"Managing Security with Snort and IDS Tools" Released by O'Reilly

For Immediate Release
For more information, a review copy, cover art, or an interview with
the authors, contact:
Kathryn Barrett (707) 827-7094 or kathrynb@oreilly.com
	
Intrusion Detection with Open Source Tools
O'Reilly Releases "Managing Security with Snort and IDS Tools"

Sebastopol, CA--In olden days--say two or so years ago--an administrator
would use a firewall to protect a network from attack. It was easy then to
establish where your network ended and the Internet began.  Not so today.
"Technological advances and decreasing costs for wide area network
technologies have eroded this concept of a perimeter," explain Kerry Cox
and Christopher Gerg, authors of "Managing Security with Snort and IDS
Tools" (O'Reilly, US $39.95). "Virtual private networks, or VPNs, have all
but replaced conventional dial-up modem pools," they observe. "Most users
have high-speed DSL or Cable Modem service, and the VPN makes the user
feel like he's sitting at his desk. Some VPNs use an appliance that sits
on the perimeter of the network and has the capability of controlling how
the network is used remotely." While this is convenient for telecommuters,
it's a real risk for most networks. A virus- or worm-infected system on
the user's home network will have unfettered access to your network--a
high-speed highway that allows rapid propagation of an aggressive worm.

But there are effective defenses, maintain Cox and Gerg: configure systems
according to industry-accepted best practices, securely aggregate system
logs in one place, segregate the network to control access and "wall-off"
remote connections, and so on.  And finally, take steps to detect and
prevent intrusions on the network and systems. "The important thing to
remember is not to trust a single component of your security framework for
all your security," Cox and Gerg remind readers.  "If you are able to,
apply security as close to the thing you are trying to secure as possible.
These steps will help you stop at least eighty percent of the attacks.
Intrusion detection should catch the remaining twenty percent."

In "Managing Security with Snort and IDS Tools," the authors show network
and system administrators how to effectively employ the Snort Intrusion
Detection System to fend off attack. A powerful open source tool, Snort
watches a network constantly, inspecting all the traffic, on guard for
suspicious activity, then warning the administrator when something fishy
is going on.

As coauthor Gerg explains, Snort regularly outperforms more expensive and
elaborate intrusion detection systems. "When consulting with clients
looking into integrating intrusion detection into their environment, I
found that many were looking for a commercial solution from one of the
'big boys' in the network security industry, but Snort is almost
universally the right choice for people interested in network intrusion
detection."

Network, system, and security administrators who take a disciplined
approach to security management will especially benefit from the book,
Gerg notes. "These are people that check their system logs, know their
environment, and know how the systems in their organization are used.
These folks will benefit most from implementing network intrusion
detection.  And the content of our book is careful to explain things in a
clear, step-by-step manner, so readers don't have to be a guru-level
security experts to put this information to work."

While exploring the full range of Snort's capabilities in "Managing
Security with Snort and IDS Tools," readers will learn how to:

-Use Snort as a simple packet sniffer, packet logger, or full-blown IDS
-Install and configure Snort
-Use Snort to detect attacks
-Manage Snort rules
-Customize Snort rules for or write new rules to respond to new kinds of
attacks
-Use Snort as an Intrusion Prevention System
-Use Snort management consoles ACID and SnortCenter
-Use Oinkmaster for automatic rule updates and other tools
-Use Snort on high-bandwidth networks with tools like Barnyard, Sguil, and
I(DS)2

Anyone who has ever watched traffic on a network knows how frequently it's
attacked. Although it is impossible to personally monitor even the most
moderate bandwidth, administrators don't have to operate blind. "Managing
Security with Snort and IDS Tools" shows readers how to monitor their
networks constantly, even while sleeping.

Additional Resources:

Chapter 6, "Deploying Snort," is available online at:
http://www.oreilly.com/catalog/snortids/chapter/index.html

For more information about the book, including table of contents, index,
author bios, and samples, see:
http://www.oreilly.com/catalog/snortids/index.html

For a cover graphic in JPEG format, go to:
ftp://ftp.ora.com/pub/graphics/book_covers/hi-res/0596006...

Managing Security with Snort and IDS Tools
Kerry Cox and Christopher Gerg
ISBN 0-596-00661-6, 269 pages, $39.95 US, $57.95 CA
order@oreilly.com
1-800-998-9938
1-707-827-7000
http://www.oreilly.com

About O'Reilly
O'Reilly Media, Inc. is the premier information source for leading-edge
computer technologies. The company's books, conferences, and web sites
bring to light the knowledge of technology innovators. O'Reilly books,
known for the animals on their covers, occupy a treasured place on the
shelves of the developers building the next generation of software.
O'Reilly conferences and summits bring alpha geeks and forward-thinking
business leaders together to shape the revolutionary ideas that spark new
industries. From the Internet to XML, open source, .NET, Java, and web
services, O'Reilly puts technologies on the map. For more information:
http://www.oreilly.com

# # #

O'Reilly is a registered trademark of O'Reilly Media, Inc. All other
trademarks are property of their respective owners.