FREE Delivery in the UK.
Only 1 left in stock (more on the way).
Dispatched from and sold by Amazon. Gift-wrap available.
Intrusion Detection with ... has been added to your Basket
FREE Delivery on orders over £10.
Condition: Used: Good
Comment: See item-Condition. Fulfillment by
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 3 images

Intrusion Detection with Snort Paperback – 20 May 2003

See all formats and editions Hide other formats and editions
Amazon Price
New from Used from
"Please retry"
£22.35 £1.59
Note: This item is eligible for click and collect. Details
Pick up your parcel at a time and place that suits you.
  • Choose from over 13,000 locations across the UK
  • Prime members get unlimited deliveries at no additional cost
How to order to an Amazon Pickup Location?
  1. Find your preferred location and add it to your address book
  2. Dispatch to this address when you check out
Learn more
£36.99 FREE Delivery in the UK. Only 1 left in stock (more on the way). Dispatched from and sold by Amazon. Gift-wrap available.
click to open popover

Special Offers and Product Promotions

Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone

To get the free app, enter your mobile phone number.

Product details

Product Description

From the Back Cover

With over 100,000 installations, the Snort open-source network instrusion detection system is combined with other free tools to deliver IDS defense to medium - to small-sized companies, changing the tradition of intrusion detection being affordable only for large companies with large budgets.

Until now, Snort users had to rely on the official guide available on That guide is aimed at relatively experience snort administrators and covers thousands of rules and known exploits.

The lack of usable information made using Snort a frustrating experience. The average Snort user needs to learn how to actually get their systems up-and-running.

Snort Intrusion Detection provides readers with practical guidance on how to put Snort to work. Opening with a primer to intrusion detection and Snort, the book takes the reader through planning an installation to building the server and sensor, tuning the system, implementing the system and analyzing traffic, writing rules, upgrading the system, and extending Snort.

About the Author

Jack Koziol is the Information Security Officer at a major Chicago-area financial institution, responsible for security enterprise-wide. Previously, he has held information security positions at an online health care company and a point-of-care Internet-based pharmacy. Jack has written for Information Security magazine, and released several whitepapers on intrusion detection. He teaches the CISSP and "Hack and Defend" courses.

Jack has architected, maintained, and managed Snort and other IDS technologies in large production environments since 1998. He has also written Snort signature sets designed for specific applications.

