Snort Cookbook

Jacob Babbin
Simon Biles
Angela D. Orebaugh

If you are a network administrator, you're under a lot of pressure to ensure that mission-critical systems are completely safe from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is an essential--but often overwhelming--challenge. Snort, the defacto open source standard of intrusion detection tools, is capable of performing real-time traffic analysis and packet logging on IP network. It can perform protocol analysis, content searching, and matching. Snort can save countless headaches; the new Snort Cookbook will save countless hours of sifting through dubious online advice or wordy tutorials in order to leverage the full power of SNORT. Each recipe in the popular and practical problem-solution-discussion O'Reilly cookbook format contains a clear and thorough description of the problem, a concise but complete discussion of a solution, and real-world examples that illustrate that solution. The Snort Cookbook covers important issues that sys admins and security pros will us everyday, such as:

* installation
* optimization
* logging
* alerting
* rules and signatures
* detecting viruses
* countermeasures
* detecting common attacks
* administration
* honeypots
* log analysis

But the Snort Cookbook offers far more than quick cut-and-paste solutions to frustrating security issues. Those who learn best in the trenches--and don't have the hours to spare to pore over tutorials or troll online for best-practice snippets of advice--will find that the solutions offered in this ultimate Snort sourcebook not only solve immediate problems quickly, but also showcase the best tips and tricks they need to master be security gurus--and still have a life.

Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks

Michal Zalewski

Author Michal Zalewski has long been known and respected in the hacking and security communities for his intelligence, curiosity and creativity, and this book is truly unlike anything else out there. In Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, Zalewski shares his expertise and experience to explain how computers and networks work, how information is processed and delivered, and what security threats lurk in the shadows. No humdrum technical white paper or how-to manual for protecting one's network, this book is a fascinating narrative that explores a variety of unique, uncommon and often quite elegant security challenges that defy classification and eschew the traditional attacker-victim model.

Security in Computing

Charles P. Pfleeger - Pfleeger Consulting Group
Shari Lawrence Pfleeger - RAND Corporation

The New State-of-the-Art in Information Security: Now Covers the Economics of Cyber Security and the Intersection of Privacy and Information Security

For years, IT and security professionals and students have turned to Security in Computing as the definitive guide to information about computer security attacks and countermeasures. In their new fourth edition, Charles P. Pfleeger and Shari Lawrence Pfleeger have thoroughly updated their classic guide to reflect today's newest technologies, standards, and trends.

The authors first introduce the core concepts and vocabulary of computer security, including attacks and controls. Next, the authors systematically identify and assess threats now facing programs, operating systems, database systems, and networks. For each threat, they offer best-practice responses.

Security in Computing, Fourth Edition, goes beyond technology, covering crucial management issues faced in protecting infrastructure and information. This edition contains an all-new chapter on the economics of cybersecurity, explaining ways to make a business case for security investments. Another new chapter addresses privacy--from data mining and identity theft, to RFID and e-voting.

New coverage also includes

* Programming mistakes that compromise security: man-in-the-middle, timing, and privilege escalation attacks
* Web application threats and vulnerabilities
* Networks of compromised systems: bots, botnets, and drones
* Rootkits--including the notorious Sony XCP
* Wi-Fi network security challenges, standards, and techniques
* New malicious code attacks, including false interfaces and keystroke loggers
* Improving code quality: software engineering, testing, and liability approaches
* Biometric authentication: capabilities and limitations
* Using the Advanced Encryption System (AES) more effectively
* Balancing dissemination with piracy control in music and other digital content
* Countering new cryptanalytic attacks against RSA, DES, and SHA
* Responding to the emergence of organized attacker groups pursuing profit

Network Security Tools

Justin Clarke
Nitesh Dhanjani

If you're an advanced security professional, then you know that the battle to protect online privacy continues to rage on. Security chat rooms, especially, are resounding with calls for vendors to take more responsibility to release products that are more secure. In fact, with all the information and code that is passed on a daily basis, it's a fight that may never end. Fortunately, there are a number of open source security tools that give you a leg up in the battle. Often a security tool does exactly what you want, right out of the box. More frequently, you need to customize the tool to fit the needs of your network structure. Network Security Tools shows experienced administrators how to modify, customize, and extend popular open source security tools such as Nikto, Ettercap, and Nessus. This concise, high-end guide discusses the common customizations and extensions for these tools, then shows you how to write even more specialized attack and penetration reviews that are suited to your unique network environment. It also explains how tools like port scanners, packet injectors, network sniffers, and web assessment tools function. Some of the topics covered include:

