Editorial Reviews
Book Description
If you have Snort, Nessus, and Ethereal up and running and now you're ready to customize, code, and torque these tools to their fullest potential, then this book is for you. The authors of this book provide the inside scoop on coding the most effective and efficient Snort rules, Nessus plug-ins with NASL, and Ethereal capture and display filters. When done with this book, you will be a master at coding your own tools to detect malicious traffic, scan for vulnerabilities, and capture only the packets YOU really care about.
Each chapter contains dozens of working code examples. Snort is an amazingly flexible application with a rules-based engine allowing you to collect and correlate packets based on the rules you design. The Snort rules section of this book teaches you to read, write, and understand these rules for your IDS sensors. You will learn rule development schematics, proper testing procedures, techniques for enhancing the speed of your rules, and tips for using Berkeley Packet Filters and subnet masks within a rule.
The Nessus Attack Scripting Language (NASL) allows you to create self contained scripts for vulnerability scanning using the Nessus engine (nessusd). NASL allows you to write plug-ins that perform network security checks and almost any other type of network-wide test. In this section, you will learn the intricacies of the "script description" and "script body," the NASL Protocol APIs, string manipulation, and more. Ethereal provides "capture filters," which allow you to capture only the packets you are interested in and "display filters," which allow you to specify which packets are then shown in Ethereal's Graphical User Interface. This section teaches you to write capture filters and how to work with tcpdump; host names and addresses; MAC addresses; ports; logical operations; protocols; and protocol fields.
Nessus, Snort, & Ethereal Power Tools : Customizing Open Source Security Applications (Jay Beale's Open Source Security),Brian Caswell,Gilbert Ramirez,Jay Beale,Noam Rathaus,Syngress,1597490202,Computer Bks - General Information,Computer Books: General,Computers,Networking - Intranets & Extranets,Networking - Local Area Networks (LANs),Security - General,Computers / Security,Snort, Nessus, Ethereal, open source, rules, plugins, captures, NASL, Nessus Attack Scripting Language, intrusion detection system, IDS, packet sniffer, packet sniffing, network scanning, network assessment, network auditing, packets, vulnerability, exploit, hacking, capture filters, display filters, nikto, HTTP, FTP, brute force, Trojan horse, false positives, vulnerability fingerprinting, knowledge base, Ethernet, TCP/IP, protocols, Tethereal, Editcap, Mergecap, WinCap, libcap, binary, source code, MAC addresses, bitwise operators, Boolean, byte, TCP scan, SYN scan, Xmas scan, Null scan, PCAP, OSI model, preprocessors, portscan, SNMP, ICMP, frag2, barnyard, ACID
Books:
Books