•
•
•
•
•
•
TableofContents
Index
Reviews
ReaderReviews
Errata
Academic
ManagingSecuritywithSnortandIDS
Tools
ByKerryJ.Cox,ChristopherGerg
Publisher :O'Reilly
PubDate :August2004
ISBN :0-596-00661-6
Pages :288
Thispracticalguidetomanagingnetwork
securitycoversreliablemethodsfordetecting
networkintruders,fromusingsimplepacket
snifferstomoresophisticatedIDS(Intrusion
DetectionSystems)applicationsandtheGUI
interfacesformanagingthem.A
comprehensiveresourceformonitoringillegal
entryattempts,ManagingSecuritywithSnort
andIDSToolsprovidesstep-by-step
instructionsongettingupandrunningwith
Snort2.1,andhowtoshutdownandsecure
workstations,servers,firewalls,routers,
sensorsandothernetworkdevices.
•
•
•
•
•
•
TableofContents
Index
Reviews
ReaderReviews
Errata
Academic
ManagingSecuritywithSnortandIDS
Tools
ByKerryJ.Cox,ChristopherGerg
Publisher :O'Reilly
PubDate :August2004
ISBN :0-596-00661-6
Pages :288
Copyright
Preface
Audience
AboutThisBook
AssumptionsThisBookMakes
ConventionsUsedinThisBook
ChapterSynopsis
CommentsandQuestions
Acknowledgments
Chapter1.Introduction
Section1.1.DisappearingPerimeters
Section1.2.Defense-in-Depth
Section1.3.DetectingIntrusions(aHierarchyofApproaches)
Section1.4.WhatIsNIDS(andWhatIsanIntrusion)?
Section1.5.TheChallengesofNetworkIntrusionDetection
Section1.6.WhySnortasanNIDS?
Section1.7.SitesofInterest
Chapter2.NetworkTrafficAnalysis
Section2.1.TheTCP/IPSuiteofProtocols
Section2.2.DissectingaNetworkPacket
Section2.4.Installingtcpdump
Section2.6.ExaminingtcpdumpOutput
Section2.8.ethereal
Section2.3.PacketSniffing
Section2.5.tcpdumpBasics
Section2.7.Runningtcpdump
Section2.9.SitesofInterest
Chapter3.InstallingSnort
Section3.1.AboutSnort
Section3.2.InstallingSnort
Section3.3.Command-LineOptions
Section3.4.ModesofOperation
Chapter4.KnowYourEnemy
Section4.1.TheBadGuys
Section4.2.AnatomyofanAttack:TheFivePs
Section4.3.Denial-of-Service
Section4.4.IDSEvasion
Section4.5.SitesofInterest
Chapter5.Thesnort.confFile
Section5.1.NetworkandConfigurationVariables
Section5.2.SnortDecoderandDetectionEngineConfiguration
Section5.4.OutputConfigurations
Section5.3.PreprocessorConfigurations
Section5.5.FileInclusions
Chapter6.DeployingSnort
Section6.1.DeployNIDSwithYourEyesOpen
Section6.2.InitialConfiguration
Section6.3.SensorPlacement
Section6.5.UsingSnortMoreEffectively
Section6.4.SecuringtheSensorItself
Section6.6.SitesofInterest
Chapter7.CreatingandManagingSnortRules
Section7.1.DownloadingtheRules
Section7.2.TheRuleSets
Section7.3.CreatingYourOwnRules
Section7.5.KeepingThingsUp-to-Date
Section7.4.RuleExecution
Section7.6.SitesofInterest
Chapter8.IntrusionPrevention
Section8.1.IntrusionPreventionStrategies
Section8.2.IPSDeploymentRisks
Section8.3.FlexibleResponsewithSnort
Section8.4.TheSnortInlinePatch
Section8.5.ControllingYourBorder
Section8.6.SitesofInterest
Chapter9.TuningandThresholding
Section9.1.FalsePositives(FalseAlarms)
Section9.2.FalseNegatives(MissedAlerts)
Section9.4.PassRules
Section9.3.InitialConfigurationandTuning
Section9.5.ThresholdingandSuppression
Chapter10.UsingACIDasaSnortIDSManagementConsole
Section10.1.SoftwareInstallationandConfiguration
Section10.2.ACIDConsoleInstallation
Section10.3.AccessingtheACIDConsole
Section10.4.AnalyzingtheCapturedData
Section10.5.SitesofInterest
Chapter11.UsingSnortCenterasaSnortIDSManagementConsole
