Today on Blogcritics
Home » Books » Book Reviews » Book Review: Snort Cookbook

Book Review: Snort Cookbook

Please Share...Tweet about this on Twitter0Share on Facebook0Share on Google+0Share on LinkedIn0Pin on Pinterest0Share on TumblrShare on StumbleUpon0Share on Reddit0Email this to someone

Anyone in information security knows the de facto standard for network intrusion detection is Snort. The problem is that while the documentation for Snort is ok, many of tha add-on functions, plugins, and associated applications are lacking or non-existent. This book tries to bring into one place all the things one could want to do with Snort and put it in one place. In a large part, it succeeds.

It does miss a few things along the way, such as management tools like BASE (the replacement for ACID which is not being developed anymore), and sguil. It also tends more to explain how to do things than why to do things, and I believe the section on sensor placement could be expanded. Lastly, I think the portion on legal aspects of intrusion detection and evidence can be expanded, but that might need to be taken with a grain of salt, because I am a legal wonk. To be fair, a book of this type can’t cover everything in great detail.

As someone who does run Snort and has been working on ways to expand some of the data I get to it, it has proven to be a valuable resource which far outweighs the few things I found lacking. It is the only resource of its kind I know to exist. It brings to light some tools which I haven’t thought of using the way it suggests, like perfmonitor and clamav. I came away from reading this book with solid ideas and tools which I plan to add into Snort. If you are looking for solid documentation on Snort and the tools and tricks you can use with it, this is your book.

Crossposted at Ravings of John C. A. Bambenek.

Powered by

About John Bambenek

John Bambenek is a political activist and computer security expert. He has his own company Bambenek Consulting in Champaign, IL that specializes in digital forensics and computer security investigations.
  • http://selfaudit.blogspot.com Aaman

    You should check out “Hacking Exposed” )3-5240-01700-7965) – pretty comprehensive intrusion detection, exploit track, etc. book