TY - BOOK AU - Endorf,Carl F. AU - Schultz,Eugene AU - Mellander,Jim TI - Intrusion detection & prevention SN - 0072229543 SN - 978007222 AV - TK5105.59 .En2 PY - 2004/// CY - New York PB - McGraw-Hill/Osborne KW - Computer networks KW - Security measures KW - Internet KW - Computer security N1 - Includes index; Part I Intrusion Detection: Primer -- 1 Understanding Intrusion Detection 3 -- Intrusion-Detection and Intrusion-Prevention Basics 4 -- The History of Intrusion Detection and Prevention 10 -- WHY IDSs AND IPSs ARE IMPORTANT 12 -- IDS and IPS Analysis Schemes 13 -- IDS/IPS Pros and Cons 19 -- Intrusion-Detection and Intrusion-Prevention Myths 20 -- 2 Crash Course in the Internet Protocol Suite 23 -- An Introduction to the Seven-Layer OSI Reference Model 24 -- TCP/IP vs. the OSI Reference Model 27 -- Internet Protocol (IP) 28 -- Transmission Control Protocol (TCP) 34 -- User Datagram Protocol (UDP) 39 -- Internet Control Message Protocol (ICMP) 40 -- Address Resolution Protocol (ARP) 41 -- Domain Name System (DNS) 46 -- 3 Unauthorized Activity I 49 -- General IDS Limitations 50 -- Network Protocol Abuses 51 -- 4 Unauthorized Activity II 69 -- Pros and Cons of Open Source 70 -- Types of Exploits 71 -- Commonly Exploited Programs and Protocols 78 -- Viruses and Worms 88 -- 5 Tcpdump 93 -- Tcpdump Command Line Options 94 -- Tcpdump Output Format 97 -- Tcpdump Expressions 99 -- Bulk Capture 102 -- How Many Bytes Were Transferred in That Connection? 104 -- Tcpdump as Intrusion Detection? 105 -- Tcpslice, Tcpflow, and Tcpjoin 108 -- Part II Architecture -- 6 IDS and IPS Architecture 115 -- Tiered Architectures 116 -- Sensors 119 -- Agents 127 -- Manager Component 131 -- 7 IDS and IPS Internals 137 -- Information Flow in IDS and IPS 138 -- Detection of Exploits 146 -- Malicious Code Detection 154 -- Output Routines 156 -- Defending IDS/IPS 157 -- Part III Implementation and Deployment -- 8 Internet Security System's RealSecure 161 -- Installation and Architecture 162 -- Configuring RealSecure 171 -- Creating and Implementing Event Filters 180 -- Reporting 183 -- Signatures 186 -- Upgrading 189 -- 9 Cisco Secure IDS 197 -- Designing Your Cisco-Based Solution 199 -- 10 Snort 231 -- About Snort 232 -- Snort Modes 233 -- Snort's IDS Components 234 -- Snort Rules 236 -- Snort Output 239 -- Special Requirements 240 -- Additional Tools 245 -- Evaluation 245 -- 11 NFR Security 249 -- NFR Detection Methodology 250 -- NFR Architecture 250 -- Sentivist Signatures 252 -- Alerts and Forensics 254 -- Cool Things You Can Do with N-Code 257 -- Central Management Server 257 -- Sentivist Deployment Strategy 261 -- NFR Reporting 271 -- Extending NFR 271 -- Part IV Security and IDS Management -- 12 Data Correlation 275 -- The Basics of Data Correlation 276 -- Advanced Approaches to Data Correlation and Fusion 281 -- Understanding and Using Statistical Correlation 283 -- Baysian Inference 287 -- Real-Time Versus After-the-Fact Correlation 289 -- 13 Incident Response 293 -- Response Types 295 -- The Incident-Response Process 296 -- IDS and IPS Incident-Response Phases 302 -- Forensics 306 -- Corporate Issues 307 -- 14 Policy and Procedures 311 -- Policies, Standards, Guidelines, Procedures, and Baselines 312 -- 15 Laws, Standards, and Organizations 319 -- Understanding Legal Systems 320 -- U.S. Computer-Related Laws 321 -- State Laws 323 -- International Cyber Security-Related Laws 326 -- Standards 327 -- Organizations 330 -- Legal Resources on the Web 331 -- 16 Security Business Issues 333 -- The Business Case for Intrusion Detection and Prevention 334 -- IDS Deployment Costs 336 -- Acquisition 338 -- Managing Intrusion Detection 342 -- 17 The Future of Intrusion Detection and Prevention 345 -- Lower Reliance on Signature-Based Intrusion Detection 346 -- Intrusion Prevention 352 -- Data and Alert Correlation 355 -- Source Determination 356 -- Integrated Forensics Capabilities 357 -- Use of Honeypots in Intrusion Detection and Prevention 357 -- A Intrusion Detection and Prevention Systems 361 ER -