Section11.1.SnortCenterConsoleInstallation
Section11.2.SnortCenterAgentInstallation
Section11.4.LoggingInandSurveyingtheLayout
Section11.3.SnortCenterManagementConsole
Section11.5.AddingSensorstotheConsole
Section11.6.ManagingTasks
Chapter12.AdditionalToolsforSnortIDSManagement
Section12.1.OpenSourceSolutions
Section12.2.CommercialSolutions
Chapter13.StrategiesforHigh-BandwidthImplementationsofSnort
Section13.1.Barnyard(andSguil)
Section13.2.CommericialIDSLoadBalancers
Section13.3.TheIDSDistributionSystem(I(DS)2)
AppendixA.SnortandACIDDatabaseSchema
SectionA.1.acid_ag
AppendixB.TheDefaultsnort.confFile
AppendixC.Resources
SectionC.1.FromChapter1:Introduction
SectionC.2.FromChapter2:NetworkTrafficAnalysis
SectionC.3.FromChapter4:KnowYourEnemy
SectionC.5.FromChapter7:CreatingandManagingSnortRules
SectionC.7.FromChapter10:UsingACIDasaSnortIDSManagementConsole
SectionC.9.FromChapter13:StrategiesforHigh-BandwidthImplementationsof
Snort
Colophon
Index
SectionC.4.FromChapter6:DeployingSnort
SectionC.6.FromChapter8:IntrusionPrevention
SectionC.8.FromChapter12:AdditionalToolsforSnortIDSManagement
Copyright©2004O'ReillyMedia,Inc.
PrintedintheUnitedStatesofAmerica.
PublishedbyO'ReillyMedia,Inc.,1005GravensteinHighway
North,Sebastopol,CA95472.
O'Reillybooksmaybepurchasedforeducational,business,or
salespromotionaluse.Onlineeditionsarealsoavailablefor
mosttitles().Formoreinformation,
contactourcorporate/institutionalsalesdepartment:(800)
998-9938or
NutshellHandbook,theNutshellHandbooklogo,andthe
O'ReillylogoareregisteredtrademarksofO'ReillyMedia,Inc.
ManagingSecuritywithSnortandIDSTools,theimageofa
manonaropewithanax,andrelatedtradedressare
trademarksofO'ReillyMedia,Inc.
Manyofthedesignationsusedbymanufacturersandsellersto
distinguishtheirproductsareclaimedastrademarks.Where
thosedesignationsappearinthisbook,andO'ReillyMedia,Inc.
wasawareofatrademarkclaim,thedesignationshavebeen
printedincapsorinitialcaps.
Whileeveryprecautionhasbeentakeninthepreparationofthis
book,thepublisherandauthorsassumenoresponsibilityfor
errorsoromissions,orfordamagesresultingfromtheuseof
theinformationcontainedherein.
Preface
Thisbookexplainshowtomanageyournetwork'ssecurity
usingtheopensourcetoolSnort.Theexamplesinthisbookare
designedforuseprimarilyonaRedHatLinuxmachine.They
shouldbefullyfunctionalonthelatestRedHatEnterpriseLinux
versionaswellasthelatestFedorareleasebyRedHat.All
instructionsweredocumentedusingthemostrecentRedHat
releases,patches,andsoftware.Theapplicationswere
configuredusingdefaultpackagesneededforastandard
installation,andeachmachinewassecuredaccordingtothe
latesterrata.
TheinstructionsinthisbookapplytootherLinuxflavors,such
asSuSE,Gentoo,Debian,andmostUnixvariants,including
FreeBSD,OpenBSD,andSolaris.Manyoftheapplicationsare
availablefordownloadassourceorasprecompiledbinaries.
Sinceperformanceisoftenaconsiderationwhendeployingan
IDSsolution,youwillprobablyfindthatbuildingthe
applicationsfromsourceyieldsthebestresults.Ifyoudonot
havethetime,desire,orneedtobuildfromsource,theprebuilt
packagesshouldworkjustfineandinstallwithouttroubleon
mostsystems.ConsultyourLinuxdistributionorUnix-based
operatingsystemforfurtherinformationregardingsource
compilationandinstallation.Snortbinariesarealsoavailablefor
theMicrosoftWindowsplatform,andinstructionsforrunning
SnortonaWindowsplatformareincluded.
