Interview with Rafeeq Ur Rehman, author of "Intrusion Detection with SNORT"
by Mirko Zorz - Monday, 21 July 2003.
Who is Rafeeq Ur Rehman? Introduce yourself to our readers.

I am working as Managing Consultant at Dedicated Technologies Inc. where we provide services related to enterprise security and IT management. In my spare time, I also work on open source and free software projects with my friends at Argus Network Security Services. We have made a free version of Snort based EasyIDS for Linux as a community service. I have bachelor and masters degrees in Electrical and Computer Engineering from the University of Engineering and Technology Lahore. I have authored four books, two of these are under Bruce Perens' Open Source Series. This series is aimed at creating open books which are feely downloadable and modifiable. I believe that this is an excellent community service to promote open source software.

How did you get interested in computer security?

It started with my Masters Degree thesis where I had to test efficiency of some firewall products. Since then I have been working with security products one way or the other. The computing and networking infrastructure is a universal asset and all of us are benefiting from the ubiquitous computing resources available all over the world. I think working for security of this infrastructure is more than a job and is very important for business as well as future of computing community itself. Best of all, it provides new challenges every day and I love it.

Do you have any favorite security tools?

My favorite tools are Nessus and nmap. These are great tools for assessment of security of your networks and to plug holes that may be exploited by hackers. Other than these two tools, my best security friend is Ethereal which is an excellent protocol analyzer.

How long did it take you to write "Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID" and what was it like?

It took about 10 months to write and publish the book. This is published under Bruce Perens' Open Source series. This was one of the first initiatives to publish documentation on Snort in the form of a book and I am glad it worked well.

In your opinion, what are the most important things an administrator has to do in order to keep a network secure?

Being proactive is the single most important thing for security administrators. It is good to subscribe some security alert mailing lists to keep yourself up-to-date on new security issues. Keep the network holes plugged in all times, which is a continuous job. Intrusion detection is one way of proactive approach where you keep an eye on what hackers are trying to exploit. Based upon IDS data you can work on problems before they grow in magnitude. That is why use of Snort and other tools is very important and spending resources on IDS is justified. And beware of internal users! I repeat, beware of internal users.

Based on your experiences, do you find proprietary software or open source software to be more secure?


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th