MOST EXCELLENT!!

Are you a network security administrator who has Nessus, Snort and Ethereal up and running? If you are, then this book is for you! Authors Brian Caswell, Gilbert Ramirez, Jay Beale and Noam Rathaus, have done an outstanding job of writing a book that shows you how to customize, code and torque Nessus, Snort and Ethereal to their fullest potential.

Caswell, Ramirez, Beale and Rathaus, begin by covering the inner workings of NASL. Then, the authors shows you how to debug NASLs. They continue by showing you how to use extensions and custom tests. Next, the authors cover Nessus' include files implementation of the SMB protocol, followed by Nessus' include files implementation of Windows-related hotfix and service pack verification. Then, they underline the steps that must be taken so that Nessus can incorporate support for NTLM. They also present several tools to automate and simplify plugin creation. Then, they help readers understand Snort code. The authors continue by showing you how to write your own custom Snort rules. They also show you how to navigate the Snort source tree. Next, the authors show you how to modify the Snort source code to solve an otherwise difficult task. Then, they show you how to enable Ethereal to read from new data sources. They continue by showing you how to program your own protocol dissector, either linked into Ethereal or as a plugin. Finally, the authors show you how to take advantage of Ethereal's that open source programmers have created for collection of dissectors.

The authors of this most excellent book provide the inside scoop on coding the most effective and efficient Snort rules. More importantly, after reading this book, you will be a master at coding your own tools to detect malicious traffic.

Other Reviews

• Hoping for a bit more.
• MOST EXCELLENT!!
• Excellent continuation of Jay Beale's Open Source Security Series