Linkstotheapplicationsandtheirrespectivewebsitesare
providedthroughoutandattheendofthechapters.AppendixC
alsocontainsacompendiumofallsoftwareprogramsand
applicationsreferenced.Checkallsoftwaresitesregularlyfor
thelatestupdatesandinformationregardingtheiruse.Manyof
theprogramsareunderactivedevelopmentandnewversions
arepostedfrequently.Someapplicationsrequireanupdatewith
thereleaseofnewLinuxversions.Staycurrentwiththemost
recentreleaseinordertoavoidanyvulnerabilitiesorsecurity
issuesthatappearovertime.
Topicscoveredinclude:
PacketcaptureandanalysisusingavarietyofcommandlineandGUIutilities.
Anintroductiontotheinterpretationofpacketheadersand
contentwithinanIDSenvironment.
Thethreatstoyourorganization'stechnologyassets.
Instructionsforinstalling,configuring,tuning,and
customizinganopensource,enterprise-levelnetwork
intrusiondetectionsystem(NIDS)foruseincorporate
and/orhomeofficeenvironments.
AdiscussionofwaystoutilizeSnortasasniffer,anetwork
gatewaythatblocksmalicioustraffic,andapassiveIDS
sensor.
DetailsonhowtoconfigureandtuneyourSnortIDS
installationtomaximizetheeffectivenessandminimizethe
laborinvolvedindetectingandtrackingdownattacks.
Anin-depthlookatavarietyofadministrationtoolsthat
assistinthemanagementoftheSnortIDSenvironment.
StrategiesfordeployinganIDSinswitched,high-security,
andhigh-bandwidthenvironments.
Audience
Thisbookisdesignedfornetwork,system,andsecurity
administratorsoflarge-scaleenterprisesaswellasmanagersof
smallbusinessesorhomeoffices.Theinstructionsshouldbe
readableforthosewithonlyasmallamountofnetworkand
Unixexperience,butalsousefulforexperiencedadministrators
withavariedbackgroundinnetworkingandsystem
administration.Tobesure,themoreexperiencedyouare,the
easieritwillbetointerprettheresultsgeneratedbytheSnort
IDS.
AboutThisBook
Snortcanbeusedforavarietyofapplications,fromactingasa
simplenetworksniffertoanenterprise-classgatewayintrusion
detectionsystem(IDS).Thisbookdiscussesthevariouswaysto
useSnort,andmethodsofconfiguring,tuning,andcustomizing
theapplicationtobestsuityourenvironment.Implementingan
IDSsolutioncanbealabor-intensiveandsometimes
overwhelmingproject.Thisbookhelpsstreamlinetheprocesses
oftheinitialsetupandongoingcareandfeedingofSnort.
Allthesourcecodediscussedhereisfreelyavailablefor
downloadofftheInternet.Ihaveavoidedanysoftwarethatis
closedsource,requiresalicense,orcostsmoney.Thoughlinks
andsourcecodeversionsdochangeovertime,everyefforthas
beenmadetokeeplistingsandreleasenumbersforeach
applicationasup-to-dateaspossible.IfyoufindtheURLdoes
notworkaslisted,pleasecheckwithsomeofthemajoropen
sourcerepositories:and
.Ifyouareunabletolocatethe
applications,useasearchenginesuchas
tofindtheprogram'snewhomeor
currentwebsite.
Linkstorequiredlibrariesorassociatedapplicationsareusually
foundonthehomepagesofmostprograms.Forexample,links
toSnortCenterandBarnyardarefoundonthemainSnortpage
at.
Nowthatyouknowwhatthisbookisabout,hereiswhatit's
notabout.Thisbookisnotabeginner'sguidetopacket
analysis.Itisintendedtohelpyouimplementviablesolutions
toeverydayintrusiondetectionproblems.Thisbookdoesnot
spendcountlesspagesexaminingthenuancesandvagariesof
everytypeoffragmentedpacketorpossiblebufferoverflow.
Instead,itexplainshowtoquicklycaptureasamplingof
networktrafficandlookforthetell-talesignsthatindicate
hostileactivity.
Ifyouaresearchingforatheoreticalmanualthatprovides
detailedinsightintoeverypossiblesecurityapplicationorthat
explainshowtodissectnewintrusivepackets,youwon'tfindit
here.Thisbookdealswithstrategiesandspeedy
implementationsusingareasonable,common-senseapproach.
