Monday, July 12, 2004

Review of Snort 2.1 Posted just posted my four star review of Snort 2.1. Several quotes from my review of Snort 2.0 appear in the new book, even though I also gave that first edition four stars. From the end of the review of the new edition:

"I would enjoy seeing three improvements in the third edition. First, thoroughly scrub the book for old information. Watch out for people writing about 'Cerebus' or http_decode or offerings from Silicon Defense, whose Web site disappeared in early 2004. Second, tell people to read the excellent Snort manual before reading the book. There's no need to address topics well-covered in the manual, like all of the IP- and TCP-based rule options. Third, ditch the existing rules chapter in favor of two new ones, one explaining principles via existing rules, and one showing advanced rule development.

I still recommend buying this book, but you might guide your reading choices by the comments in this review."

No comments: