OReilly managing security with snort and IDS tools aug 2004 ISBN 0596006616
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (4.33 MB, 625 trang )
•
•
•
•
•
•
TableofContents
Index
Reviews
ReaderReviews
Errata
Academic
ManagingSecuritywithSnortandIDS
Tools
ByKerryJ.Cox,ChristopherGerg
Publisher :O'Reilly
PubDate :August2004
ISBN :0-596-00661-6
Pages :288
Thispracticalguidetomanagingnetwork
securitycoversreliablemethodsfordetecting
networkintruders,fromusingsimplepacket
snifferstomoresophisticatedIDS(Intrusion
DetectionSystems)applicationsandtheGUI
interfacesformanagingthem.A
comprehensiveresourceformonitoringillegal
entryattempts,ManagingSecuritywithSnort
andIDSToolsprovidesstep-by-step
instructionsongettingupandrunningwith
Snort2.1,andhowtoshutdownandsecure
workstations,servers,firewalls,routers,
sensorsandothernetworkdevices.
•
•
•
•
•
•
TableofContents
Index
Reviews
ReaderReviews
Errata
Academic
ManagingSecuritywithSnortandIDS
Tools
ByKerryJ.Cox,ChristopherGerg
Publisher :O'Reilly
PubDate :August2004
ISBN :0-596-00661-6
Pages :288
Copyright
Preface
Audience
AboutThisBook
AssumptionsThisBookMakes
ConventionsUsedinThisBook
ChapterSynopsis
CommentsandQuestions
Acknowledgments
Chapter1.Introduction
Section1.1.DisappearingPerimeters
Section1.2.Defense-in-Depth
Section1.3.DetectingIntrusions(aHierarchyofApproaches)
Section1.4.WhatIsNIDS(andWhatIsanIntrusion)?
Section1.5.TheChallengesofNetworkIntrusionDetection
Section1.6.WhySnortasanNIDS?
Section1.7.SitesofInterest
Chapter2.NetworkTrafficAnalysis
Section2.1.TheTCP/IPSuiteofProtocols
Section2.2.DissectingaNetworkPacket
Section2.4.Installingtcpdump
Section2.6.ExaminingtcpdumpOutput
Section2.8.ethereal
Section2.3.PacketSniffing
Section2.5.tcpdumpBasics
Section2.7.Runningtcpdump
Section2.9.SitesofInterest
Chapter3.InstallingSnort
Section3.1.AboutSnort
Section3.2.InstallingSnort
Section3.3.Command-LineOptions
Section3.4.ModesofOperation
Chapter4.KnowYourEnemy
Section4.1.TheBadGuys
Section4.2.AnatomyofanAttack:TheFivePs
Section4.3.Denial-of-Service
Section4.4.IDSEvasion
Section4.5.SitesofInterest
Chapter5.Thesnort.confFile
Section5.1.NetworkandConfigurationVariables
Section5.2.SnortDecoderandDetectionEngineConfiguration
Section5.4.OutputConfigurations
Section5.3.PreprocessorConfigurations
Section5.5.FileInclusions
Chapter6.DeployingSnort
Section6.1.DeployNIDSwithYourEyesOpen
Section6.2.InitialConfiguration
Section6.3.SensorPlacement
Section6.5.UsingSnortMoreEffectively
Section6.4.SecuringtheSensorItself
Section6.6.SitesofInterest
Chapter7.CreatingandManagingSnortRules
Section7.1.DownloadingtheRules
Section7.2.TheRuleSets
Section7.3.CreatingYourOwnRules
Section7.5.KeepingThingsUp-to-Date
Section7.4.RuleExecution
Section7.6.SitesofInterest
Chapter8.IntrusionPrevention
Section8.1.IntrusionPreventionStrategies
Section8.2.IPSDeploymentRisks
Section8.3.FlexibleResponsewithSnort
Section8.4.TheSnortInlinePatch
Section8.5.ControllingYourBorder
Section8.6.SitesofInterest
Chapter9.TuningandThresholding
Section9.1.FalsePositives(FalseAlarms)
Section9.2.FalseNegatives(MissedAlerts)
Section9.4.PassRules
Section9.3.InitialConfigurationandTuning
Section9.5.ThresholdingandSuppression
Chapter10.UsingACIDasaSnortIDSManagementConsole
Section10.1.SoftwareInstallationandConfiguration
Section10.2.ACIDConsoleInstallation
Section10.3.AccessingtheACIDConsole
Section10.4.AnalyzingtheCapturedData
Section10.5.SitesofInterest
