Computer Security

Nothing to Snort at: From Publication to Product at DEFCON2014

By: , Posted on:

snortAs authors of technical books, we run into unique challenges that are very different from other facets of the publishing industry. Technology changes very quickly so our updates must be done rapidly as compared to the sciences where nature tends to remain relatively stable. Our work is rarely considered “pleasure reading” so we never end up with the fame or following that mainstream authors have an opportunity to achieve. We have a limited audience so even a bestselling technical book means that the knowledge you’ve tried to impart has only reached a small portion of the population. And frankly, it doesn’t make you a millionaire by any means. But we keep doing it because we love it and seeing your work make any positive impact at all is reward enough.

However, I’ve learned this week that it’s possible for great things to come from the work that we do. In 2002 and 2003, I was co-authoring a book called “Snort 2.0 Intrusion Detection” discussing the topic of the Snort intrusion detection system. One of the chapters that I wrote was “Advanced Snort” and covered some of the more unique things that could be done with this software. One of the emerging technologies at the time was the use of Intrusion Prevention Systems instead of just Intrusion Detection Systems. This seemed like a good advanced topic for Snort if I could find a way to use Snort in this unique, more advanced, manner. There was some foundational work for using Snort in an inline manner as well and by combining these concepts, I felt that a new conceptual design could be built.

Penetration Tester's Open Source Toolkit coverReal life happens to authors too and I remember very distinctly the events surrounding my work on this particular topic. Due to a family emergency, a cross-country road trip was necessary for my family and I just as my deadline was approaching for completing this chapter. The result involved pulling all of the seats except the bench seat out of the back of a minivan, setting up a (large) power inverter, and installing four laptops and two network switches in the back of said minivan so that I could continue to experiment and write while my better half hauled us to our destination. I fleshed out the design, made it work, wrote out how to use this unique concept, and the information was published as scheduled.

Fast forward a little over a decade. Like many security professionals, I enjoy attending Defcon on an annual basis to touch base with friends in the industry, see what’s new in the field, and bask in the knowledge that gets shared at the event. This year, I was doing the obligatory run through the vendor area and ran across something a little different. A company called Itus Networks had a booth where they were starting up a Kickstarter project for a product named iGuardian. This device is marketed as an “Internet protection system designed specifically for home use” and I stopped and talked with them about it for a few minutes. As we chatted and they talked about their design, they described the use of Snort functioning like a bridge in order to provide the intrusion prevention capabilities that the product offers. I was floored.

After over a decade, the concepts and designs that I discussed as part of the early work in this field were finally making it into the consumer market and in a way that can make a positive difference for the average home user. Words cannot describe the honor that I felt when I found out that, in some way, my work influenced something that can actually make a positive impact on the overall security for the average home user. Something well above and beyond anything that has been offered by traditional hardware vendors.

Enterprise Applications Adminstration coverMoments like this for technical authors are beyond rare. Readers of our work rarely see the face behind the book and we, in turn, rarely know if what we’ve written has been of any use. After seeing this, I wanted to take a moment and thank you, the readers of our work, for taking the knowledge that we try to provide and using it to do great things. There is no greater compliment than to see others take what we’ve done and turn it into something real, something tangible, and something valuable. This makes all of the work that goes into these books worthwhile and provides a connection with our readers that is unique and powerful. So, to my readers and the readers of all technical authors, thank you. Keep doing amazing things.

Jeremy’s books are available for purchase on the Elsevier Store here and you can save up to 30% on them by using discount code “STC3014″ at checkout!

About the Author

jeremy faircloth LI biopicJeremy Faircloth (Twitter: @faircloth_j) is an IT practitioner with a background in a wide variety of technologies (CISSP, Security+, CCNA, MCSE, MCP+I, A+) as well as experience managing technical teams at multiple Fortune 50 companies. He is a member of the Society for Technical Communication and frequently acts as a technical resource for other IT professionals through teaching and writing, using his expertise to help others expand their knowledge.

Described as a “Renaissance man of IT” with over 20 years of real-world IT experience, he has become an expert in many areas including Web development, database administration, enterprise security, network design, large enterprise applications, and project management. Jeremy is also an author that has contributed to over a dozen technical books covering a variety of topics and teaches courses on many of those topics.

You can read more about Jeremy, his work and thoughts on computer security at his personal blog, FairclothSec here.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Securing computer systems is crucial in our increasingly interconnected electronic world. With so many business, consumer, and governmental processes occurring online, a growing potential exists for unauthorized access, change, or destruction of those processes. For years, Elsevier’s Syngress imprint has helped computer and information security professionals learn theory, strategy, and…

Read more




Browse other articles in this category: