This book presents a front-to-back solution for building an IDS and includes quite a few example scripts and code snippets.
Network security is a hot topic these days, and intrusion detection systems are playing a greater role in network security. Refeeq Ur Rehman's book Intrusion Detection with SNORT, Apache, MySQL, PHP, and ACID claims to explain and simplify all aspects of SNORT, from building to managing an intrusion detection system (IDS) in your network.
This book presents a front-to-back solution for building an IDS and includes quite a few example scripts and code snippets. It is a good technical treatment of installing and configuring SNORT and running the IDS in conjunction with Apache, MySQL, PHP and ACID.
The coverage of SNORT rules is helpful, because Rehman provides examples and an explanation of what makes a good or bad rule. He discusses several plugins and output modules and explains what each one does and how to integrate it into the IDS. Most interesting to me was the inclusion of a MySQL database for logging and the use of Analysis Console for Intrusion Detection (ACID) to create a Web interface. SnortSnarf is discussed as an alternative for presenting SNORT data over the Web. Barnyard, SnortSam and IDS Policy Manager are other useful tools covered in the text.
Most of the information pertaining to installing and using SNORT is readily available in the SNORT documentation or on the Web. Nonetheless, this book is a useful and handy reference.
I noted a few grammatical and technical errors in the book; however, they are unlikely to diminish its readability or value. Although the book covers SNORT version 1.9, much of Rehman's material should apply to version 2.0 as well. Appendices include a MySQL primer, introduction to tcpdump and packet header formats.