Intrusion detection & prevention / Carl Endorf, Dr. Eugene Schultz, Jim Mellander.

By:

Endorf, Carl F

Contributor(s):

Material type:

TextPublication details: New York : McGraw-Hill/Osborne, 2004.Description: xxxi, 386 p. : ill. ; 24 cmISBN:

0072229543

ISSN:

9780072229547

Subject(s):

LOC classification:

TK5105.59 .En2

Contents:

Part I Intrusion Detection: Primer -- 1 Understanding Intrusion Detection 3 -- Intrusion-Detection and Intrusion-Prevention Basics 4 -- The History of Intrusion Detection and Prevention 10 -- WHY IDSs AND IPSs ARE IMPORTANT 12 -- IDS and IPS Analysis Schemes 13 -- IDS/IPS Pros and Cons 19 -- Intrusion-Detection and Intrusion-Prevention Myths 20 -- 2 Crash Course in the Internet Protocol Suite 23 -- An Introduction to the Seven-Layer OSI Reference Model 24 -- TCP/IP vs. the OSI Reference Model 27 -- Internet Protocol (IP) 28 -- Transmission Control Protocol (TCP) 34 -- User Datagram Protocol (UDP) 39 -- Internet Control Message Protocol (ICMP) 40 -- Address Resolution Protocol (ARP) 41 -- Domain Name System (DNS) 46 -- 3 Unauthorized Activity I 49 -- General IDS Limitations 50 -- Network Protocol Abuses 51 -- 4 Unauthorized Activity II 69 -- Pros and Cons of Open Source 70 -- Types of Exploits 71 -- Commonly Exploited Programs and Protocols 78 -- Viruses and Worms 88 -- 5 Tcpdump 93 -- Tcpdump Command Line Options 94 -- Tcpdump Output Format 97 -- Tcpdump Expressions 99 -- Bulk Capture 102 -- How Many Bytes Were Transferred in That Connection? 104 -- Tcpdump as Intrusion Detection? 105 -- Tcpslice, Tcpflow, and Tcpjoin 108 -- Part II Architecture -- 6 IDS and IPS Architecture 115 -- Tiered Architectures 116 -- Sensors 119 -- Agents 127 -- Manager Component 131 -- 7 IDS and IPS Internals 137 -- Information Flow in IDS and IPS 138 -- Detection of Exploits 146 -- Malicious Code Detection 154 -- Output Routines 156 -- Defending IDS/IPS 157 -- Part III Implementation and Deployment -- 8 Internet Security System's RealSecure 161 -- Installation and Architecture 162 -- Configuring RealSecure 171 -- Creating and Implementing Event Filters 180 -- Reporting 183 -- Signatures 186 -- Upgrading 189 -- 9 Cisco Secure IDS 197 -- Designing Your Cisco-Based Solution 199 -- 10 Snort 231 -- About Snort 232 -- Snort Modes 233 -- Snort's IDS Components 234 -- Snort Rules 236 -- Snort Output 239 -- Special Requirements 240 -- Additional Tools 245 -- Evaluation 245 -- 11 NFR Security 249 -- NFR Detection Methodology 250 -- NFR Architecture 250 -- Sentivist Signatures 252 -- Alerts and Forensics 254 -- Cool Things You Can Do with N-Code 257 -- Central Management Server 257 -- Sentivist Deployment Strategy 261 -- NFR Reporting 271 -- Extending NFR 271 -- Part IV Security and IDS Management -- 12 Data Correlation 275 -- The Basics of Data Correlation 276 -- Advanced Approaches to Data Correlation and Fusion 281 -- Understanding and Using Statistical Correlation 283 -- Baysian Inference 287 -- Real-Time Versus After-the-Fact Correlation 289 -- 13 Incident Response 293 -- Response Types 295 -- The Incident-Response Process 296 -- IDS and IPS Incident-Response Phases 302 -- Forensics 306 -- Corporate Issues 307 -- 14 Policy and Procedures 311 -- Policies, Standards, Guidelines, Procedures, and Baselines 312 -- 15 Laws, Standards, and Organizations 319 -- Understanding Legal Systems 320 -- U.S. Computer-Related Laws 321 -- State Laws 323 -- International Cyber Security-Related Laws 326 -- Standards 327 -- Organizations 330 -- Legal Resources on the Web 331 -- 16 Security Business Issues 333 -- The Business Case for Intrusion Detection and Prevention 334 -- IDS Deployment Costs 336 -- Acquisition 338 -- Managing Intrusion Detection 342 -- 17 The Future of Intrusion Detection and Prevention 345 -- Lower Reliance on Signature-Based Intrusion Detection 346 -- Intrusion Prevention 352 -- Data and Alert Correlation 355 -- Source Determination 356 -- Integrated Forensics Capabilities 357 -- Use of Honeypots in Intrusion Detection and Prevention 357 -- A Intrusion Detection and Prevention Systems 361.

Tags from this library: No tags from this library for this title.