* Writing your own network sniffers and packet injection tools
* Writing plugins for Nessus, Ettercap, and Nikto
* Developing exploits for Metasploit
* Code analysis for web applications
* Writing kernel modules for security applications, and understanding rootkits

While many books on security are either tediously academic or overly sensational, Network Security Tools takes an even-handed and accessible approach that will let you quickly review the problem and implement new, practical solutions--without reinventing the wheel. In an age when security is critical, Network Security Tools is the resource you want at your side when locking down your network.

UNIX® Network Programming Volume 1: The Sockets

W. Richard Stevens
Bill Fenner
Andrew M. Rudoff

The classic guide to UNIX networking APIs... now completely updated!

To build today's highly distributed, networked applications and services, you need deep mastery of sockets and other key networking APIs. One book delivers comprehensive, start-to-finish guidance for building robust, high-performance networked systems in any environment: UNIX Network Programming, Volume 1, Third Edition.

Building on the legendary work of W. Richard Stevens, this edition has been fully updated by two leading network programming experts to address today's most crucial standards, implementations, and techniques. New topics include:

* POSIX Single UNIX Specification Version 3

* IPv6 APIs (including updated guidance on IPv6/IPv4 interoperability)

* The new SCTP transport protocol

* IPsec-based Key Management Sockets

* FreeBSD 4.8/5.1, Red Hat Linux 9.x, Solaris 9, AIX 5.x, HP-UX, and Mac OS X implementations

* New network program debugging techniques

* Source Specific Multicast API, the key enabler for widespread IP multicast deployment

The authors also update and extend Stevens' definitive coverage of these crucial UNIX networking standards and techniques:

* TCP and UDP transport

* Sockets: elementary, advanced, routed, and raw

* I/O: multiplexing, advanced functions, nonblocking, and signal-driven

* Daemons and inetd

* UNIX domain protocols

* ioctl operations

* Broadcasting and multicasting

* Threads

* Streams

* Design: TCP iterative, concurrent, preforked, and prethreaded servers

Since 1990, network programmers have turned to one source for the insights and techniques they need: W. Richard Stevens' UNIX Network Programming. Now, there's an edition specifically designed for today's challenges--and tomorrow's.

Building Internet Firewalls

D. Brent Chapman
Elizabeth D. Zwicky

In the five years since the first edition of this classic book was published, Internet use has exploded. The commercial world has rushed headlong into doing business on the Web, often without integrating sound security technologies and policies into their products and methods. The security risks--and the need to protect both business and personal data--have never been greater. We've updated "Building Internet Firewalls" to address these newer risks.

What kinds of security threats does the Internet pose? Some, like password attacks and the exploiting of known security holes, have been around since the early days of networking. And others, like the distributed denial of service attacks that crippled Yahoo, E-Bay, and other major e-commerce sites in early 2000, are in current headlines.

Firewalls, critical components of today's computer networks, effectively protect a system from most Internet security threats. They keep damage on one part of the network--such as eavesdropping, a worm program, or file damage--from spreading to the rest of the network. Without firewalls, network security problems can rage out of control, dragging more and more systems down.

