Intrusion Detection Systems with Snort - Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID
ISBN : 0131407333
Cover Design - Intrusion Detection Systems with Snort - Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID
For your free electronic copy of this book please verify the numbers below.
(We need to do this to make sure you're a person and not a malicious script)
Sample Chapter From Intrusion Detection Systems with Snort - Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID
Copyright © Rafeeq Ur Rehman
Introduction to Intrusion Detection and Snort
Security is a big issue for all networks in today’s enterprise environment. Hackers and intruders have made many successful attempts to bring down high-profile company networks and web services. Many methods have been developed to secure the network infrastructure and communication over the Internet, among them the use of firewalls, encryption, and virtual private networks. Intrusion detection is a relatively new addition to such techniques. Intrusion detection methods started appearing in the last few years. Using intrusion detection methods, you can collect and use information from known types of attacks and find out if someone is trying to attack your network or particular hosts. The information collected this way can be used to harden your network security, as well as for legal purposes. Both commercial and open source products are now available for this purpose. Many vulnerability assessment tools are also available in the market that can be used to assess different types of security holes present in your network. A comprehensive security system consists of multiple tools, including:
• Firewalls that are used to block unwanted incoming as well as outgoing traffic of data. There is a range of firewall products available in the market both in Open Source and commercial products. Most popular commercial firewall products are from Checkpoint (http://www.checkpoint.com), Cisco (http://www.cisco.com) and Netscreen (http://www.netscreen.com). The most popular Open Source firewall is the Netfilter/Iptables (http://www.netfilter.org)-based firewall.
• Intrusion detection systems (IDS) that are used to find out if someone has gotten into or is trying to get into your network. The most popular IDS is Snort, which is available at http://www.snort.org.
• Vulnerability assessment tools that are used to find and plug security holes present in your network. Information collected from vulnerability assessment tools is used to set rules on firewalls so that these security holes are safeguarded from malicious Internet users. There are many vulnerability assessment tools including Nmap (http://www.nmap.org) and Nessus (http://www.nessus.org).
These tools can work together and exchange information with each other. Some products provide complete systems consisting of all of these products bundled together. Snort is an open source Network Intrusion Detection System (NIDS) which is available free of cost. NIDS is the type of Intrusion Detection System (IDS) that is used for scanning data flowing on the network. There are also host-based intrusion detection systems, which are installed on a particular host and detect attacks targeted to that host only. Although all intrusion detection methods are still new, Snort is ranked among the top quality systems available today.
The book starts with an introduction to intrusion detection and related terminology. You will learn installation and management of Snort as well as other products that work with Snort. These products include MySQL database (http://www.mysql.org) and Analysis Control for Intrusion Database (ACID) (http://www.cert.org/kb/acid). Snort has the capability to log data collected (such as alerts and other log messages) to a database. MySQL is used as the database engine where all of this data is stored. Using Apache web server (http://www.apache.org) and ACID, you can analyze this data. A combination of Snort, Apache, MySQL, and ACID makes it possible to log the intrusion detection data into a database and then view and analyze it later, using a web interface.