snort.org recommended reading? (was Re: General Snort Help!)

[twig les <twigles () yahoo com>]

I was reading this message and thinking that maybe it
would be a good idea for snort.org to have a little
tab under the /docs page for recommended reading
(books).  I didn't want to suggest it since snort
developers may not want to seem to endorse certain
authors, but then Ereks reply named 4 books, the first
3 which had popped into my head.  Specifically the two
Northcutts and the Stevens books.

Just a thought.


--- Erek Adams <erek () snort org> wrote:
> On Tue, 21 Jan 2003, Lorraine Cannavale wrote:
>
> > Hello, I am very new at the whole Intrusion
> Detection Process and especially
> > snort.
> > There is a network administrator here that has
> installed an IDS utilizing
> > snort, etc and is responsible for maintaining the
> system.
> > I was hired by the Security Administrator to help
> monitor the alerts on a
> > daily basis, analyze the data, and help reduce the
> false positives.
> > So, I have the easy job, but I'm having major
> difficulties understanding
> > what the alerts actually mean and deciphering what
> is a false positive, true
> > intrusion, or just an informational alert.  I have
> read the Snort user
> > manual, understand how to read the rules, and have
> found some information on
> > the alerts, but it is still confusing to me.
> >
> > Can anyone recommend additional resources that
> would help me (books, on-line
> > manuals, or web sites)?
> > I've read emails from the Snort mailing list and
> this all seems to make a
> > lot of sense to everyone else, I'm curious how you
> all obtained your
> > knowledge and if there is anything you can share
> with me!?
>
> [...snip...]
>
> In my opinion, in order of need/usefulness:
>
> TCP/IP Illustrated, Volume 1 The Protocols by W.
> Richard Stevens
>      ISBN 0201633469
>
> Network Intrusion Detection An Analyst's Handbook by
>  Stephen Northcutt
>      ISBN 0735708681
>
> Intrusion Signatures and Analysis by Stephen
> Northcutt
>      ISBN 0735710635
>
> Intrusion Detection by Rebecca G. Bace
>      ISBN 1578701856
>
> The rest....  Well, just get on a .edu network and
> learn.  ;-)
>
> Hope that's of some help!
>
> -----
> Erek Adams
>
>    "When things get weird, the weird turn pro."  
> H.S. Thompson
-------------------------------------------------------
> This SF.net email is sponsored by: Scholarships for
> Techies!
> Can't afford IT training? All 2003 ictp students
> receive scholarships.
> Get hands-on training in Microsoft, Cisco, Sun,
> Linux/UNIX, and more.
> www.ictp.com/training/sourceforge.asp
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or
> unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
Know yourself and know your enemy and you will never fear defeat.         
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com


-------------------------------------------------------
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
www.ictp.com/training/sourceforge.asp
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users