Comment Re:I'm still waiting... (Score 2, Informative) 123
The book ends with some more advanced content, namely using Snort as an Intrusion Prevention device. You can setup Snort to block packets that match a signature, using Inline Snort, or you can have Snort reconfigure routers and firewalls to block offending IP addresses, using SnortSam. I've experimented with Inline Snort as part of a honeypot, but, as the author points out, this is not yet production-safe, as it can easily be used by attackers to disrupt network availability.
Hey, Koziol's book covers Intrusion Prevention and IPS. Lots of detail.
Hey, Koziol's book covers Intrusion Prevention and IPS. Lots of detail.