Bytheendofthisbook,thereaderwillunderstandthata
network-basedintrusiondetectionsystemisonepartofalarger
strategyofdefense-in-depth.Thebookisbasedonthe
experienceofaNetworkSecurityEngineerwhohasboth
attackedanddefendedverylargecorporatenetworksand
systems.Whetheryouarelookingforsomethingtohelpsecure
yourhomenetwork,orlookingforanEnterprise-classsolution
thatcanwatch2Gbpsofbandwidthinnear-real-time,thisbook
willhelp.
AssumptionsThisBookMakes
Thisbookdoesnotmaketoomanydemandsontheaverage
reader.Itiswritteninaninformalmannerandisintendedfor
mostsecurityadministrators,whethertheyareusingLinux(or
anotherUnixoffshootlikeBSD)orWindows.Themainfocusof
thebookwillberunningSnortonaLinuxplatform.Even
beginningLinuxusersshouldhavenotroublegraspingthe
concepts.Mostapplicationsalongwiththeirinstallationand
configurationareclearlyspelledout.Whilethisbookwillprovide
theaverageuserwiththeabilitytogetaSnortsensorupand
running,professionaldeploymentsofanyIDSsolutionbenefit
fromagoodknowledgeofnetworkingandsystem
administration.Withoutthisbackground,discriminationofwhat
isnaughtyandwhatisnicewillbemoredifficult.
Ifanyofthestepsexplainedinlaterchaptersdonotanswerall
yourquestions,pleaseconsulttheapplication'shomepageor
subscribetoitsmailinglist,ifoneisavailable.Itwillbehelpful
ifyouarefamiliarwithUsenetnewsgroupsandcanpost
detailedquestionsregardinganyadditionaluseofthe
applicationspresentedhere.Youwillfindthattheopensource
communitysurroundingSnortandtherelatedapplicationsis
activeandincrediblyhelpful.
Thisbookassumesthatyouhaveaccesstooneormore
machines,canperformastandardoperatingsystem
installation,andhavearelativelystableconnectiontothe
Internet.ItalsooperatesontheassumptionthataLANor
switchedEthernetnetworkisavailablefortestingpurposes.
Thoughthisisnotrequired,itdoeshelpwhenmonitoring
packetsflowingbetweenmachinesandinandoutofnetworks.
Thisbookalsopresupposesthatasecurefirewallisinplace.It
isyourresponsibilitytoensurethatyournetworkremainssafe
duringtheIDSinstallationandimplementationphase.Newly
installedsystemsdonotsurvivelongwhenexposedtothe
Internetwithoutprotection.
ChapterSynopsis
Chapter1
Introducestheconceptsbehindnetworksecurityand
intrusiondetection.
Chapter2
Goesintosomedepthonhowthesystemsonyournetwork
usethenetworktoaccomplishtheirtasks.Thestructureof
packetswillbeexamined,equippingyoutorecognize
anomalousnetworktraffic.
Chapter3
IntroducesyoutogettingSnortupandrunningquickly
usingthevariouscommand-lineoptions.Itdiscussesthe
variousmodesinwhichSnortcanbeused,includingasa
snifferandpacketlogger.
Chapter4
Weexaminehowthe"badguys"attempttoprobe,
penetrate,persist,propagate,andparalyzeyournetwork
andsystems.Methodsofdetectingthesemethodsare
examined.
Chapter5
Providesanin-depthexaminationofthiscentral
configurationfile.Thesnort.conffilecontrolshowSnort
watchesthenetworkanddetectsmaliciousactivity.
Chapter6
StrategiesformakingaSnortdeploymentaseffectiveand
successfulaspossiblearediscussedinthischapter.
Chapter7
Thecoreofasignature-basedintrusiondetectionsystem
aretherulesthatrecognizeattacksinprogress.Oneofthe
realstrengthsofSnortistheflexibilityanddiscriminationof
itsrulesets.
Chapter8
Severalmechanismsandstrategiescanbeemployedthat
turnSnortfromanintrusiondetectionsystemintoan
intrusionpreventionsystem.Thesestrategiesarenot
withouttheirownrisks,however.
Chapter9
Thisisperhapsthemostimportantchapter.Propertuning
andthresholdingallowssecurityadministratorstominimize
thenumberoffalsepositivesgeneratedbyanIDSsensor,
makingtheirtimespentworkingwithSnortmoreefficient
andeffective.
