. No meaningful mention is made of the effects of collecting traffic via hub, SPAN port, or tap. The port list on pp. 87-88 shows "well known ports," but doesn't say if they are TCP or UDP. The author makes odd claims about Snort "not [being] able 2 analyze application layer protocols," which is misleading. Snort rules aren't designed specifically 4 HTTP, 4 example, but they can be used 2 inspect HTTP requests & responses.

My favorite part of IDWS was the coverage of using the MySQL database. Appendix B provides helpful supplemental material on this subject also. Bottom line: I would pass on IDWS but keep an eye on the other titles in the PHPTR "Open Source Series."

This is the first book that I read on Snort, & I wish I had gone with something else. This book really reads like more of an overview of intrusion detection & Snort, rather than a useful reference 4 actually using Snort. This would be fine if the title did NOT include the words "Advanced" or "Techniques," because there is not a lot of either in this book. It also doesn't help that it's not written 2 the latest release. If you want 2 understand intrusion detection a little better & you are considering 2 try Snort, then this books is fine. If you want or need more, this just isn't the book.

I got this book & read through it (didn't take me long. It's pretty short & actually has less than 200 pages really covering Snort). I was disappointed that it did not come with a CD with all the software. Also, this book covers Snort 1.9.0, but 2.0 just came out. I'm not sure why they didn't update everything 2 the latest version, which would have made it much more usefel. I guess it's not bad if you really just want a quick introduction 2 IDSs & Snort, but look elsewhere if you really want an in depth book on Snort.

Network security has become an important part of corporate IT strategy & safeguarding all the nooks & crannies of your network can be timely & expensive. This book provides information about how 2 use free Open Source tools 2 build & manage an Intrusion Detection System. Rehman provides detailed information about using SNORT as an IDS & using Apache, MySQL, PHP & ACID 2 analyze intrusion data. The book contains custom scripts, real-life examples 4 SNORT, & to-the-point information about installing SNORT IDS so readers can build & run their sophisticated intrusion detection systems.SNORT is your network's packet sniffer that monitors network traffic in real time, scrutinizing each packet closely 2 detect a dangerous payload or suspicious anomalies.NSS Group, a European network security testing organization, tested SNORT along with intrusion detection system (IDS) products from 15 major vendors including Cisco, Computer Associates, & Symantec. According 2 NSS, SNORT, which was the sole Open Source freeware product tested, clearly outperformed the proprietary products.Part of the Bruce Perens' Open Source Series