[Snort-users] Snort-IDS-HOWTO

Martin Roesch roesch at ...421...
Fri Oct 27 17:36:14 EDT 2000


There's a new book out by Paul Proctor called "Practical Intrusion Detection
Handbook" that's probably worth a look as well...

Northcutt's book has just been released in its second edition and now contains
info on Snort as well.

    -Marty

Gregor Binder wrote:
> 
> Andrea Barisani on Fri, Oct 27, 2000 at 01:08:15PM +0200:
> 
> Hi,
> 
> > I think that it would be nice writing a general IDS-HOWTO, defining common
> > intrusion detection system installation and configuration but also general
> > policies and actions to take against an intrusion, rules for
> > interpretation of log files and packet dump, hints for avoiding false
> > alerts, other general procedures for maintenance and so on...
> 
> the things you mention are enough to fill a book if you want to do
> more than scratch the surface of each topic. In fact, they have
> already filled a book (Stephen Northcutt, Network Intrusion Detection,
> An Analyst's Handbook) that I can recommend if you are looking for
> general information.
> 
> Don't expect to find installation instructions for specific products,
> this in turn is what I would think a HOWTO is for. Even though I don't
> find snort particularly hard to deploy and the documentation that
> comes with it is fairly good in that respect.
> 
> Don't let that stop you though .. :)
> 
>   Gregor.
> 
> --
> Gregor Binder  <gbinder at ...462...>  http://www.sysfive.com/~gbinder/
> sysfive.com GmbH             UNIX. Networking. Security. Applications.
> Gaertnerstrasse 125b, 20253 Hamburg, Germany       TEL +49-40-63647482
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch
roesch at ...421...
http://www.snort.org



More information about the Snort-users mailing list