Nessus, Snort, & Ethereal Power Tools Customizing Open Source Security Applications
By Brian Caswell, Gilbert Ramirez, Jay Beale, Noam Rathaus, Neil Archibald
HIGHLIGHT
Snort, Nessus, and Ethereal are the three most popular open source security tools in the world, and Syngress has published the best-selling reference books for all three. This new book is a “must have” for all three, that teaches readers how to customize each tool for their particular needs and provides them with dozens of working tools and scripts from the companion Web site. |
Customize Your Own Custom Rules, Plug-ins, and Filters
Date: Aug 2005
Pages: 400 (est.)
User level: All |
DESCRIPTION
This book will cover customizing Snort to perform intrusion detection and prevention; Nessus to analyze the network layer for vulnerabilities; and Ethereal to “sniff” their network for malicious or unusual traffic. The book will also contain an appendix detailing “the best of the rest” open source security tools. Each of these tools is intentionally designed to be highly customizable so that users can torque the programs to suit their particular needs. Users can code their own custom rules, plug-ins, and filters that are tailor-made to fit their own networks and the threats which they most commonly face. The book describes the most important concepts of coding and customizing tools, and then provides readers with invaluable working scripts that can either be used as is or further refined by using knowledge gained from the book.
KEY
SELLING POINTS
- Snort, Nessus, and Ethereal are the three most popular open source security tools in the world.
- Only book that teaches readers how to customize these tools for their specific needs by coding rules, plugins, and filters.
- Companion Web site provides all working code and scripts from the book for download.
MARKET
INFORMATION
Nessus, Ethereal, and Snort are the three most popular open source security tools in the world respectively and they are essential tools used by almost every network security professional. Each of these applications has an installed base of well over 1,000,000 users.
Ours is the only book to specifically provide succinct coverage of customizing the most recent versions of Snort, Nessus, and Ethereal. The Sams and PTR books are reference books on older versions of Snort. “Managing Security with Snort and IDS Tools” deals only with IDS tools and is also more of a reference book. While “Snort Cookbook” is more prescriptive, it deals only with Snort and does not cover Nessus and Ethereal.
ABOUT
THE AUTHOR
Gilbert Ramirez was the first contributor to Ethereal after it was announced to the public and is known for his regular updates to the product. He has contributed protocol dissectors as well as core logic to Ethereal. He is a systems engineer at a large company with network-related products, where he works on tools and software build systems.
Neil Archibald is a security professional from Sydney, Australia. He works for Computer Sciences Corporation (CSC) as a member of a team called Strike Force and develops IDS. He has a strong interest in systems internals, code auditing/exploit development, and development.
Brian Caswell, snort.org webmaster, is a highly respected member of the Snort community and is the primary person responsible for maintaining the rules that drive the Snort intrusion detection system.
Jay Beale is Series Editor of the Jay Beale Open Source Security Series and lead developer of the Bastille project, which creates a hardening script for Linux, HP-UX, and Mac OS x. He is a security specialist focused on host lockdown and security audits. He is the Lead Developer of the Bastille project, which creates a hardening script for Linux, HP-UX, and Mac OS X, a member of the Honeynet Project, and the Linux technical lead in the Center for Internet Security. A frequent conference speaker and trainer, Jay speaks and trains at the Black Hat Briefings and LinuxWorld conferences, among others. Jay is a columnist with Information Security Magazine.
Noam Rathaus is the co-founder and CTO of Beyond Security, a company specializing in the development of enterprise-wide security assessment technologies, vulnerability assessment-based SOCs (security operation centers) and related products. He holds an electrical engineering degree from Ben Gurion University, and has been checking the security of computer systems from the age of 13. Noam is also the editor-in-chief of SecuriTeam.com, one of the largest vulnerability databases and security portals on the Internet. He has contributed to several security-related open-source projects including an active role in the Nessus security scanner project. He has written over 150 security tests to the open source tool's vulnerability database, and also developed the first Nessus client for the Windows operating system. Noam is apparently on the hit list of several software giants after being responsible for uncovering security holes in products by vendors such as Microsoft, Macromedia, Trend Micro, and Palm. This keeps him on the run using his Nacra Catamaran, capable of speeds exceeding 14 knots for a quick getaway. He would like to dedicate his contribution to the memory of Haim Finkel.
TECHNOLOGY
BACKGROUND
Snort, Nessus, and Ethereal are all open source security and performance monitoring tools. Snort is an Intrusion Detection System (IDS), which is a software tool used to detect unauthorized access to a computer system or network. Nessus is a vulnerability scanner that surveys an entire network to identify holes (or vulnerabilities) that can be exploited by malicious hackers. Ethereal is a packet sniffer which decodes and dissects packets as they travel across a network. Each of these applications, however, merely provides the user with the “building blocks” to perform their respective tasks. That is, Snort is useless at detecting intrusions unless you define what you consider an intrusion to be by writing “rules.” Nessus can scan your network for a year without finding a single vulnerability unless you have coded the “plug-ins” which both define your network and the known vulnerabilities. Ethereal will report every single bit and byte that travels across your network to you (an unimaginably large and useless amount of data for even the smallest network) until you tell it what traffic you know to be normal and acceptable, and what traffic you are concerned about. The fact that each of these applications is open source, means that users are allowed and encouraged to code these tools which actually make these applications useful themselves. |