Average rating: 0.0 (0 votes)

Holdings
Cover image	Item type	Current library	Home library	Collection	Shelving location	Call number	Materials specified	Vol info	URL	Copy number	Status	Notes	Date due	Barcode	Item holds	Item hold queue priority	Course reserves
	Books	Methodist University Library Main General Stacks		Reference		TK5105.59 .En2 (Browse shelf(Opens below))					Available			8236
	Books	Methodist University Library Main General Stacks		Reference		TK5105.59 .En2 (Browse shelf(Opens below))					Available			8082

Includes index.

Part I Intrusion Detection: Primer --
1 Understanding Intrusion Detection 3 --
Intrusion-Detection and Intrusion-Prevention Basics 4 --
The History of Intrusion Detection and Prevention 10 --
WHY IDSs AND IPSs ARE IMPORTANT 12 --
IDS and IPS Analysis Schemes 13 --
IDS/IPS Pros and Cons 19 --
Intrusion-Detection and Intrusion-Prevention Myths 20 --
2 Crash Course in the Internet Protocol Suite 23 --
An Introduction to the Seven-Layer OSI Reference Model 24 --
TCP/IP vs. the OSI Reference Model 27 --
Internet Protocol (IP) 28 --
Transmission Control Protocol (TCP) 34 --
User Datagram Protocol (UDP) 39 --
Internet Control Message Protocol (ICMP) 40 --
Address Resolution Protocol (ARP) 41 --
Domain Name System (DNS) 46 --
3 Unauthorized Activity I 49 --
General IDS Limitations 50 --
Network Protocol Abuses 51 --
4 Unauthorized Activity II 69 --
Pros and Cons of Open Source 70 --
Types of Exploits 71 --
Commonly Exploited Programs and Protocols 78 --
Viruses and Worms 88 --
5 Tcpdump 93 --
Tcpdump Command Line Options 94 --
Tcpdump Output Format 97 --
Tcpdump Expressions 99 --
Bulk Capture 102 --
How Many Bytes Were Transferred in That Connection? 104 --
Tcpdump as Intrusion Detection? 105 --
Tcpslice, Tcpflow, and Tcpjoin 108 --
Part II Architecture --
6 IDS and IPS Architecture 115 --
Tiered Architectures 116 --
Sensors 119 --
Agents 127 --
Manager Component 131 --
7 IDS and IPS Internals 137 --
Information Flow in IDS and IPS 138 --
Detection of Exploits 146 --
Malicious Code Detection 154 --
Output Routines 156 --
Defending IDS/IPS 157 --
Part III Implementation and Deployment --
8 Internet Security System's RealSecure 161 --
Installation and Architecture 162 --
Configuring RealSecure 171 --
Creating and Implementing Event Filters 180 --
Reporting 183 --
Signatures 186 --
Upgrading 189 --
9 Cisco Secure IDS 197 --
Designing Your Cisco-Based Solution 199 --
10 Snort 231 --
About Snort 232 --
Snort Modes 233 --
Snort's IDS Components 234 --
Snort Rules 236 --
Snort Output 239 --
Special Requirements 240 --
Additional Tools 245 --
Evaluation 245 --
11 NFR Security 249 --
NFR Detection Methodology 250 --
NFR Architecture 250 --
Sentivist Signatures 252 --
Alerts and Forensics 254 --
Cool Things You Can Do with N-Code 257 --
Central Management Server 257 --
Sentivist Deployment Strategy 261 --
NFR Reporting 271 --
Extending NFR 271 --
Part IV Security and IDS Management --
12 Data Correlation 275 --
The Basics of Data Correlation 276 --
Advanced Approaches to Data Correlation and Fusion 281 --
Understanding and Using Statistical Correlation 283 --
Baysian Inference 287 --
Real-Time Versus After-the-Fact Correlation 289 --
13 Incident Response 293 --
Response Types 295 --
The Incident-Response Process 296 --
IDS and IPS Incident-Response Phases 302 --
Forensics 306 --
Corporate Issues 307 --
14 Policy and Procedures 311 --
Policies, Standards, Guidelines, Procedures, and Baselines 312 --
15 Laws, Standards, and Organizations 319 --
Understanding Legal Systems 320 --
U.S. Computer-Related Laws 321 --
State Laws 323 --
International Cyber Security-Related Laws 326 --
Standards 327 --
Organizations 330 --
Legal Resources on the Web 331 --
16 Security Business Issues 333 --
The Business Case for Intrusion Detection and Prevention 334 --
IDS Deployment Costs 336 --
Acquisition 338 --
Managing Intrusion Detection 342 --
17 The Future of Intrusion Detection and Prevention 345 --
Lower Reliance on Signature-Based Intrusion Detection 346 --
Intrusion Prevention 352 --
Data and Alert Correlation 355 --
Source Determination 356 --
Integrated Forensics Capabilities 357 --
Use of Honeypots in Intrusion Detection and Prevention 357 --
A Intrusion Detection and Prevention Systems 361.

There are no comments on this title.

to post a comment.

Print
Cite
Add to your cart (remove)
Suggest for purchase
Save record
BIBTEX Dublin Core MARCXML MARC (non-Unicode/MARC-8) MARC (Unicode/UTF-8) MARC (Unicode/UTF-8, Standard) MODS (XML) RIS
More searches

Search for this title in:
Other Libraries (WorldCat) Other Databases (Google Scholar) Open Library (openlibrary.org)