Chapter10
ACIDisapopular,powerful,web-basedIDSmanagement
systemformanagingalertsgeneratedbySnort.
Chapter11
SnortCentermakesadministeringmultipleIDSsensors
mucheasier.
Chapter12
AwidevarietyoftoolscanhelpmanageaSnort-basedIDS
deployment.Someofthesesolutionsaremoreeffective
thanothers.
Chapter13
IfyourintentionistodeploySnortasanIDSinahighdemandenvironment,thischapterwillhelpbydiscussing
strategiesthatensurenothingismissedbyoverburdened
sensors.
AppendixA
ProvidestheschemasfortheSnortandACIDdatabase
tablesinordertoaiddevelopersincreatingnewtoolsor
modifyingexistingtools.
AppendixB
Presentsthedefaultsnort.conffileforreferencewhen
readingthebookandconfiguringsensors.Thecomments
areactuallyquitegood,too.
AppendixC
Providesacompilationofwebresourcesanddownload
sourcesfromthroughoutthebook.
ConventionsUsedinThisBook
Thefollowingtypographicalconventionsareusedinthisbook:
Plaintext
Indicatesmenutitles,menuoptions,menubuttons,
preprocessors,andkeyboardaccelerators(suchasAltand
Ctrl).
Italics
Indicatesnewterms,exampleURLs,exampleemail
addresses,filenames,fileextensions,pathnames,
directories,andUnixutilities.
Constantwidth
Indicatescommands,options,switches,variables,
attributes,keys,functions,types,classes,namespaces,
methods,modules,properties,parameters,values,objects,
events,eventhandlers,XMLtags,HTMLtags,macros,the
contentsoffiles,ortheoutputfromcommands.
Constantwidthbold
Showscommandsorothertextthatshouldbetyped
literallybytheuser.
Constantwidthitalic
Showstextthatshouldbereplacedwithuser-supplied
values.
Thisiconsignifiesatip,suggestion,orgeneralnote.
Thisiconindicatesawarningorcaution.
CommentsandQuestions
Pleaseaddresscommentsandquestionsconcerningthisbookto
thepublisher:
O'ReillyMedia,Inc.
1005GravensteinHighwayNorth
Sebastopol,CA95472
(800)998-9938(intheUnitedStatesorCanada)
(707)829-0515(internationalorlocal)
(707)829-0104(fax)
Wehaveawebpageforthisbook,wherewelisterrata,
examples,andanyadditionalinformation.Youcanaccessthis
pageat:
/>Tocommentorasktechnicalquestionsaboutthisbook,send
emailto:
Formoreinformationaboutourbooks,conferences,Resource
Centers,andtheO'ReillyNetwork,seeourwebsiteat:
Acknowledgments
Theauthorswishtothankthepeoplewhocontributedtothis
project.
KerryCox
Iowemanythankstoallthepeoplewhosharedwithmetheir
time,talents,andexperienceswhilepatientlyansweringmy
questions.ThanksespeciallytoalltheemployeesatKSL,
BonnevilleInternational,BonnevilleCommunications,LDS
BusinessCollege,andDeseretManagementCorporationwho
allowedmetoinstallintrusiondetectionsystemsontheir
serversandthencritiquedthesystems'performance,providing
mewithfeedbackthatassistedinmanywaystomakethisa
betterbook.
Iwouldespeciallyliketothankallthetechnicaland
nontechnicalstaffwithwhomIworkatBonnevilleInternational,
KSL,andtheDeseretManagementCorporation:GregJames,
RogerGraves,OwenSmoot,DonHuntsman,SteveTolman,
EdwardCheadle,BrentCherrington,MarkFenton,Jason
Williams,HalWhitlock,SteveWise,BryanCarter,BrentCole,
KarlHancock,TrevorGunnell,JamieHall,KevinMcReynolds,
JulieHill,JasonJones,AmyKimball,PatNeilson,andthemany
otherswhomImayhaveforgotten.
AccordingtoEricS.Raymond,"Givenenougheyeballs,allbugs
areshallow."ThiswasespeciallytrueoftheassistanceI
receivedfrommanyfriendsandco-workers.Therearefewer
errorsherethantheremightotherwisehavebeenthanksto
theirdiligenceinproofingthismaterial.Iamdeeplyindebtedto
thesepeopleforthetimeandefforttheytooktoverifythe
accuracyofwhatIwrote.Iconsidereachandeveryone
contributingeditorstothiswork.Thisisasmuchforthemasit
isforthereaders.