Like the bestselling and highly respected first edition, "Building Internet Firewalls," 2nd Edition, is a practical and detailed step-by-step guide to designing and installing firewalls and configuring Internet services to work with a firewall. Much expanded to include Linux and Windows coverage, the second edition describes:

Firewall technologies: packet filtering, proxying, network address translation, virtual private networks

Architectures such as screening routers, dual-homed hosts, screened hosts, screenedsubnets, perimeter networks, internal firewalls

Issues involved in a variety of new Internet services and protocols through a firewall

Email and News

Web services and scripting languages (e.g., HTTP, Java, JavaScript, ActiveX, RealAudio, RealVideo)

File transfer and sharing services such as NFS, Samba

Remote access services such as Telnet, the BSD "r" commands, SSH, BackOrifice 2000

Real-time conferencing services such as ICQ and talk

Naming and directory services (e.g., DNS, NetBT, the Windows Browser)

Authentication and auditing services (e.g., PAM, Kerberos, RADIUS);

Administrative services (e.g., syslog, SNMP, SMS, RIP and other routing protocols, and ping and other network diagnostics)

Intermediary protocols (e.g., RPC, SMB, CORBA, IIOP)

Database protocols (e.g., ODBC, JDBC, and protocols for Oracle, Sybase, and Microsoft SQL Server)

The book's complete list of resources includes the location of many publicly available firewall construction tools.

TCP/IP Network Administration

Craig Hunt

TCP/IP Network Administration, 2nd Edition is a complete guide to setting up and running a TCP/IP network for administrators of networks of systems or users of home systems that access the Internet. It starts with the fundamentals: what the protocols do and how they work, how addresses and routing are used to move data through the network, and how to set up your network connection.

Beyond basic setup, this new second edition discusses advanced routing protocols (RIPv2, OSPF, and BGP) and the gated software package that implements them. It also provides a tutorial on how to configure important network services, including PPP, SLIP, sendmail, Domain Name Service (DNS), BOOTP and DHCP configuration servers, and some simple setups for NIS and NFS. There are also chapters on troubleshooting and security. In addition, this book is a command and syntax reference for several important packages, including pppd, dip, gated, named, dhcpd, and sendmail.

Contents include:

* Overview of TCP/IP
* Delivering the Data
* Network Services
* Getting Started
* Basic Configuration
* Configuring the Interface
* Configuring Routing
* Configuring DNS Name Service
* Configuring Network Servers
* sendmail
* Troubleshooting TCP/IP
* Network Security
* Internet Information Resources

Appendixes include: dip, pppd and chat reference; a gated reference; a named reference; a dhcpd reference; and a sendmail reference

Covers Linux, BSD, and System V TCP/IP implementations.


Cricket Liu
Paul Albitz
Mike Loukides

DNS and BIND discusses one of the Internet's fundamental building blocks: the distributed host information database that's responsible for translating names into addresses, routing mail to its proper destination, and many other services. As the authors write in the preface, if you're using the Internet, you're already using DNS -- even if you don't know it.

The third edition covers BIND 4.9, on which most commercial products are currently based, and BIND 8, which implements many important new features and will be the basis for the next generation of commercial name servers. It also covers topics like DNS security (greatly improved with BIND 8.1), asynchronous notification of changes to a zone, dynamic updates, and programming with Perl's Net::DNS module.

Whether you're an administrator involved with DNS on daily basis, or a user who wants to be more informed about the Internet and how it works, you'll find that this book is essential reading.

Topics include:

* What DNS does, how it works, and when you need to use it
* How to find your own place in the Internet's name space
* Setting up name servers
* Using MX records to route mail
* Configuring hosts to use DNS name servers
* Subdividing domains (parenting)
* Securing your name server: restricting who can query your server, preventing unauthorized zone transfers, avoiding bogus name servers, etc.
* Mapping one name to several servers for load sharing
* Troubleshooting: using nslookup, reading debugging output, common problems
* DNS programming, using the resolver library and Perl's Net::DNS module

TCP/IP Illustrated, Volume 1 - The Protocols

W. Richard Stevens

TCP/IP Illustrated, Volume 1: The Protocols is an excellent text that provides encyclopedic coverage of the TCP/IP protocol suite. What sets this book apart from others on this subject is the fact that the author supplements all of the discussion with data collected via diagnostic programs; thus, it is possible to "watch" the protocols in action in a real situation. Also, the diagnostic tools involved are publicly available; the reader has the opportunity to play along at home. This offers the reader an unparalleled opportunity to really get a feel for the behavior of the protocols in day-to-day operation. TCP/IP Illustrated, Volume 1: The Protocols features clear discussions and well-designed figures.

Syndicate content