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

There are no customer reviews yet on
5 star
4 star
3 star
2 star
1 star

Most Helpful Customer Reviews on (beta) 4.2 out of 5 stars 15 reviews
16 of 16 people found the following review helpful
5.0 out of 5 stars Amazing book 5 Aug. 2003
By Mark Benson - Published on
Format: Paperback
This is one of those "essential, have to have" books. I just got through all of the examples and finished building out a 3-tiered snort network for the company where I work as a senior security engineer. We previously had some older, expensive, ISS realsecure equipment in place, and I made the case to managment to replace the RealSecure stuff with open-source Snort. It wasn't that hard, the maintence cost for an upgrade was going to be more than my whole entire Snort-based design. My company had good experiences with apache on red hat, so it wasn't a super hard sell. Times are tough, and managment is looking for ways to cut costs.
This book got me there. I was able to get the meaty technical details I needed, and couldn't find answers to online. Im a highly technical person, Im no (dummy) who gets scared of the command line. Id scoured the website, mailing lists, newsgroups, securityfocus lists, but they lacked in a lot of areas. Especially, the online articles dont talk about using snort in a corporate or enterprise-size setting. I picked up this book and I was able to put in a very highly effective tuned snort install. I also have moved on to advanced topics, like creating my own custom rules that apply only to my company's network. I use these 20 or so rules to catch traffic that is not supposed to be on my network, but might be normal somewhere else, so there is no offical rule for them.
In short, this is the best book ive read in a few years, at least for a technical book.
13 of 13 people found the following review helpful
5.0 out of 5 stars Impressive book 30 Jun. 2003
By Mark Stanoff - Published on
Format: Paperback
I've seen a bunch of reviews for this book on security and open source websites on the internet. I usually don't buy paper books, I prefer to read online howtos and go to the library to check something out. I only buy something if I really think ill be able to get practical skills out of it (such as the Perl Cookbook, etc.) After reading the slashdot review on this book, I figured that it was time I learn snort and intrusion detection.
Let me say first, if you are going to actually implement everything in this book, getting through it is going to take some time. This isn't the kind of thing you can learn totally in one night, or even one week. There are just tons of examples and intrusion detection strategies to work through. I like how the author goes through several real-world examples in each chapter, such as teaching you step by step on how to write a snort signature or rule from a raw packet capture. Nowhere on the internet have I seen this, trust me ive looked hard.
Also, the book goes beyond using snort. There are a bunch of tools you need to use with snort in order for it to work well. Snort doesnt have any real time email alerting features, remote signature update tools, or even a GUI interface!! All of these things are seperate, and you can't really use snort in the real world without them. This is why I bought this book instead of the other 2 that are out there.
8 of 8 people found the following review helpful
5.0 out of 5 stars Broader in scope, not just snort 10 July 2003
By Ma, Tien Jui - Published on
Format: Paperback
Unlike the "Snort 2.0 Intrusion Detection", this book talks more on intrusion detection. If you are a planner on intrusion detection, this book is a perfect match. If you are the engineer setting up snort, the "Snort 2.0 Intrusion Detection" might be easier to follow.
6 of 6 people found the following review helpful
4.0 out of 5 stars Helpful book, Linux-centric 29 Dec. 2003
By Keith Tokash - Published on
Format: Paperback Verified Purchase
This is a very handy book, if only because it presents a lot of Snort documentation in a friendly, easy-to-read format. Is every chapter a joyous literary experience? No. But it beats reading manpages and after a few hours of reading from my monitor my eyes sting.
So the material.... This book introduces Snort, what it is/does, etc, then moves on to how it works. I really enjoyed chapter 3, which looks into all the preprocessors and a brief desciption of Snort's order of operations and modularity.
I would especially recommend chapters 4 and 5 to new Snorters since design issues comprise a huge part of the questions posed to the Snort mailing list, most of which have easy or standard answers. After that, the installation/configuration chapters demonstrate how to get a running setup using RedHat.
I've read a couple complaints in earlier reviews that these instructions don't work and I must say that it is exceedingly difficult to write an installation procedure that incorporates half a dozen different pieces of software, all of which are under seperate development. I actually know about this because I maintain the FreeBSD install guide on the snort site and the instructions that work one week are slightly off the next week. Use the instructions in this book as a guide and you probably won't have much dirty work to figure out on your own.
The rest of the book gets into the nitty-gritty of using Snort and I think it does a pretty good job. This includes tuning signature sets to use less memory/CPU and to generate more reliable alerts. False positives are the bane of the IDS world. If you're new to Snort/IDS then you'll enjoy learning of several great tools like Swatch and Barnyard that this book explores.
Overall I think this book is well worth the 31 clams I coughed up on Amazon.
6 of 6 people found the following review helpful
5.0 out of 5 stars The Art of Intrusion Detection and Snort 9 Oct. 2003
By Dan Kegel - Published on
Format: Paperback
I teach networking and security courses at a local unversity, and I have been using this book for a portion of the courseware this semester. A significant portion of the course is hands-on, and this book helps my students understand how intrusion detection is used in the real world.
The chapter on creating rules from packet captures is invaluable --- as is the Snort internals chapter. I understand how Snort works, how to deploy it, and most importantly, the pragmatic side of using Snort in the real world.
This is by far the best of the Snort books out right now, the others are either low on detail or are extremely poorly written. The Snort 2.0 book was disappointing. I was expecting it to be the best book, it stuffed with filler chapters, and overly wordy.
Were these reviews helpful? Let us know