Network Intrusion Detection, 3/e

Stephen Northcutt

  • 出版商: New Riders
  • 出版日期: 2002-08-27
  • 售價: $2,130
  • 貴賓價: 9.5$2,024
  • 語言: 英文
  • 頁數: 512
  • 裝訂: Paperback
  • ISBN: 0735712654
  • ISBN-13: 9780735712652
  • 海外代購書籍(需單獨結帳)

買這商品的人也買了...

相關主題

商品描述

The Chief Information Warfare Officer for the entire United States teaches you how to protect your corporate network.

  • Written by two of America's most important computer security experts.
  • Unparalleled advice and technical content, reviewed by the top names in network security.
  • Timing coincides with rising interest in intrusion detection.
This book is a training aid and reference for intrusion detection analysts. While the authors refer to research and theory, they focus their attention on providing practical information. The authors are literally the most recognized names in this specialized field, with unparalleled experience in defending our country's government and military computer networks. New to this edition is coverage of packet dissection, IP datagram fields, forensics, and snort filters.

Stephen Northcutt is a graduate of Mary Washington College. Before entering the field of computer security, he worked as a cook, a US Navy helicopter search and rescue crewman, a martial arts instructor, cartographer, and network designer. He is the author of Incident Handling Step by Step and Intrusion Detection — Shadow Style, both published by the SANS Institute. He was the original developer of the Shadow intrusion detection system and served as the leader of the Department of Defense's Shadow Intrusion Detection Team for two years. Formerly the Director of the U.S. Navy's Information System Security Office at the Naval Security Warfare Center, he is now Chief Information Warfare Officer for the Ballistic Missile Defense Organization at the DOD. He is a featured lecturer and co-chair of the SANS conference. Judy Novak is a Senior Security Analyst for the Army Research Laboratory. She is one of the founding members of the Computer and Security Incident Response Team that is highly regarded among the military. She has assisted in deploying intrusion detection tools and monitoring at many different military and government sites. She is an author and speaker for the SANS Institute on TCP/IP and using the Shadow intrusion detection tool for network analysis.

Table of Contents

I. TCP/IP.

1. IP Concepts.
2. Introduction to TCPdump and TCP.
3. Fragmentation.
4. ICMP.
5. Stimulus and Response.
6. DNS.

II. TRAFFIC ANALYSIS.

7. Packet Dissection Using TCPdump.
8. Examining IP Header Fields.
9. Examining Embedded Protocol Header Fields.
10. Real-World Analysis.
11. Mystery Traffic.

III. FILTERS/RULES FOR NETWORK MONITORING.

12. Writing TCPdump Filters.
13. Introduction to Snort and Snort Rules.
14. Snort Rules-Part II.

IV. INTRUSION INFRASTRUCTURE.

15. Mitnick Attack.
16. Architectural Issues.
17. Organizational Issues.
18. Automated and Manual Response.
19. Business Case for Intrusion Detection.
20. Future Directions.

V. APPENDIXES.

Appendix A. Exploits and Scans to Apply Exploits.
Appendix B. Denial of Service.
Appendix Ctection of Intelligence Gathering.
Index

商品描述(中文翻譯)

美國首席資訊戰官教導您如何保護企業網絡。本書由兩位美國最重要的電腦安全專家撰寫,提供無與倫比的建議和技術內容,並經過網絡安全領域頂尖人物的審查。出版時間與對入侵檢測日益增長的興趣相吻合。本書是入侵檢測分析師的培訓輔助和參考資料。雖然作者提到了研究和理論,但他們的注意力主要集中在提供實用信息上。作者們是這個專業領域中最受認可的人物,擁有在保護我們國家政府和軍事計算機網絡方面無與倫比的經驗。本版新增了對數據包解析、IP數據報字段、取證和snort過濾器的覆蓋。

Stephen Northcutt畢業於Mary Washington College。在從事電腦安全領域之前,他曾擔任廚師、美國海軍直升機搜救機組人員、武術教練、制圖師和網絡設計師。他是SANS Institute出版的《事件處理逐步指南》和《入侵檢測-影子風格》的作者。他是Shadow入侵檢測系統的原始開發者,並在美國國防部的Shadow入侵檢測團隊擔任領導職務兩年。他曾擔任美國海軍海軍安全戰爭中心的美國海軍信息系統安全辦公室主任,現任美國國防部彈道導彈防禦組織的首席資訊戰官。他是SANS會議的特邀講師和聯席主席。Judy Novak是美國陸軍研究實驗室的高級安全分析師。她是計算機和安全事件應對團隊的創始成員之一,該團隊在軍方中享有很高的聲譽。她協助在許多不同的軍事和政府場所部署入侵檢測工具和監控。她是SANS Institute關於TCP/IP和使用Shadow入侵檢測工具進行網絡分析的作者和演講者。

目錄:
I. TCP/IP.
1. IP概念。
2. TCPdump和TCP介紹。
3. 分段。
4. ICMP。
5. 刺激和響應。
6. DNS。

II. 流量分析。
7. 使用TCPdump進行數據包解析。
8. 檢查IP標頭字段。
9. 檢查嵌入式協議標頭字段。
10. 真實世界分析。
11. 神秘流量。

III. 網絡監控的過濾器/規則。
12. 編寫TCPdump過濾器。
13. Snort和Snort規則介紹。
14. Snort規則-第二部分。

IV. 入侵基礎設施。
15. Mitnick攻擊。
16. 架構問題。
17. 組織問題。
18. 自動和手動響應。
19. 入侵檢測的業務案例。
20. 未來發展。

V. 附錄。
附錄A. 應用攻擊和掃描。
附錄B. 服務拒絕攻擊。
附錄C. 情報收集保護。
索引