Intrusion Prevention Fundamentals

Overview

An introduction to network attack mitigation with IPS

  • Where did IPS come from? How has it evolved?
  • How does IPS work? What components does it have?
  • What security needs can IPS address?
  • Does IPS work with other security products? What is the “big picture”?
  • What are the ...
See more details below
Available through our Marketplace sellers.
Other sellers (Paperback)
  • All (7) from $9.73   
  • New (3) from $50.24   
  • Used (4) from $9.73   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$50.24
Seller since 2007

Feedback rating:

(23914)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
BRAND NEW

Ships from: Avenel, NJ

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
$70.21
Seller since 2008

Feedback rating:

(213)

Condition: New

Ships from: Chicago, IL

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
$82.55
Seller since 2015

Feedback rating:

(6)

Condition: New
New

Ships from: Idyllwild, CA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
Page 1 of 1
Showing All
Close
Sort by
Sending request ...

Overview

An introduction to network attack mitigation with IPS

  • Where did IPS come from? How has it evolved?
  • How does IPS work? What components does it have?
  • What security needs can IPS address?
  • Does IPS work with other security products? What is the “big picture”?
  • What are the best practices related to IPS?
  • How is IPS deployed, and what should be considered prior to a deployment?

Intrusion Prevention Fundamentals offers an introduction and in-depth overview of Intrusion Prevention Systems (IPS) technology. Using real-world scenarios and practical case studies, this book walks you through the lifecycle of an IPS project–from needs definition to deployment considerations. Implementation examples help you learn how IPS works, so you can make decisions about how and when to use the technology and understand what “flavors” of IPS are available. The book will answer questions like:

Whether you are evaluating IPS technologies or want to learn how to deploy and manage IPS in your network, this book is an invaluable resource for anyone who needs to know how IPS technology works, what problems it can or cannot solve, how it is deployed, and where it fits in the larger security marketplace.

  • Understand the types, triggers, and actions of IPS signatures
  • Deploy, configure, and monitor IPS activities and secure IPS communications
  • Learn the capabilities, benefits, and limitations of host IPS
  • Examine the inner workings of host IPS agents and management infrastructures
  • Enhance your network security posture by deploying network IPS features
  • Evaluate the various network IPS sensor types and management options
  • Examine real-world host and network IPS deployment scenarios

This book is part of the Cisco Press® Fundamentals Series. Books in this series introduce networking professionals to new networking technologies, covering network topologies, example deployment concepts, protocols, and management techniques.

Includes a FREE 45-Day Online Edition

Read More Show Less

Product Details

  • ISBN-13: 9781587052392
  • Publisher: Cisco Press
  • Publication date: 1/20/2006
  • Series: Fundamentals Series
  • Edition description: New Edition
  • Pages: 312
  • Product dimensions: 7.30 (w) x 9.10 (h) x 0.80 (d)

Meet the Author

Earl Carter is a consulting engineer and member of the Security Technologies Assessment Team (STAT) for Cisco Systems®. He performs security evaluations on numerous Cisco® products, including everything from the PIX® Firewall and VPN solutions to Cisco CallManager and other VoIP products. Earl started with Cisco doing research for Cisco Secure Intrusion Detection System (formerly NetRanger) and Cisco Secure Scanner (formerly NetSonar).

Jonathan Hogue, CISSP, is a technical marketing engineer in the Cisco security business unit where his primary focus is the Cisco Security Agent. He has been involved with host-based security products since 1999 when he joined Trend Micro. In 2001, he began working with one of the first host intrusion prevention products, StormWatch by Okena, Inc. Okena was subsequently acquired by Cisco Systems.