Chapter11.UsingSnortCenterasaSnortIDSManagementConsole
Section11.1.SnortCenterConsoleInstallation
Section11.2.SnortCenterAgentInstallation
Section11.4.LoggingInandSurveyingtheLayout
Section11.3.SnortCenterManagementConsole
Section11.5.AddingSensorstotheConsole
Section11.6.ManagingTasks
Chapter12.AdditionalToolsforSnortIDSManagement
Section12.1.OpenSourceSolutions
Section12.2.CommercialSolutions
Chapter13.StrategiesforHigh-BandwidthImplementationsofSnort
Section13.1.Barnyard(andSguil)
Section13.2.CommericialIDSLoadBalancers
Section13.3.TheIDSDistributionSystem(I(DS)2)
AppendixA.SnortandACIDDatabaseSchema
SectionA.1.acid_ag
AppendixB.TheDefaultsnort.confFile
AppendixC.Resources
SectionC.1.FromChapter1:Introduction
SectionC.2.FromChapter2:NetworkTrafficAnalysis
SectionC.3.FromChapter4:KnowYourEnemy
SectionC.5.FromChapter7:CreatingandManagingSnortRules
SectionC.7.FromChapter10:UsingACIDasaSnortIDSManagementConsole
SectionC.9.FromChapter13:StrategiesforHigh-BandwidthImplementationsof
Snort
Colophon
Index
SectionC.4.FromChapter6:DeployingSnort
SectionC.6.FromChapter8:IntrusionPrevention
SectionC.8.FromChapter12:AdditionalToolsforSnortIDSManagement
Copyright©2004O'ReillyMedia,Inc.
PrintedintheUnitedStatesofAmerica.
PublishedbyO'ReillyMedia,Inc.,1005GravensteinHighway
North,Sebastopol,CA95472.
O'Reillybooksmaybepurchasedforeducational,business,or
salespromotionaluse.Onlineeditionsarealsoavailablefor
mosttitles().Formoreinformation,
contactourcorporate/institutionalsalesdepartment:(800)
998-9938or
NutshellHandbook,theNutshellHandbooklogo,andthe
O'ReillylogoareregisteredtrademarksofO'ReillyMedia,Inc.
ManagingSecuritywithSnortandIDSTools,theimageofa
manonaropewithanax,andrelatedtradedressare
trademarksofO'ReillyMedia,Inc.
Manyofthedesignationsusedbymanufacturersandsellersto
distinguishtheirproductsareclaimedastrademarks.Where
thosedesignationsappearinthisbook,andO'ReillyMedia,Inc.
wasawareofatrademarkclaim,thedesignationshavebeen
printedincapsorinitialcaps.
Whileeveryprecautionhasbeentakeninthepreparationofthis
book,thepublisherandauthorsassumenoresponsibilityfor
errorsoromissions,orfordamagesresultingfromtheuseof
theinformationcontainedherein.
Preface
Thisbookexplainshowtomanageyournetwork'ssecurity
usingtheopensourcetoolSnort.Theexamplesinthisbookare
designedforuseprimarilyonaRedHatLinuxmachine.They
shouldbefullyfunctionalonthelatestRedHatEnterpriseLinux
versionaswellasthelatestFedorareleasebyRedHat.All
instructionsweredocumentedusingthemostrecentRedHat
releases,patches,andsoftware.Theapplicationswere
configuredusingdefaultpackagesneededforastandard
installation,andeachmachinewassecuredaccordingtothe
latesterrata.
TheinstructionsinthisbookapplytootherLinuxflavors,such
asSuSE,Gentoo,Debian,andmostUnixvariants,including
FreeBSD,OpenBSD,andSolaris.Manyoftheapplicationsare
availablefordownloadassourceorasprecompiledbinaries.
Sinceperformanceisoftenaconsiderationwhendeployingan
IDSsolution,youwillprobablyfindthatbuildingthe
applicationsfromsourceyieldsthebestresults.Ifyoudonot
havethetime,desire,orneedtobuildfromsource,theprebuilt
packagesshouldworkjustfineandinstallwithouttroubleon
mostsystems.ConsultyourLinuxdistributionorUnix-based
operatingsystemforfurtherinformationregardingsource
compilationandinstallation.Snortbinariesarealsoavailablefor
theMicrosoftWindowsplatform,andinstructionsforrunning
SnortonaWindowsplatformareincluded.
