Rating: 
Summary: The current leader in the Snort IDS book arms race
Review: "Snort 2.0" offers content not found in other books on Snort, such as Tim Crothers' more generic "Implementing IDS" (4 stars) and Rafeeq Rehman's "Intrusion Detection with Snort." (3 stars) I've read the best IDS books, and used IDS technology, since 1998, and "Snort 2.0" is the first to give real insight into an IDS' inner workings. Thanks to the technical knowledge of the author team, "Snort 2.0" earns the reader's appreciation by explaining how and why the open source Snort IDS works its magic.
"Snort 2.0" starts well with a short history of Marty Roesch's favorite project, followed by solid explanations of the key elements of Snort's architecture in ch. 2. The actual workings of the Snort code is expanded upon in ch. 4 (modes), 5 (rules), and 6 (packet handling and preprocessors). One could read these sections and get a real sense of how the stream4 preprocessor works, for example. These sections are augmented by helpful tangents on compiling source code (ch. 3) and updates via CVS (ch. 9). This attention to detail and desire to include related information demonstrates a high level of commitment to the reader's education.
"Snort 2.0" has several technical errors or typos which prevented me from giving a 5 star review. p. 110's diagram of a TCP sessions should say "SYN, SYN-ACK, ACK", not "SYN, ACK, SYN-ACK". Later on that page, the author claims "The server replies with a SYN/ACK if the port is open, and a SYN/RST if the port is not listening." The correct closed response is "RST/ACK". p. 203 implies one can scan for open ports with the ACK flag set to evade stateless packet filters. This is wrong, as scanning with the ACK flag set only helps host discovery. I found the reprinting of multiple pages of C code unnecessary. I also wished the sections on building preprocessors had started from scratch, rather than explain an existing preprocessor.
Overall, I found "Snort 2.0" enlightening. The authors have a powerful understanding of the workings of Snort, and apply it in novel ways. "Policy-based IDS" in ch. 12 is one example, while the "rule categorization" chart in ch. 10 is another. Only the Wiley "Deploying Snort 2.0" book, due this fall, has a chance to displace "Snort 2.0" in the Snort-focused IDS book arena.
Rating:
Summary: The current leader in the Snort IDS book arms race
Review: "Snort 2.0" offers content not found in other books on Snort, such as Tim Crothers' more generic "Implementing IDS" (4 stars) and Rafeeq Rehman's "Intrusion Detection with Snort." (3 stars) I've read the best IDS books, and used IDS technology, since 1998, and "Snort 2.0" is the first to give real insight into an IDS' inner workings. Thanks to the technical knowledge of the author team, "Snort 2.0" earns the reader's appreciation by explaining how and why the open source Snort IDS works its magic.
"Snort 2.0" starts well with a short history of Marty Roesch's favorite project, followed by solid explanations of the key elements of Snort's architecture in ch. 2. The actual workings of the Snort code is expanded upon in ch. 4 (modes), 5 (rules), and 6 (packet handling and preprocessors). One could read these sections and get a real sense of how the stream4 preprocessor works, for example. These sections are augmented by helpful tangents on compiling source code (ch. 3) and updates via CVS (ch. 9). This attention to detail and desire to include related information demonstrates a high level of commitment to the reader's education.
"Snort 2.0" has several technical errors or typos which prevented me from giving a 5 star review. p. 110's diagram of a TCP sessions should say "SYN, SYN-ACK, ACK", not "SYN, ACK, SYN-ACK". Later on that page, the author claims "The server replies with a SYN/ACK if the port is open, and a SYN/RST if the port is not listening." The correct closed response is "RST/ACK". p. 203 implies one can scan for open ports with the ACK flag set to evade stateless packet filters. This is wrong, as scanning with the ACK flag set only helps host discovery. I found the reprinting of multiple pages of C code unnecessary. I also wished the sections on building preprocessors had started from scratch, rather than explain an existing preprocessor.
Overall, I found "Snort 2.0" enlightening. The authors have a powerful understanding of the workings of Snort, and apply it in novel ways. "Policy-based IDS" in ch. 12 is one example, while the "rule categorization" chart in ch. 10 is another. Only the Wiley "Deploying Snort 2.0" book, due this fall, has a chance to displace "Snort 2.0" in the Snort-focused IDS book arena.
Rating: 
Summary: Not Worth The Money
Review: First of all, this book has way too many grammar mistakes. Secondly, go to the snort web site and download their PDF documents because they are free. I compared the snort documentation against this book and it is almost exactly the same. So they knew how to take snort's PDF and make it into a book. I will give them credit for that. I expected a lot more than what I had already read on snort's website.There were a few errors on setting up ACID, but having read snort's documentation already, it was easily figured out. Too bad I can't get my money back because if I knew it was this bad, I would have never bought it.
Rating: 
Summary: Pig Bytes
Review: Great book. I especially appreciated the technical detail that Jay Beale put into the Preprocessor section. Just the type of technical detail necessary for this complex topic. Brian did a great job putting this book together, it was definitely needed by the community. This book is a good guide to help the novice snorter through the mud of deploying snort at home or work. Good stuff. thanks for writing this!
Rating:
Summary: Pig Bytes
Review: Great book. I especially appreciated the technical detail that Jay Beale put into the Preprocessor section. Just the type of technical detail necessary for this complex topic. Brian did a great job putting this book together, it was definitely needed by the community. This book is a good guide to help the novice snorter through the mud of deploying snort at home or work. Good stuff. thanks for writing this!
Rating:
Summary: An excellent choice for anyone wishing to learn IDS
Review: Having helped author this book, I believe it will prove a solid training ground for anyone who is interested in learning Snort intrusion detection inside and out. From beginning to end, this book will guide you through IDS concepts, Snort installation, configuration, and optimization. Highly recommended.
Rating: 
Summary: Good for the layman...
Review: Hmm, this book has some good info, but overall it just didn't delve into the kind of detail I was looking for.. essentially it was a big dissapointment. I think the other books I've read on SNORT have been much better than this. Not reccomended.
Rating:
Summary: YES!
Review: I have been a diehard Snort user and member of the community since day one. Snort is awesome and there are so many incredibly talented people involved with it. I always wished that there was a book that documented everything, and gave lots of very cool information on all of the inner workings. I was psyched when I heard this book was being written, and I orderd it before it came out. I got mine on Friday and spent the weekend reading it. Considering the guys (and gal!) who wrote it, I shouldn't be surprised that the book rocks. Everything you ever wanted to know about Snort is in there. And, you know you are getting it from the Pig's mouth--er, or Snout ;)
Rating:
Summary: Read this book if you use Snort
Review: I have been running Snort on my company's network for a couple of years, and I rely on it heavily. I know my way around Snort pretty well, but this book still helped me with a lot of stuff that I did not know as well. The whole book is great, but in particular I thought the chapters on preporcessors and Barnyard were just awesome. I've never seen coverage like this on these two topics anywhere.
Rating:
Summary: Very Good and much needed book
Review: I just finished reading this book and found it to be very comprehensive and accurate all the way through. There are really no other books yet on Snort, so the authors did a very good job of writing a book that can be used by people of varying levels. Some technical books are too simple for some but too advanced for others. This book starts with the basics on installation, configuration, etc. to get you going. It then goes on to much more advanced chapters on optimization, rules, etc. The authors also do a very good job of explaining in very clear writing how Snort actually works. Like most things, if you can actually understand what is going on,it becomes much easier to use. Definitely recommended if you have been using Snort for some time and always wanted one, good book. Or, if you've stayed away from Snort in the past because there was no documentaion.
|