Read More Show Less

Table of Contents

Part I Intrusion Prevention Overview

Chapter 1 Intrusion Prevention Overview

Evolution of Computer Security Threats

Technology Adoption

Target Value

Attack Characteristics

Attack Examples

Evolution of Attack Mitigation

Host

Network

IPS Capabilities

Attack Prevention

Regulatory Compliance

Summary

Technology Adoption

Target Value

Attack Characteristics

Chapter 2 Signatures and Actions

Signature Types

Atomic Signatures

Stateful Signatures

Signature Triggers

Pattern Detection

Anomaly-Based Detection

Behavior-Based Detection

Signature Actions

Alert Signature Action

Drop Signature Action

Log Signature Action

Block Signature Action

TCP Reset Signature Action

Allow Signature Action

Summary

Chapter 3 Operational Tasks

Deploying IPS Devices and Applications

Deploying Host IPS

Deploying Network IPS

Configuring IPS Devices and Applications

Signature Tuning

Event Response

Software Updates

Configuration Updates

Device Failure

Monitoring IPS Activities

Management Method

Event Correlation

Security Staff

Incident Response Plan

Securing IPS Communications

Management Communication

Device-to-Device Communication

Summary

Chapter 4 Security in Depth

Defense-in-Depth Examples

External Attack Against a Corporate Database

Internal Attack Against a Management Server

The Security Policy

The Future of IPS

Intrinsic IPS

Collaboration Between Layers

Summary

Part II Host Intrusion Prevention

Chapter 5 Host Intrusion Prevention Overview

Host Intrusion Prevention Capabilities

Blocking Malicious Code Activities

Not Disrupting Normal Operations

Distinguishing Between Attacks and Normal Events

Stopping New and Unknown Attacks

Protecting Against Flaws in Permitted Applications

Host Intrusion Prevention Benefits

Attack Prevention

Patch Relief

Internal Attack Propagation Prevention

Policy Enforcement

Acceptable Use Policy Enforcement

Regulatory Requirements

Host Intrusion Prevention Limitations

Subject to End User Tampering

Lack of Complete Coverage

Attacks That Do Not Target Hosts

Summary

References in This Chapter

Chapter 6 HIPS Components

Endpoint Agents

Identifying the Resource Being Accessed

Gathering Data About the Operation

Determining the State

Consulting the Security Policy

Taking Action

Management Infrastructure

Management Center

Management Interface

Summary

Part III Network Intrusion Prevention

Chapter 7 Network Intrusion Prevention Overview

Network Intrusion Prevention Capabilities

Dropping a Single Packet

Dropping All Packets for a Connection

Dropping All Traffic from a Source IP

Network Intrusion Prevention Benefits

Traffic Normalization

Security Policy Enforcement

Network Intrusion Prevention Limitations

Hybrid IPS/IDS Systems

Shared IDS/IPS Capabilities

Generating Alerts

Initiating IP Logging

Resetting TCP Connections

Initiating IP Blocking

Summary

Chapter 8 NIPS Components

Sensor Capabilities

Sensor Processing Capacity

Sensor Interfaces

Sensor Form Factor

Capturing Network Traffic

Capturing Traffic for In-line Mode

Capturing Traffic for Promiscuous Mode

Analyzing Network Traffic

Atomic Operations

Stateful Operations

Protocol Decode Operations

Anomaly Operations

Normalizing Operations

Responding to Network Traffic

Alerting Actions

Logging Actions

Blocking Actions

Dropping Actions

Sensor Management and Monitoring

Small Sensor Deployments

Large Sensor Deployments

Summary

Part IV Deployment Solutions

Chapter 9 Cisco Security Agent Deployment

Step1: Understand the Product

Components

Capabilities

Step 2: Predeployment Planning

Review the Security Policy

Define Project Goals

Select and Classify Target Hosts

Plan for Ongoing Management

Choose the Appropriate Management Architecture

Step 3: Implement Management

Install and Secure the CSA MC

Understand the MC

Configure Groups

Configure Policies

Step 4: Pilot

Scope

Objectives

Step 5: Tuning

Step 6: Full Deployment

Step 7: Finalize the Project

Summary

Understand the Product

Predeployment Planning

Implement Management

Pilot

Tuning

Full Deployment

Finalize the Project

Chapter 10 Deploying Cisco Network IPS

Step 1: Understand the Product

Sensors Available

In-line Support

Management and Monitoring Options

NIPS Capabilities

Signature Database and Update Schedule

Step 2: Predeployment Planning

Review the Security Policy

Define Deployment Goals

Select and Classify Sensor Deployment Locations

Plan for Ongoing Management

Choose the Appropriate Management Architecture

Step 3: Sensor Deployment

Understand Sensor CLI and IDM

Install Sensors

Install and Secure the IPS MC and Understand the Management Center

Step 4: Tuning

Identify False Positives

Configure Signature Filters

Configure Signature Actions

Step 5: Finalize the Project

Summary

Understand the Product

Predeployment Planning

Sensor Deployment

Tuning

Finalize the Project

Chapter 11 Deployment Scenarios

Large Enterprise

Limiting Factors

Security Policy Goals

HIPS Implementation

NIPS Implementation

Branch Office

Limiting Factors

Security Policy Goals

HIPS Implementation

NIPS Implementation

Medium Financial Enterprise

Limiting Factors

Security Policy Goals

HIPS Implementation

NIPS Implementation

Medium Educational Institution

Limiting Factors

Security Policy Goals

HIPS Implementation

NIPS Implementation

Small Office

Limiting Factors

Security Policy Goals

HIPS Implementation

NIPS Implementation

Home Office

Limiting Factors

Security Policy Goals

HIPS Implementation

NIPS Implementation

Summary

Large Enterprise

Branch Office

Medium Financial Enterprise

Medium Educational Institution

Small Office

Home Office

Part V Appendix

Appendix A

Glossary

1587052393TOC121905

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)