Linkstotheapplicationsandtheirrespectivewebsitesare
providedthroughoutandattheendofthechapters.AppendixC
alsocontainsacompendiumofallsoftwareprogramsand
applicationsreferenced.Checkallsoftwaresitesregularlyfor
thelatestupdatesandinformationregardingtheiruse.Manyof
theprogramsareunderactivedevelopmentandnewversions
arepostedfrequently.Someapplicationsrequireanupdatewith
thereleaseofnewLinuxversions.Staycurrentwiththemost
recentreleaseinordertoavoidanyvulnerabilitiesorsecurity
issuesthatappearovertime.
Topicscoveredinclude:
PacketcaptureandanalysisusingavarietyofcommandlineandGUIutilities.
Anintroductiontotheinterpretationofpacketheadersand
contentwithinanIDSenvironment.
Thethreatstoyourorganization'stechnologyassets.
Instructionsforinstalling,configuring,tuning,and
customizinganopensource,enterprise-levelnetwork
intrusiondetectionsystem(NIDS)foruseincorporate
and/orhomeofficeenvironments.
AdiscussionofwaystoutilizeSnortasasniffer,anetwork
gatewaythatblocksmalicioustraffic,andapassiveIDS
sensor.
DetailsonhowtoconfigureandtuneyourSnortIDS
installationtomaximizetheeffectivenessandminimizethe
laborinvolvedindetectingandtrackingdownattacks.
Anin-depthlookatavarietyofadministrationtoolsthat
assistinthemanagementoftheSnortIDSenvironment.
StrategiesfordeployinganIDSinswitched,high-security,
andhigh-bandwidthenvironments.
Audience
Thisbookisdesignedfornetwork,system,andsecurity
administratorsoflarge-scaleenterprisesaswellasmanagersof
smallbusinessesorhomeoffices.Theinstructionsshouldbe
readableforthosewithonlyasmallamountofnetworkand
Unixexperience,butalsousefulforexperiencedadministrators
withavariedbackgroundinnetworkingandsystem
administration.Tobesure,themoreexperiencedyouare,the
easieritwillbetointerprettheresultsgeneratedbytheSnort
IDS.
AboutThisBook
Snortcanbeusedforavarietyofapplications,fromactingasa
simplenetworksniffertoanenterprise-classgatewayintrusion
detectionsystem(IDS).Thisbookdiscussesthevariouswaysto
useSnort,andmethodsofconfiguring,tuning,andcustomizing
theapplicationtobestsuityourenvironment.Implementingan
IDSsolutioncanbealabor-intensiveandsometimes
overwhelmingproject.Thisbookhelpsstreamlinetheprocesses
oftheinitialsetupandongoingcareandfeedingofSnort.
Allthesourcecodediscussedhereisfreelyavailablefor
downloadofftheInternet.Ihaveavoidedanysoftwarethatis
closedsource,requiresalicense,orcostsmoney.Thoughlinks
andsourcecodeversionsdochangeovertime,everyefforthas
beenmadetokeeplistingsandreleasenumbersforeach
applicationasup-to-dateaspossible.IfyoufindtheURLdoes
notworkaslisted,pleasecheckwithsomeofthemajoropen
sourcerepositories:and
.Ifyouareunabletolocatethe
applications,useasearchenginesuchas
tofindtheprogram'snewhomeor
currentwebsite.
Linkstorequiredlibrariesorassociatedapplicationsareusually
foundonthehomepagesofmostprograms.Forexample,links
toSnortCenterandBarnyardarefoundonthemainSnortpage
at.
Nowthatyouknowwhatthisbookisabout,hereiswhatit's
notabout.Thisbookisnotabeginner'sguidetopacket
analysis.Itisintendedtohelpyouimplementviablesolutions
toeverydayintrusiondetectionproblems.Thisbookdoesnot
spendcountlesspagesexaminingthenuancesandvagariesof
everytypeoffragmentedpacketorpossiblebufferoverflow.
Instead,itexplainshowtoquicklycaptureasamplingof
networktrafficandlookforthetell-talesignsthatindicate
hostileactivity.
Ifyouaresearchingforatheoreticalmanualthatprovides
detailedinsightintoeverypossiblesecurityapplicationorthat
explainshowtodissectnewintrusivepackets,youwon'tfindit
here.Thisbookdealswithstrategiesandspeedy
implementationsusingareasonable,common-senseapproach.
