Network Intrusion Detection, 3/e
Stephen Northcutt, Judy Novak
- 出版商: Sams Publishing
- 出版日期: 2002-09-06
- 售價: $1,847
- 貴賓價: 9.5 折 $1,755
- 語言: 英文
- 頁數: 512
- 裝訂: Paperback
- ISBN: 0735712654
- ISBN-13: 9780735712652
The Chief Information Warfare Officer for the entire United States teaches you how to protect your corporate network.
- Written by two of America's most important computer security experts.
- Unparalleled advice and technical content, reviewed by the top names in network security.
- Timing coincides with rising interest in intrusion detection.
Stephen Northcutt is a graduate of Mary Washington College. Before entering the field of computer security, he worked as a cook, a US Navy helicopter search and rescue crewman, a martial arts instructor, cartographer, and network designer. He is the author of Incident Handling Step by Step and Intrusion Detection — Shadow Style, both published by the SANS Institute. He was the original developer of the Shadow intrusion detection system and served as the leader of the Department of Defense's Shadow Intrusion Detection Team for two years. Formerly the Director of the U.S. Navy's Information System Security Office at the Naval Security Warfare Center, he is now Chief Information Warfare Officer for the Ballistic Missile Defense Organization at the DOD. He is a featured lecturer and co-chair of the SANS conference. Judy Novak is a Senior Security Analyst for the Army Research Laboratory. She is one of the founding members of the Computer and Security Incident Response Team that is highly regarded among the military. She has assisted in deploying intrusion detection tools and monitoring at many different military and government sites. She is an author and speaker for the SANS Institute on TCP/IP and using the Shadow intrusion detection tool for network analysis.
Table of Contents
2. Introduction to TCPdump and TCP.
5. Stimulus and Response.
II. TRAFFIC ANALYSIS.
8. Examining IP Header Fields.
9. Examining Embedded Protocol Header Fields.
10. Real-World Analysis.
11. Mystery Traffic.
III. FILTERS/RULES FOR NETWORK MONITORING.
13. Introduction to Snort and Snort Rules.
14. Snort Rules-Part II.
IV. INTRUSION INFRASTRUCTURE.
16. Architectural Issues.
17. Organizational Issues.
18. Automated and Manual Response.
19. Business Case for Intrusion Detection.
20. Future Directions.
Appendix B. Denial of Service.
Appendix Ctection of Intelligence Gathering.