 syslog
In a call for papers that we ran a few years ago, the technical editor asked for articles covering
intrusion detection tools "but not Snort" because we had recently run several articles
on Snort, and it seemed as if we'd covered it sufficiently for the time being. Time goes on,
however, and there are lots of new things to say about Snort, which is "the most widely deployed
intrusion detection and prevention technology worldwide" according its Web site. In this
issue, three articles provide different perspectives on using Snort.
In "Tuning Snort", Richard Bejtlich explains how to tune Snort to reduce the number
of alerts it produces, thus increasing security and improving an administrator's productivity
all at the same time.
Matthew Jonkman contributes "Three Free Tools to Detect and Prevent Spyware and Malware
at the Network Perimeter", in which he describes some open source tools and techniques, such
as DNS blackholing, user agent filtering, and various intrusion detection software, that can
help increase your system's security. Jonkman, by the way, is the co-founder of Bleeding
Snort, which is "a Free Zone for Snort IDS signature development, and a number of other related
security projects." According to the home page, this site takes Snort Signatures and organizes
them into coherent rulesets, then distributes them free of charge to all who are interested. At
the time of writing, the site had just posted a call for a few admins to help review and process new
data sources. So, for more information on Bleeding Snort and how to contribute to this effort, please
see: http://www.bleedingsnort.com/.
Russ McRee also talks about Snort in his article, "Extrusion Detection with Aanval and
Bleeding Edge Snort". McRee focuses on the use of Aanval (a data management and analysis console
designed specifically for Snort) in conjunction with Bleeding Snort rules to detect spyware as
well as IM and P2P network violations. You can learn more about this "extrusion detection"
approach in Richard Bejtlich's new book, Extrusion Detection: Security Monitoring for
Internal Intrusions, which was reviewed on UnixReview.com at:
http://www.unixreview.com/documents/s=10083/ur0605h/ur0605h.html
Also on UnixReview.com in recent days, Marcel Gagné's "Linux Game of the Month"
covered SolarWolf, which Marcel says is a "superb" arcade-style game inspired by the
old Atari game, SolarFox. Ed Schaefer's "Shell Corner" column featured "Bash
Dynamically Loadable Built-In Commands" by Chris F.A. Johnson, which you can read at:
http://www.unixreview.com/documents/s=10089/ur0606a/ur0606a.htm
And, Emmett Dulaney examined the new Ubuntu Professional Certification. If you need some experience
with Ubuntu Linux before tackling professional certification, check out Marcel Gagné's
brand new book Moving to Ubuntu Linux, which is due to be published in August by Addison-Wesley;
see: http://www.marcelgagne.com/mtubuntu.html for more information.
Also, please note that we're currently working on a Linux supplement to accompany the
October "Server Management" issue. It's not too late to submit an article for
consideration in either of these issues. If you'd like to contribute, please send your proposals
and manuscripts to Rikki Endsley (rendsley@cmp.com), and she'll provide all the details
of our process.
Sincerely yours,
Amber Ankerholz
Editor in Chief
|