Intrusion Prevention And Active Response: Deploying Network And Host Ips
Michael Rash, Angela D. Orebaugh, Graham Clark, Becky Pinkard, Jake Babbin
- 出版商: Syngress Media
- 出版日期: 2005-02-01
- 定價: $1,650
- 售價: 5.0 折 $825
- 語言: 英文
- 頁數: 424
- 裝訂: Paperback
- ISBN: 193226647X
- ISBN-13: 9781932266474
-
相關分類:
Cisco、資訊安全
立即出貨(限量) (庫存=2)
買這商品的人也買了...
-
$903Wireless Information Networks -
LPI Linux 資格檢定 (LPI Linux Certification in a Nutshell)$880$695 -
系統分析與設計概論 (Essential of Systems Analysis and Design)$480$379 -
作業系統概念 (Operating System Concepts, 6/e Windows XP Update)$780$741 -
ASP.NET 程式設計徹底研究$590$466 -
精通 Visual Basic.NET 中文版黑皮書 (Visual Basic.NET Black Book)$750$585 -
鳥哥的 Linux 私房菜─基礎學習篇增訂版$560$504 -
C 程式設計藝術 (C How to Program, 4/e)$780$702 -
嵌入式 C 語言 (Embedded C)$450$356 -
密碼學與網路安全-原理與實務 (Cryptography and Network Security: Principles and Practices, 3/e)$680$537 -
More Effective C++ 國際中文版(最新修訂本) (More Effective C++: 35 New Ways to Improve Your Programs and Designs)$520$411 -
Effective C++ 國際中文版(最新修訂本), 2/e$480$379 -
Oracle Database 10g 入門手冊 (Oracle Database 10g: A Beginner's Guide)
$620$527 -
Windows CE.NET 程式設計 (Programming Microsoft Windows CE .Net, 3/e)$890$703 -
Linux 指令詳解辭典$650$553 -
ASP.NET 徹底研究進階技巧─高階技巧與控制項實作$650$507 -
CSS 網頁設計師手札 (The CSS Anthology 101 Essential Tips, Tricks & Hacks)$450$405 -
網路管理 (Network Management: Concepts and Practice, A Hands-On Approach)$580$458 -
Struts 333個應用範例技巧大全集$590$460 -
$1,615CCNA Cisco Certified Network Associate Study Guide, 5/e (640-801) -
Sniffer Pro 網路最佳化與故障排除手冊
$580$452 -
Oracle Database 10g PL/SQL 程式設計經典 (Oracle Database 10g PL/SQL Programming)$980$833 -
Java 2 全方位學習(J2SE 5.0 增修版)$750$593 -
Head First Servlets & JSP:SCWCD 專業認證指南 (Head First Servlets & JSP)$880$748 -
精通 Spring Framework
$580$452
商品描述
Description:
From the Foreword by Stephen Northcutt, Director of Training and Certification, The SANS Institute
Within a year of the infamous "Intrusion Detection is Dead" report by Gartner, we started seeing Intrusion Prevention System (IPS) products that actually worked in the real world. Security professionals are going to be approaching management for funding in the next year or two to procure intrusion prevention devices, especially Intelligent switches from 3Com (TippingPoint), as well as host-based intrusion prevention solutions like Cisco Security Agent, Platform Logic, Ozone or CrossTec. Both managers and security technologists face a pressing need to get up to speed, and fast, on the commercial and open source intrusion prevention solutions. This is the first book-length work that specifically concentrates on the concept, implementation, and implications of intrusion prevention and active response. The term IPS has been thrown around with reckless abandon by the security community. Here, the author team works to establish a common understanding and terminology, as well as compare the approaches to intrusion prevention.
