Intrusion Detection with Snort

Front Cover
Sams, 2003 - Computers - 340 pages
1 Review
Annotation A thorough, definitive guide to installing, configuring, and maintaining the leading open-source intrusion detection system. Snort is the most widely used open-source security system for small to medium businesses, with over 100,000 installations worldwide. Author is the information security officer at a bank in Chicago, where he architected a Snort-based intrusion detection system. Book covers basic maintenance and deployment, as well as the majority of's common help requests. With over 100,000 installations, the Snort open-source network intrusion detection system is combined with other free tools to deliver IDS defense to medium-to-small-sized companies, changing the tradition of intrusion detection being affordable only for large companies with large budgets. Until now, Snort users had to rely on the official guide available on That guide is aimed at relatively experienced Snort administrators and covers thousands of rules and known exploits. The lack of usable information made using Snort a frustrating experience. The average Snort user needs to learn how to actually get their system up and running. Snort Intrusion Detection provides readers with practical guidance on how to put Snort to work. Opening with a primer to intrusion detection and Snort, the book takes the reader through planning an installation to building the server and sensor, tuning the system, implementing the system and analyzing traffic, writing rules, upgrading the system, and extending Snort. Jack Koziol has been working in computer security since 1998. As the information security manager at a medical transcription company he set up a number of Snort systems for partner hospitals. He is currently the information security officer at a major bank in Chicago, where he has architected a Snort-based intrusion detection system for online banking and has also developed a security blueprint for an online currency exchange that is expected to have 100+ locations by the end of 2003. In addition to his work at the bank he also contributes to Information Security magazine.

What people are saying - Write a review

We haven't found any reviews in the usual places.

About the author (2003)

Jack Koziol is the Information Security Officer at a major Chicago-area financial institution, responsible for security enterprise-wide. Previously, he has held information security positions at an online health care company and a point-of-care Internet-based pharmacy. Jack has written for Information Security magazine, and released several whitepapers on intrusion detection. He teaches the CISSP and "Hack and Defend" courses.

Jack has architected, maintained, and managed Snort and other IDS technologies in large production environments since 1998. He has also written Snort signature sets designed for specific applications.

Bibliographic information