BN.com Gift Guide

Intrusion Prevention And Active Response

Paperback (Print)
Buy New
Buy New from BN.com
$49.76
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 96%)
Other sellers (Paperback)
  • All (9) from $1.99   
  • New (4) from $36.03   
  • Used (5) from $1.99   

Overview

This book provides an introduction to the field of Intrusion Prevention and provides detailed information on various IPS methods and technologies. Specific methods are covered in depth, including both network and host IPS and response technologies such as port deactivation, firewall/router network layer ACL modification, session sniping, outright application layer data modification, system call interception, and application shims.

• Corporate spending for Intrusion Prevention systems increased dramatically by 11% in the last quarter of 2004 alone

• Lead author, Michael Rash, is well respected in the IPS Community, having authored FWSnort, which greatly enhances the intrusion prevention capabilities of the market-leading Snort IDS

This book provides an introduction to the field of Intrusion Prevention and provides detailed information on various IPS methods and technologies. Specific methods are covered in depth, including both network and host IPS and response technologies such as port deactivation, firewall/router network layer ACL modification, session sniping, outright application layer data modification, system call interception, and application shims.

Read More Show Less

Product Details

  • ISBN-13: 9781932266474
  • Publisher: Elsevier Science
  • Publication date: 2/1/2005
  • Edition description: 1st Edition
  • Pages: 428
  • Product dimensions: 0.87 (w) x 7.00 (h) x 10.00 (d)

Meet the Author

Angela Orebaugh (, GCIA, GCFW, GCIH, GSEC, CCNA) is a Senior Scientist in the Advanced Technology Research Center of Sytex, Inc. where she works with a specialized team to advance the state of the art in information systems security. She has over 10 years experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. She has a Masters in Computer Science, and is currently pursuing her Ph.D. with a concentration in Information Security at George Mason University.

Read More Show Less

Table of Contents

Introduction to Intrusion Prevention ; False Positives and Real Damage ; Data Link IPS ; Network IPS ; Transport IPS ; Application Layer Responses ; Host IPS Actions ; Hybrid IPS Actions ; Network Inline Data Modification

Read More Show Less

Foreword

by Stephen Northcutt, Director of Training and Certification, The SANS Institute

Within a year of the infamous "Intrusion Detection is Dead" report by Gartner, we started seeing Intrusion Prevention System (IPS) products that actually worked in the real world. Security professionals are going to be approaching management for funding in the next year or two to procure intrusion prevention devices, especially Intelligent switches from 3Com (TippingPoint), as well as host-based intrusion prevention solutions like Cisco Security Agent, Platform Logic, Ozone or CrossTec. Both managers and security technologists face a pressing need to get up to speed, and fast, on the commercial and open source intrusion prevention solutions. This is the first book-length work that specifically concentrates on the concept, implementation, and implications of intrusion prevention and active response. The term IPS has been thrown around with reckless abandon by the security community. Here, the author team works to establish a common understanding and terminology, as well as compare the approaches to intrusion prevention.

·          Transition from Intrusion Detection to Intrusion Prevention
Unlike IDS, IPS can modify application-layer data or perform system call interception.

·          Develop an Effective Packet Inspection Toolbox
Use products such as the Metasploit Framework as a source of test attacks.

·          Travel Inside the SANS Internet Storm Center
Review packet captures of actual attacks, like the “Witty” worm, directly from the handler’s diary.

·          Protect Against False Positives
Remember that, unlike an IDS, an IPS will REACT to an intrusion.

·          Integrate Multiple Layers of IPS
Create a multivendor defense at the Data Link, Network, Transport, and Application layers.

·          Deploy Host Attack Prevention Mechanisms
Includes stack hardening, system call interception, and application shimming.

·          Implement Inline Packet Payload Alteration
Use Snort Inline or a Linux kernel patch to the Netfilter string match extension.

·          Covers all Major Intrusion Prevention and Active Response Systems
Includes  Snort Inline, SnortSAM, PaX, StackGuard, LIDS, FWSnort, PSAD, Enterasys Web IPS, and mod_securit.

·          Deploy IPS on Web Servers at the Applications Layer
The loading of an application-level IPS in process by the Web server will protect the server and inspect encrypted traffic.


Read More Show Less

Customer Reviews

Average Rating 4
( 1 )
Rating Distribution

5 Star

(0)

4 Star

(1)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted April 9, 2005

    false positives and negatives are the problem

    As malware and cracking become more potent, so too have the countermeasures. Hitherto, IDS have been popular, to detect such incursions into your network. But sterner tactics have evolved. An IDS is essentially passive. This book explores the concept of an Intrusion Prevention System. The strongest configuration is to put an IPS inline. So that it sits between the Internet and your computers. It parses the network traffic at any or all of the 5 layers, from data link to application. In its most intensive incarnation, it can analyse application layer data and modify these before passing them on. Plus, of course, it can block suspects attack messages, even in a zero-day mode. The discussion is fairly technical. A good prior knowledge of UDP and TCP is needed to make sense of much of the text. The book is also careful to warn of the pitfalls of using an IPS, especially inline. False positives and negatives. It is very hard to correctly find all the attacks. That is, to be able to implement a robust rule set to remove attacks from the traffic.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)