· Transition from Intrusion Detection to Intrusion Prevention
Unlike IDS, IPS can modify application-layer data or perform system call interception.· Develop an Effective Packet Inspection Toolbox
Use products such as the Metasploit Framework as a source of test attacks.· Travel Inside the SANS Internet Storm Center
Review packet captures of actual attacks, like the “Witty” worm, directly from the handler’s diary.· Protect Against False Positives
Remember that, unlike an IDS, an IPS will REACT to an intrusion.· Integrate Multiple Layers of IPS
Create a multivendor defense at the Data Link, Network, Transport, and Application layers.· Deploy Host Attack Prevention Mechanisms
Includes stack hardening, system call interception, and application shimming.· Implement Inline Packet Payload Alteration
Use Snort Inline or a Linux kernel patch to the Netfilter string match extension.· Covers all Major Intrusion Prevention and Active Response Systems
Includes Snort Inline, SnortSAM, PaX, StackGuard, LIDS, FWSnort, PSAD, Enterasys Web IPS, and mod_securit.· Deploy IPS on Web Servers at the Applications Layer
The loading of an application-level IPS in process by the Web server will protect the server and inspect encrypted traffic.
Table of Contents:
Foreword by Stephen Northcutt
Intrusion Prevention and Active Response
Packet Inspection for Intrusion Analysis
False Positives and Real Damage
Four Layers of IPS Actions
Network Inline Data Modification
Protecting Your Host Through the Operating System
IPS at the Application Layer
Deploying Open Source IPS Solutions
IPS Evasion Techniques
Your Solutions Membership Gives You Access to:
A comprehensive FAQ page that consolidates all of the key points of this book into an easy-to-search Web page
“From the Author” Forum where the authors post timely updates and links to related sites
The complete code listings from the book
Downloadable chapters from these best-selling books:
Microsoft Log Parser Toolkit
Aggressive Network Self-Defense
Black Hat Physical Device Security
Buffer Overflow Attacks: Detect, Exploit, Prevent
商品描述(中文翻譯)
描述:
從Stephen Northcutt(SANS Institute的培訓和認證主管)的前言中可以看出,在Gartner發布了臭名昭著的“入侵檢測已死”報告的一年內,我們開始看到在現實世界中真正有效的入侵防護系統(IPS)產品。安全專業人員在未來一到兩年內將向管理層尋求資金來購買入侵防護設備,尤其是3Com(TippingPoint)的智能交換機,以及像Cisco Security Agent、Platform Logic、Ozone或CrossTec等基於主機的入侵防護解決方案。管理人員和安全技術人員都面臨著迫切的需求,需要快速了解商業和開源入侵防護解決方案的概念、實施和影響。這是第一本專門探討入侵防護和主動響應概念、實施和影響的書籍。IPS這個術語在安全社區中被隨意使用。在這裡,作者團隊致力於建立共同的理解和術語,並比較入侵防護的方法。
· 從入侵檢測過渡到入侵防護
與入侵檢測系統(IDS)不同,IPS可以修改應用層數據或執行系統調用截取。
· 開發有效的封包檢測工具箱
使用Metasploit Framework等產品作為測試攻擊的來源。
· 在SANS互聯網風暴中旅行
直接從處理者的日記中查看實際攻擊的封包捕獲,如“Witty”蠕蟲。
· 防止虛假陽性
請記住,與IDS不同,IPS將對入侵作出反應。
· 整合多層IPS
在數據鏈路、網絡、傳輸和應用層創建多供應商的防禦。
· 部署主機攻擊防護機制
包括堆棧硬化、系統調用截取和應用程式層。
· 實施內聯封包有效負載修改
使用Snort Inline或Linux內核補丁的Netfilter字符串匹配擴展。
· 涵蓋所有主要的入侵防護和主動響應系統
包括Snort Inline、SnortSAM、PaX、StackGuard、LIDS、FWSnort、PSAD、Enterasys Web IPS和mod_securit。
· 在應用層上部署Web服務器的IPS
通過Web服務器進程中加載應用層IPS,可以保護服務器並檢查加密流量。
目錄:
Stephen Northcutt的前言
入侵防護和主動響應
入侵分析的封包檢測
虛假陽性和真實損害
四層IPS操作
網絡內聯數據修改
通過操作系統保護主機
```