Bytheendofthisbook,thereaderwillunderstandthata
network-basedintrusiondetectionsystemisonepartofalarger
strategyofdefense-in-depth.Thebookisbasedonthe
experienceofaNetworkSecurityEngineerwhohasboth
attackedanddefendedverylargecorporatenetworksand
systems.Whetheryouarelookingforsomethingtohelpsecure
yourhomenetwork,orlookingforanEnterprise-classsolution
thatcanwatch2Gbpsofbandwidthinnear-real-time,thisbook
willhelp.
AssumptionsThisBookMakes
Thisbookdoesnotmaketoomanydemandsontheaverage
reader.Itiswritteninaninformalmannerandisintendedfor
mostsecurityadministrators,whethertheyareusingLinux(or
anotherUnixoffshootlikeBSD)orWindows.Themainfocusof
thebookwillberunningSnortonaLinuxplatform.Even
beginningLinuxusersshouldhavenotroublegraspingthe
concepts.Mostapplicationsalongwiththeirinstallationand
configurationareclearlyspelledout.Whilethisbookwillprovide
theaverageuserwiththeabilitytogetaSnortsensorupand
running,professionaldeploymentsofanyIDSsolutionbenefit
fromagoodknowledgeofnetworkingandsystem
administration.Withoutthisbackground,discriminationofwhat
isnaughtyandwhatisnicewillbemoredifficult.
Ifanyofthestepsexplainedinlaterchaptersdonotanswerall
yourquestions,pleaseconsulttheapplication'shomepageor
subscribetoitsmailinglist,ifoneisavailable.Itwillbehelpful
ifyouarefamiliarwithUsenetnewsgroupsandcanpost
detailedquestionsregardinganyadditionaluseofthe
applicationspresentedhere.Youwillfindthattheopensource
communitysurroundingSnortandtherelatedapplicationsis
activeandincrediblyhelpful.
Thisbookassumesthatyouhaveaccesstooneormore
machines,canperformastandardoperatingsystem
installation,andhavearelativelystableconnectiontothe
Internet.ItalsooperatesontheassumptionthataLANor
switchedEthernetnetworkisavailablefortestingpurposes.
Thoughthisisnotrequired,itdoeshelpwhenmonitoring
packetsflowingbetweenmachinesandinandoutofnetworks.
Thisbookalsopresupposesthatasecurefirewallisinplace.It
isyourresponsibilitytoensurethatyournetworkremainssafe
duringtheIDSinstallationandimplementationphase.Newly
installedsystemsdonotsurvivelongwhenexposedtothe
Internetwithoutprotection.
ChapterSynopsis
Chapter1
Introducestheconceptsbehindnetworksecurityand
intrusiondetection.
Chapter2
Goesintosomedepthonhowthesystemsonyournetwork
usethenetworktoaccomplishtheirtasks.Thestructureof
packetswillbeexamined,equippingyoutorecognize
anomalousnetworktraffic.
Chapter3
IntroducesyoutogettingSnortupandrunningquickly
usingthevariouscommand-lineoptions.Itdiscussesthe
variousmodesinwhichSnortcanbeused,includingasa
snifferandpacketlogger.
Chapter4
Weexaminehowthe"badguys"attempttoprobe,
penetrate,persist,propagate,andparalyzeyournetwork
andsystems.Methodsofdetectingthesemethodsare
examined.
Chapter5
Providesanin-depthexaminationofthiscentral
configurationfile.Thesnort.conffilecontrolshowSnort
watchesthenetworkanddetectsmaliciousactivity.
Chapter6
StrategiesformakingaSnortdeploymentaseffectiveand
successfulaspossiblearediscussedinthischapter.
Chapter7
Thecoreofasignature-basedintrusiondetectionsystem
aretherulesthatrecognizeattacksinprogress.Oneofthe
realstrengthsofSnortistheflexibilityanddiscriminationof
itsrulesets.
Chapter8
Severalmechanismsandstrategiescanbeemployedthat
turnSnortfromanintrusiondetectionsystemintoan
intrusionpreventionsystem.Thesestrategiesarenot
withouttheirownrisks,however.
Chapter9
Thisisperhapsthemostimportantchapter.Propertuning
andthresholdingallowssecurityadministratorstominimize
thenumberoffalsepositivesgeneratedbyanIDSsensor,
makingtheirtimespentworkingwithSnortmoreefficient
andeffective.
