Network Intrusion Detection, 3/e

Stephen Northcutt, Judy Novak

  • 出版商: Sams Publishing
  • 出版日期: 2002-09-06
  • 定價: USD $54.99
  • 售價: $1,613
  • 貴賓價: 9.5$1,532
  • 語言: 英文
  • 頁數: 512
  • 裝訂: Paperback
  • ISBN: 0735712654
  • ISBN-13: 9780735712652

下單後立即進貨 (1週~2週)

商品描述

The Chief Information Warfare Officer for the entire United States teaches you how to protect your corporate network.

  • Written by two of America's most important computer security experts.
  • Unparalleled advice and technical content, reviewed by the top names in network security.
  • Timing coincides with rising interest in intrusion detection.
This book is a training aid and reference for intrusion detection analysts. While the authors refer to research and theory, they focus their attention on providing practical information. The authors are literally the most recognized names in this specialized field, with unparalleled experience in defending our country's government and military computer networks. New to this edition is coverage of packet dissection, IP datagram fields, forensics, and snort filters.

Stephen Northcutt is a graduate of Mary Washington College. Before entering the field of computer security, he worked as a cook, a US Navy helicopter search and rescue crewman, a martial arts instructor, cartographer, and network designer. He is the author of Incident Handling Step by Step and Intrusion Detection — Shadow Style, both published by the SANS Institute. He was the original developer of the Shadow intrusion detection system and served as the leader of the Department of Defense's Shadow Intrusion Detection Team for two years. Formerly the Director of the U.S. Navy's Information System Security Office at the Naval Security Warfare Center, he is now Chief Information Warfare Officer for the Ballistic Missile Defense Organization at the DOD. He is a featured lecturer and co-chair of the SANS conference. Judy Novak is a Senior Security Analyst for the Army Research Laboratory. She is one of the founding members of the Computer and Security Incident Response Team that is highly regarded among the military. She has assisted in deploying intrusion detection tools and monitoring at many different military and government sites. She is an author and speaker for the SANS Institute on TCP/IP and using the Shadow intrusion detection tool for network analysis.

Table of Contents

I. TCP/IP.

1. IP Concepts.
2. Introduction to TCPdump and TCP.
3. Fragmentation.
4. ICMP.
5. Stimulus and Response.
6. DNS.

II. TRAFFIC ANALYSIS.

7. Packet Dissection Using TCPdump.
8. Examining IP Header Fields.
9. Examining Embedded Protocol Header Fields.
10. Real-World Analysis.
11. Mystery Traffic.

III. FILTERS/RULES FOR NETWORK MONITORING.

12. Writing TCPdump Filters.
13. Introduction to Snort and Snort Rules.
14. Snort Rules-Part II.

IV. INTRUSION INFRASTRUCTURE.

15. Mitnick Attack.
16. Architectural Issues.
17. Organizational Issues.
18. Automated and Manual Response.
19. Business Case for Intrusion Detection.
20. Future Directions.

V. APPENDIXES.

Appendix A. Exploits and Scans to Apply Exploits.
Appendix B. Denial of Service.
Appendix Ctection of Intelligence Gathering.
Index