Intrusion Prevention and Active Response: Deploying Network and Host IPS
|
| |
ISBN |
193226647X |
|
Release Date |
01 February 2005 |
|
Category |
Network Security |
|
Tags |
intrusion,
intrusion prevention,
ips,
intrusion detection,
prevent,
intrusion prevention and active response,
incident response,
cisco ips,
prevention,
host,
intrusion prevention and active response: deploying network and host ips,
active,
active directory,
"intrusion prevention",
mcafee ips,
193226647x,
host integrity,
intrusion detection system,
host integrity monitoring,
response,
"intrusion prevention and active response",
network,
|
|
This book @Amazon |
View |
|
Description
From the Foreword by Stephen Northcutt, Director of Training and Certification, The SANS Institute
Within a year of the infamous "Intrusion Detection is Dead" report by Gartner, we started seeing Intrusion Prevention System (IPS) products that actually worked in the real world. Security professionals are going to be approaching management for funding in the next year or two to procure intrusion prevention devices, especially Intelligent switches from 3Com (TippingPoint), as well as host-based intrusion prevention solutions like Cisco Security Agent, Platform Logic, Ozone or CrossTec. Both managers and security technologists face a pressing need to get up to speed, and fast, on the commercial and open source intrusion prevention solutions. This is the first book-length work that specifically concentrates on the concept, implementation, and implications of intrusion prevention and active response. The term IPS has been thrown around with reckless abandon by the security community. Here, the author team works to establish a common understanding and terminology, as well as compare the approaches to intrusion prevention.
- Transition from Intrusion Detection to Intrusion Prevention Unlike IDS, IPS can modify application-layer data or perform system call interception.
- Develop an Effective Packet Inspection Toolbox Use products such as the Metasploit Framework as a source of test attacks.
- Travel Inside the SANS Internet Storm Center Review packet captures of actual attacks, like the "Witty" worm, directly from the handler's diary.
- Protect Against False Positives Remember that, unlike an IDS, an IPS will REACT to an intrusion.
- Integrate Multiple Layers of IPS Create a multivendor defense at the Data Link, Network, Transport, and Application layers.
- Deploy Host Attack Prevention Mechanisms Includes stack hardening, system call interception, and application shimming.
- Implement Inline Packet Payload Alteration Use Snort Inline or a Linux kernel patch to the Netfilter string match extension.
- Covers all Major Intrusion Prevention and Active Response Systems Includes Snort Inline, SnortSAM, PaX, StackGuard, LIDS, FWSnort, PSAD, Enterasys Web IPS, and mod_securit.
- Deploy IPS on Web Servers at the Applications Layer The loading of an application-level IPS in process by the Web server will protect the server and inspect encrypted traffic.
|
Other books on Network Security
Security and Cryptography for Networks: 6th International Conference, SCN 2008, Amalfi, Italy, September 10-12, 2008, Proceedings (Lecture Notes in Computer Science)
Implementing Email and Security Tokens: Current Standards, Tools, and Practices
Handbook of Research on Wireless Security
OSSEC Host-Based Intrusion Detection Guide
Nmap in the Enterprise: Your Guide to Network Scanning
Router Security Strategies: Securing IP Network Traffic Planes (Networking Technology: Security)
Botnet Detection: Countering the Largest Security Threat (Advances in Information Security)
The Best Damn Firewall Book Period, Second Edition (Best Damn) (Book Period)
Network Security Assessment: Know Your Network
Penetration Tester's Open Source Toolkit, Volume 2
End-to-End Network Security: Defense-in-Depth
Security Monitoring with Cisco Security MARS (Networking Technology: Security)
Wireless Network Security (Signals and Communication Technology)
Cross Site Scripting Attacks: Xss Exploits and Defense
Endpoint Security
|
|
