Register your product to gain access to bonus material or receive a coupon.
Intrusion detection is one of the hottest growing areas of network security. As the number of corporate, government, and educational networks grow and as they become more and more interconnected through the Internet, there is a correlating increase in the types and numbers of attacks to penetrate those networks. Intrusion Detection, Second Edition is a training aid and reference for intrusion detection analysts. This book is meant to be practical. The authors are literally the most recognized names in this specialized field, with unparalleled experience in defending our country¿s government and military computer networks. People travel from all over the world to hear them speak, and this book will be a distillation of that experience. The book's approach is to introduce and ground topics through actual traffic patterns. The authors have been through the trenches and give you access to unusual and unique data.
Introduction.
1. IP Concepts.
The TCP/IP Internet Model. Packaging (Beyond Paper or Plastic). Addresses. Service Ports. IP Protocols. Domain Name System. Routing: How You Get There From Here.
TCPdump. Introduction to TCP. TCP Gone Awry.
Theory of Fragmentation. Malicious Fragmentation.
ICMP Theory. Mapping Techniques. Normal ICMP Activity. Malicious ICMP Activity. To Block or Not To Block.
The Expected. Protocol Benders. Summary of Expected Behavior and Protocol Benders. Abnormal Stimuli. Unconventional Stimulus, Operating System Identifying Response.
Back to Basics: DNS Theory. Reverse Lookups. Using DNS for Reconnaissance. Tainting DNS Responses.
Exploiting TCP. Detecting the Mitnick Attack. Network-Based Intrusion-Detection Systems. Host-Based Intrusion-Detection Systems. Preventing the Mitnick Attack.
Filtering Policy. Signatures. Filters Used to Detect Events of Interest. Example Filters. Snort Filter Example. Policy Issues Related to Targeting Filters.
Events of Interest. Limits to Observation. Low-Hanging Fruit Paradigm. Human Factors Limit Detects. Severity. Countermeasures. Calculating Severity. Sensor Placement. Push/Pull. Analyst Console. Host- or Network-Based Intrusion Detection.
Multiple Solutions Working Together. Commercial IDS Interoperability Solutions. Correlation. SQL Databases.
Snort. Commercial Tools. UNIX-Based Systems. GOTS. Evaluating Intrusion-Detection Systems.
Increasing Threat. Improved Tools. Improved Targeting. Mobile Code. Trap Doors. Sharing-The Legacy of Y2K. Trusted Insider. Improved Response. Virus Industry Revisited. Hardware-Based ID. Defense in Depth. Program-Based ID. Smart Auditors.
False Positives. IMAP Exploits. Scans to Apply Exploits. Single Exploit, Portmap.
Brute-Force Denial-of-Service Traces. Elegant Kills. nmap 2.53. Distributed Denial-of-Service Attacks.
Network and Host Mapping. NetBIOS-Specific Traces. Stealth Attacks. Measuring Response Time. Viruses as Information Gatherers.
portmapper. dump Is a Core Component of rpcinfo. Attacks That Directly Access an RPC Service. The Big Three. Analysis Under Fire. Oh nmap!
The Mechanics of Writing TCPdump Filters. Bit Masking. TCPdump IP Filters. TCPdump UDP Filters. TCPdump TCP Filters.
Christmas Eve 1998. Where Attackers Shop. Communications Network. Anonymity.
The Traces. The Hunt Begins. Y2K. Sources Found. Miscellaneous Findings. Summary Checklist. Epilogue and Purpose.
Organizational Security Model. Defining Risk. Risk. Defining the Threat. Risk Management Is Dollar Driven. How Risky Is a Risk?.
Automated Response. Honeypot. Manual Response.
Part One: Management Issues. Part Two: Threats and Vulnerabilities. Part Three: Tradeoffs and Recommended Solution. Repeat the Executive Summary.