snort.org recommended reading? (was Re: [Snort-users] General Snort Help!)

twig les twigles at ...131...
Wed Jan 22 09:20:02 EST 2003


I would love to attend the SANS course on ID, in fact
I keep trying to volunteer when they hit southern
california.  But 3 grand just isn't in most IT budgets
anymores, and it certainly isn't in my personal one. 
If anyone *does* have a training budget, here is the
course:
http://www.sans.org/SANS2003/track3.php


--- JOHN R BLACKMORE <JBLACKMORE at ...6367...> wrote:
> Attend a SANS seminar/course on IDS.
> www.sans.org
> 
>
-----------------------------------------------------------------------------------
> 
> From: twigles at ...131...
> To: erek at ...950..., LCannavale at ...8048...
> Cc: snort-users at lists.sourceforge.net
> Date: Tue, 21 Jan 2003 20:36:16 -0800
> Subject: snort.org recommended reading? (was Re:
> [Snort-users] General Snort Help!)
> 
> I was reading this message and thinking that maybe
> it
> would be a good idea for snort.org to have a little
> tab under the /docs page for recommended reading
> (books).  I didn't want to suggest it since snort
> developers may not want to seem to endorse certain
> authors, but then Ereks reply named 4 books, the
> first
> 3 which had popped into my head.  Specifically the
> two
> Northcutts and the Stevens books.
> 
> Just a thought.
> 
> 
> --- Erek Adams <erek at ...950...> wrote:
> > On Tue, 21 Jan 2003, Lorraine Cannavale wrote:
> >
> > > Hello, I am very new at the whole Intrusion
> > Detection Process and especially
> > > snort.
> > > There is a network administrator here that has
> > installed an IDS utilizing
> > > snort, etc and is responsible for maintaining
> the
> > system.
> > > I was hired by the Security Administrator to
> help
> > monitor the alerts on a
> > > daily basis, analyze the data, and help reduce
> the
> > false positives.
> > > So, I have the easy job, but I'm having major
> > difficulties understanding
> > > what the alerts actually mean and deciphering
> what
> > is a false positive, true
> > > intrusion, or just an informational alert.  I
> have
> > read the Snort user
> > > manual, understand how to read the rules, and
> have
> > found some information on
> > > the alerts, but it is still confusing to me.
> > >
> > > Can anyone recommend additional resources that
> > would help me (books, on-line
> > > manuals, or web sites)?
> > > I've read emails from the Snort mailing list and
> > this all seems to make a
> > > lot of sense to everyone else, I'm curious how
> you
> > all obtained your
> > > knowledge and if there is anything you can share
> > with me!?
> >
> > [...snip...]
> >
> > In my opinion, in order of need/usefulness:
> >
> > TCP/IP Illustrated, Volume 1 The Protocols by W.
> > Richard Stevens
> >      ISBN 0201633469
> >
> > Network Intrusion Detection An Analyst's Handbook
> by
> >  Stephen Northcutt
> >      ISBN 0735708681
> >
> > Intrusion Signatures and Analysis by Stephen
> > Northcutt
> >      ISBN 0735710635
> >
> > Intrusion Detection by Rebecca G. Bace
> >      ISBN 1578701856
> >
> > The rest....  Well, just get on a .edu network and
> > learn.  ;-)
> >
> > Hope that's of some help!
> >
> > -----
> > Erek Adams
> >
> >    "When things get weird, the weird turn pro."
> > H.S. Thompson
> >
> >
> >
>
-------------------------------------------------------
> > This SF.net email is sponsored by: Scholarships
> for
> > Techies!
> > Can't afford IT training? All 2003 ictp students
> > receive scholarships.
> > Get hands-on training in Microsoft, Cisco, Sun,
> > Linux/UNIX, and more.
> > www.ictp.com/training/sourceforge.asp
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or
> > unsubscribe:
> >
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> >
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> =====
>
-----------------------------------------------------------
> Know yourself and know your enemy and you will never
> fear defeat.
>
-----------------------------------------------------------
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up
> now.
> http://mailplus.yahoo.com
> 
> 
>
-------------------------------------------------------
> This SF.net email is sponsored by: Scholarships for
> Techies!
> Can't afford IT training? All 2003 ictp students
> receive scholarships.
> Get hands-on training in Microsoft, Cisco, Sun,
> Linux/UNIX, and more.
> www.ictp.com/training/sourceforge.asp
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
Know yourself and know your enemy and you will never fear defeat.         
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




More information about the Snort-users mailing list