Chapter10
ACIDisapopular,powerful,web-basedIDSmanagement
systemformanagingalertsgeneratedbySnort.
Chapter11
SnortCentermakesadministeringmultipleIDSsensors
mucheasier.
Chapter12
AwidevarietyoftoolscanhelpmanageaSnort-basedIDS
deployment.Someofthesesolutionsaremoreeffective
thanothers.
Chapter13
IfyourintentionistodeploySnortasanIDSinahighdemandenvironment,thischapterwillhelpbydiscussing
strategiesthatensurenothingismissedbyoverburdened
sensors.
AppendixA
ProvidestheschemasfortheSnortandACIDdatabase
tablesinordertoaiddevelopersincreatingnewtoolsor
modifyingexistingtools.
AppendixB
Presentsthedefaultsnort.conffileforreferencewhen
readingthebookandconfiguringsensors.Thecomments
areactuallyquitegood,too.
AppendixC
Providesacompilationofwebresourcesanddownload
sourcesfromthroughoutthebook.
ConventionsUsedinThisBook
Thefollowingtypographicalconventionsareusedinthisbook:
Plaintext
Indicatesmenutitles,menuoptions,menubuttons,
preprocessors,andkeyboardaccelerators(suchasAltand
Ctrl).
Italics
Indicatesnewterms,exampleURLs,exampleemail
addresses,filenames,fileextensions,pathnames,
directories,andUnixutilities.
Constantwidth
Indicatescommands,options,switches,variables,
attributes,keys,functions,types,classes,namespaces,
methods,modules,properties,parameters,values,objects,
events,eventhandlers,XMLtags,HTMLtags,macros,the
contentsoffiles,ortheoutputfromcommands.
Constantwidthbold
Showscommandsorothertextthatshouldbetyped
literallybytheuser.
Constantwidthitalic
Showstextthatshouldbereplacedwithuser-supplied
values.
Thisiconsignifiesatip,suggestion,orgeneralnote.
Thisiconindicatesawarningorcaution.
CommentsandQuestions
Pleaseaddresscommentsandquestionsconcerningthisbookto
thepublisher:
O'ReillyMedia,Inc.
1005GravensteinHighwayNorth
Sebastopol,CA95472
(800)998-9938(intheUnitedStatesorCanada)
(707)829-0515(internationalorlocal)
(707)829-0104(fax)
Wehaveawebpageforthisbook,wherewelisterrata,
examples,andanyadditionalinformation.Youcanaccessthis
pageat:
/>Tocommentorasktechnicalquestionsaboutthisbook,send
emailto:
Formoreinformationaboutourbooks,conferences,Resource
Centers,andtheO'ReillyNetwork,seeourwebsiteat:
Acknowledgments
Theauthorswishtothankthepeoplewhocontributedtothis
project.
KerryCox
Iowemanythankstoallthepeoplewhosharedwithmetheir
time,talents,andexperienceswhilepatientlyansweringmy
questions.ThanksespeciallytoalltheemployeesatKSL,
BonnevilleInternational,BonnevilleCommunications,LDS
BusinessCollege,andDeseretManagementCorporationwho
allowedmetoinstallintrusiondetectionsystemsontheir
serversandthencritiquedthesystems'performance,providing
mewithfeedbackthatassistedinmanywaystomakethisa
betterbook.
Iwouldespeciallyliketothankallthetechnicaland
nontechnicalstaffwithwhomIworkatBonnevilleInternational,
KSL,andtheDeseretManagementCorporation:GregJames,
RogerGraves,OwenSmoot,DonHuntsman,SteveTolman,
EdwardCheadle,BrentCherrington,MarkFenton,Jason
Williams,HalWhitlock,SteveWise,BryanCarter,BrentCole,
KarlHancock,TrevorGunnell,JamieHall,KevinMcReynolds,
JulieHill,JasonJones,AmyKimball,PatNeilson,andthemany
otherswhomImayhaveforgotten.
AccordingtoEricS.Raymond,"Givenenougheyeballs,allbugs
areshallow."ThiswasespeciallytrueoftheassistanceI
receivedfrommanyfriendsandco-workers.Therearefewer
errorsherethantheremightotherwisehavebeenthanksto
theirdiligenceinproofingthismaterial.Iamdeeplyindebtedto
thesepeopleforthetimeandefforttheytooktoverifythe
accuracyofwhatIwrote.Iconsidereachandeveryone
contributingeditorstothiswork.Thisisasmuchforthemasit
isforthereaders.
