Intrusion Detection With SNORT, Apache, MySQL, PHP, And ACID 1st Edition

This was very helpful in getting our Snort implementation into production. We have a more complicated setup, capturing packets on both the internal and external interfaces and this resource was invaluable in helping us get over that last hurdle.

the only books that has the smell of linux how to type explanationnot a book publish style

* It is an Intro Level book.* References to Networking, Internetworking, and ICP/IP are bad and inaccurate.I have only read the first three chapters, but I am writing a review nonetheless.I will still continue to read this book, I still think it has information I can learn from.Ya, this is worth mentioning. Someone trying to learn Snort, should not be hit with inaccurate and misleading usage of network terms.For a reader, who is new to the IT world, who does not realize this author is being misleading in the use of networking terms and concepts (or perhaps the author simply does not know what he himself is talking about, which is not good), it can be confusing. The reader might even learn incorrect or inaccurate networking terms and concepts, which would not be good for the reader !!!Leaning IT is challenging enough, especially for new people; INACCURACIES, misleading, or non-explicit use of terms, should NEVER be part of an IT document, paper, or book.If YOU KNOW NOTHING OF --== Networking ==-- or --== Snort ==--, do not take everything in this book at 100% face value.The references to Internetworking are bad. If you do not already know Internetworking and the related terminology and concepts, just know the Networking terms and concepts presented in this book are not accurate. I mean they can confuse you if you do not already know the subject matter.For example, the TCP/IP protocol stack, or model, has ONLY FOUR Layers not Five. The Physical Layer is NOT part of the TCP/IP Architectural Model.YES, this book's primary subject is "Snort," but references to other subjects, such as the references to networking, NEED to be accurate !!!Just know the use of networking terms in this book is INACCURATE !!It will confuse you if you do not already know the subject matter and realize the author's mistakes or lack of knowledge of the subject of networking.Here are a couple easily accessed and ACCURATE references on networking concepts and terminology:* [...]* [...]This author would FAIL an exam on Networking Fundamentals, or Internetworking Fundamentals. Bottom line, "" F "" for a grade.Like the author's use of "point-to-point data communication" in reference to Layer 3 IP Networking.That could be mistaken for, or confused with, the "point-to-point protocol" (PPP) which is an OSI LAYER 2 Protocol and has nothing to with OSI Layer 3 or even the IP Protocol.The author should have used something like "Layer 3 to Layer 3," or "end-to-end," data communication between two nodes.But AGAIN, since he is REFERENCING THE TCP/IP MODEL and not the Open System Interconnection (OSI) Model in his book, he is not evening referencing the correct Layer. Layer 3 of the OSI Model is Layer 2 of the TCP/IP Model.He just uses terms that he should be more selective or explicit about.Like the reference to "Ethernet breaking up an IP packet into smaller segments to satisfy the Ethernet 1500 byte Maximum Transmission Unit (MTU) limitation."It should say something like:"Ethernet breaking up an IP Datagram into smaller portions, or pieces, in order to satisfy the Ethernet Frame's 1500 byte Maximum Transmission Unit (MTU) limitation.""Segment" should, as much as possible be limited to "TCP Segment" when discussing networking. He should say breaking it up into smaller portions, not segments. Ethernet does not use segments, EXCEPT for the ESTABLISHMENT of COLLISION DOMAINS. But CSMA/CD is an entirely different subject matter itself. Ethernet segments dealing with CSMA/CD is an OSI Model Layer 1 topic. There just needs to be better explicit use of terminology. Someone unfamiliar with networking might take the misuse of terms literally, or as being a factual statement.For example, the paragraph above just referred to the term "Segment" in more than one way or concept. A new person who does not know what is being discussed would be confused if "Segment" were to be used time and time again in misleading or incorrect ways.... "What ...."The term "Segment" or "Segments." in reference to Protocol Data Units (PDU) should be explicit to "TCP SEGMENTS" and the use of the term "segment," in a document that includes a discussion on networking that is above the Physical Layer, should be limited to TCP subject matter, as much as possible."Packet" is more associated with the OSI Reference Network Model. When talking explicitly about IP and the the TCP/IP network model, IP Datagram is the better term.For a reader, who does not yet know "EXPLICIT network terminology and concepts" this author's misuse of terms might be an issue of confusion.The author uses the term "Packet" too generically.TCP "Segments," UDP "Datagrams," IP "Datagrams," Ethernet "Frames," ATM "Cells."A "Datagram" is any connectionless Protocol Data Unit (PDU). Internet Protocol (IP) is connectionless.Like MATH. If you are talking about WHOLE NUMBERS, you do not want to confuse them with NATURAL NUMBERS, or Qualities with Inequalities.I mean if you were to read, or studied, a math book that confused, or misused, terms or concepts, you would TRASH it !!!!!The Earth is FLAT, but if you look up at the night's sky, you can see a ROUND Moon. TRASH as far as science and technology goes.The author just mismatches terms and words that he should not mismatch !!!For a reader, who is new to the IT world, who does not realize this author is being misleading in the use of networking terms and concepts (or perhaps the author simply does not know what he himself is talking about, which is not good), it can be confusing. The reader might even learn incorrect or inaccurate networking terms and concepts, which would not be good for the reader !!!Leaning IT is challenging enough, especially for new people; INACCURACIES, misleading, or non-explicit use of terms, should NEVER be part of an IT document, paper, or book.

This book is an effective introduction to Intruder Detection, demonstrating how popular open-source tools can be used. I found the code samples, table, diagrams and screenshots to be clear and useful. I learned what I'd hoped to learn and feel empowered to set up an IDS myself. Plenty of links and resources when I want to learn more.I read a few of the other reviews here after I read the book... especially Richard B's. I noticed some of the same techinical mistakes, but don't feel that they are a big deal. As a sr. software engineer and techinical editor, I always read critically, just mentally note them and continue. They aren't the kind of mistakes that make the code useless, or would confuse/mislead any level of reader. Another editing pass would help most books, and I none of the grammar mistakes annoy me - I read to learn what I can and move on, not to nitpick or get annoyed.As far as 1.9 vs. 2.0, I've looked at the snort site and agree that the release is signficant, but it doesn't break backwards compatibility, so it doesn't make this book any less revelant. 2.0 seems to mostly change the backend implementation - *the application is used identically* so I suspect the vast majority of this book is unaffected. The Syngress book covers 2.0, yet so does the website, which hypes this two-times-more-expensive book. That book too will no doubt soon be superceded, so read whatever you buy immediately ;-)

This is the first book that I read on Snort, and I wish I had gone with something else. This book really reads like more of an overview of intrusion detection and Snort, rather than a useful reference for actually using Snort. This would be fine if the title did NOT include the words "Advanced" or "Techniques," because there is not a lot of either in this book. It also doesn't help that it's not written to the latest release. If you want to understand intrusion detection a little better and you are considering to try Snort, then this books is fine. If you want or need more, this just isn't the book.