Iwishespeciallytothankthefollowingpeople,whospentmany
hoursreviewingandcritiquingthetextandcodeofthisbook
beforesubmissionsweresenttoO'Reilly.Iamextremely
gratefultoJasonJonesforcheckingeachchapter'ssyntaxand
tighteningupthecontent.Hepointedoutsomecrucialitems
thatmadethereadingflowbetter.Ourconversationstoand
fromworkeverydayhelpedtoimprovethequalityofthis
material.Iamdeeplyindebtedtohimforallhiswork.
IwishtothankBradHokansonfortestingthesourcecodeand
installingnumerousprogramsonhismachines.Heprovedthat
everythingshownhereactuallyworksonvariousoperating
systems.Hisworkwithencryptionandwirelesssecuritywas
mostvaluable.IwanttothankJasonWilliamsforhishelpin
proofingthelayoutandlookingoverthesubjectmatterfor
viability.EdwardCheadlewasveryhelpfulinimplementing
manyoftheseapplicationsinreal-worldscenarios.Hisfeedback
improvedmuchofthecontent.
ThankstoSteveScottforhisassistanceinprovidingdetailed
IDSdocumentation.Also,IowemanythankstoPatrickS.
Harperforhisusefulnotesandexplanationsforperforminga
fullsource-codeinstall.Hisexcellentpaperhashelpedmanya
beginnerontheroadtoconfiguringaworkingIDSbox.Thanks
alsotoJamieHallandKarlHancockforcontinuedfeedback
fromtheirownexperienceswithopensourceintrusiondetection
systems.
IalsoneedtothankJasonWilliamsagain,forprovidingmewith
thelaptoponwhichIranLinux.Manyarethenightsanddays
onthetrainIwasabletowritethisbookthankstohisdonation.
ItprovedveryusefulfortestingKismetandAirSnortand
settingupwirelesssecurityapplications.
MyhatisalsoofftoMikeLoukidesforhisassistanceinbringing
thisbooktoprint.Heprovidedinvaluablesuggestionsfor
improvingthelayout,content,andsyntaxofeachchapter.I
valuehisinputandappreciatethetrusthehasplacedinme.I
wanttoalsothanktheseveraltechnicalreviewerswhoproofed
thisdocumentforpotentialflawsorerrors.Iwanttopersonally
thankEdinDizdarevicforhisclosescrutiny,analysis,and
commentary.IverymuchenjoyedhisGermancommentaryand
notesoneachsection.Thanksalsototheothereditorswho
contributedtheirtimeandtalentstomakingthisabetterbook:
KevinBinsfield,AndreaBarisani,DanielHarrison,andAdam
Hogan.
Iwouldespeciallyliketothankmywife,Karen,forher
encouragement.ItwasshewhosuggestedIwritethisbookand
stoodbymethesepastfewmonths.Herunwaveringsupport
hasnotgoneunnoticed.Ihavealsomyboystothankfortheir
encouragement.Kids,I'mfinallydone.Let'splay.
ChristopherGerg
Thisbookwouldnothavebeenpossiblewithoutthesupportof
mypeers,friends,andfamily.TheSecurityServicesteamthatI
workwithatBerbeeInformationNetworksisthemosttalented
anddiversegroupofpeopleI'vehadtheprivilegetoworkand
learnwith.I'velearnedmoreinthelastfiveyearsthanIhave
uptothatpointinmylife.PaulTatarsky,MattJach,Peyton
Engel,DavidKlann,andJoeMondlochhavesharedtheirwitand
largebrainswithmemostgenerously.IhopeI'mabletorepay
afractionofthedebtIowe.(Assumethehorsestance...)
ThankstoEricPattersonforeverything.
Ofcourse,Iwouldn'tbeabletoaccomplishmuchofanything
withoutthesupportofmywife,Becky,andourtwocrumbcrunchers,Matthew(shorty)andSarah(theBunner).They
keepmesaneandcentered.Well,centered,anyway.
StandardthankstomyMotherandFatherforhavingmeand
settingthestageformycareerandfruitfuladulthood.(Hi,
Jessika!)
AspecialthankstoJimElliotforintroducingmetomyeditor,
MikeLoukides.Thanks,Mike,forgivingmetheopportunityto
stepintothisproject.TheworkofJohnIves,thetechnical
reviewer,wasexcellentthankyouverymuch.