Iwishespeciallytothankthefollowingpeople,whospentmany
hoursreviewingandcritiquingthetextandcodeofthisbook
beforesubmissionsweresenttoO'Reilly.Iamextremely
gratefultoJasonJonesforcheckingeachchapter'ssyntaxand
tighteningupthecontent.Hepointedoutsomecrucialitems
thatmadethereadingflowbetter.Ourconversationstoand
fromworkeverydayhelpedtoimprovethequalityofthis
material.Iamdeeplyindebtedtohimforallhiswork.
IwishtothankBradHokansonfortestingthesourcecodeand
installingnumerousprogramsonhismachines.Heprovedthat
everythingshownhereactuallyworksonvariousoperating
systems.Hisworkwithencryptionandwirelesssecuritywas
mostvaluable.IwanttothankJasonWilliamsforhishelpin
proofingthelayoutandlookingoverthesubjectmatterfor
viability.EdwardCheadlewasveryhelpfulinimplementing
manyoftheseapplicationsinreal-worldscenarios.Hisfeedback
improvedmuchofthecontent.
ThankstoSteveScottforhisassistanceinprovidingdetailed
IDSdocumentation.Also,IowemanythankstoPatrickS.
Harperforhisusefulnotesandexplanationsforperforminga
fullsource-codeinstall.Hisexcellentpaperhashelpedmanya
beginnerontheroadtoconfiguringaworkingIDSbox.Thanks
alsotoJamieHallandKarlHancockforcontinuedfeedback
fromtheirownexperienceswithopensourceintrusiondetection
systems.
IalsoneedtothankJasonWilliamsagain,forprovidingmewith
thelaptoponwhichIranLinux.Manyarethenightsanddays
onthetrainIwasabletowritethisbookthankstohisdonation.
ItprovedveryusefulfortestingKismetandAirSnortand
settingupwirelesssecurityapplications.
MyhatisalsoofftoMikeLoukidesforhisassistanceinbringing
thisbooktoprint.Heprovidedinvaluablesuggestionsfor
improvingthelayout,content,andsyntaxofeachchapter.I
valuehisinputandappreciatethetrusthehasplacedinme.I
wanttoalsothanktheseveraltechnicalreviewerswhoproofed
thisdocumentforpotentialflawsorerrors.Iwanttopersonally
thankEdinDizdarevicforhisclosescrutiny,analysis,and
commentary.IverymuchenjoyedhisGermancommentaryand
notesoneachsection.Thanksalsototheothereditorswho
contributedtheirtimeandtalentstomakingthisabetterbook:
KevinBinsfield,AndreaBarisani,DanielHarrison,andAdam
Hogan.
Iwouldespeciallyliketothankmywife,Karen,forher
encouragement.ItwasshewhosuggestedIwritethisbookand
stoodbymethesepastfewmonths.Herunwaveringsupport
hasnotgoneunnoticed.Ihavealsomyboystothankfortheir
encouragement.Kids,I'mfinallydone.Let'splay.
ChristopherGerg
Thisbookwouldnothavebeenpossiblewithoutthesupportof
mypeers,friends,andfamily.TheSecurityServicesteamthatI
workwithatBerbeeInformationNetworksisthemosttalented
anddiversegroupofpeopleI'vehadtheprivilegetoworkand
learnwith.I'velearnedmoreinthelastfiveyearsthanIhave
uptothatpointinmylife.PaulTatarsky,MattJach,Peyton
Engel,DavidKlann,andJoeMondlochhavesharedtheirwitand
largebrainswithmemostgenerously.IhopeI'mabletorepay
afractionofthedebtIowe.(Assumethehorsestance...)
ThankstoEricPattersonforeverything.
Ofcourse,Iwouldn'tbeabletoaccomplishmuchofanything
withoutthesupportofmywife,Becky,andourtwocrumbcrunchers,Matthew(shorty)andSarah(theBunner).They
keepmesaneandcentered.Well,centered,anyway.
StandardthankstomyMotherandFatherforhavingmeand
settingthestageformycareerandfruitfuladulthood.(Hi,
Jessika!)
AspecialthankstoJimElliotforintroducingmetomyeditor,
MikeLoukides.Thanks,Mike,forgivingmetheopportunityto
stepintothisproject.TheworkofJohnIves,thetechnical
reviewer,wasexcellentthankyouverymuch.
