Intrusion Prevention And Active Response
  • Intrusion Prevention And Active Response
  • Intrusion Prevention And Active Response

Intrusion Prevention And Active Response

4.0 1
by Michael Rash, Graham Clark, Angela Orebaugh
     
 

ISBN-10: 193226647X

ISBN-13: 9781932266474

Pub. Date: 02/01/2005

Publisher: Elsevier Science

This book provides an introduction to the field of Intrusion Prevention and provides detailed information on various IPS methods and technologies. Specific methods are covered in depth, including both network and host IPS and response technologies such as port deactivation, firewall/router network layer ACL modification, session sniping, outright application layer

…  See more details below

Overview

This book provides an introduction to the field of Intrusion Prevention and provides detailed information on various IPS methods and technologies. Specific methods are covered in depth, including both network and host IPS and response technologies such as port deactivation, firewall/router network layer ACL modification, session sniping, outright application layer data modification, system call interception, and application shims.

• Corporate spending for Intrusion Prevention systems increased dramatically by 11% in the last quarter of 2004 alone

• Lead author, Michael Rash, is well respected in the IPS Community, having authored FWSnort, which greatly enhances the intrusion prevention capabilities of the market-leading Snort IDS

Product Details

ISBN-13:
9781932266474
Publisher:
Elsevier Science
Publication date:
02/01/2005
Edition description:
1st Edition
Pages:
428
Product dimensions:
0.87(w) x 7.00(h) x 10.00(d)

Related Subjects

Table of Contents

Introduction to Intrusion Prevention ; False Positives and Real Damage ; Data Link IPS ; Network IPS ; Transport IPS ; Application Layer Responses ; Host IPS Actions ; Hybrid IPS Actions ; Network Inline Data Modification

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >

Intrusion Prevention And Active Response 4 out of 5 based on 0 ratings. 1 reviews.
Guest More than 1 year ago
As malware and cracking become more potent, so too have the countermeasures. Hitherto, IDS have been popular, to detect such incursions into your network. But sterner tactics have evolved. An IDS is essentially passive. This book explores the concept of an Intrusion Prevention System. The strongest configuration is to put an IPS inline. So that it sits between the Internet and your computers. It parses the network traffic at any or all of the 5 layers, from data link to application. In its most intensive incarnation, it can analyse application layer data and modify these before passing them on. Plus, of course, it can block suspects attack messages, even in a zero-day mode. The discussion is fairly technical. A good prior knowledge of UDP and TCP is needed to make sense of much of the text. The book is also careful to warn of the pitfalls of using an IPS, especially inline. False positives and negatives. It is very hard to correctly find all the attacks. That is, to be able to implement a robust rule set to remove attacks from the traffic.