Premium Members Get 10% Off and Earn Rewards Find Out More
Intrusion Prevention And Active Response

Intrusion Prevention And Active Response

Alternative view 1 of Intrusion Prevention And Active Response
Alternative view 2 of Intrusion Prevention And Active Response
Intrusion Prevention And Active Response
Intrusion Prevention And Active Response
Add to Wishlist
ISBN-10:
193226647X
ISBN-13:
9781932266474
Pub. Date:
02/01/2005
Publisher:
Elsevier Science
ISBN-10:
193226647X
ISBN-13:
9781932266474
Pub. Date:
02/01/2005
Publisher:
Elsevier Science
Intrusion Prevention And Active Response

Intrusion Prevention And Active Response

Overview

Intrusion Prevention and Active Response provides an introduction to the field of Intrusion Prevention and provides detailed information on various IPS methods and technologies. Specific methods are covered in depth, including both network and host IPS and response technologies such as port deactivation, firewall/router network layer ACL modification, session sniping, outright application layer data modification, system call interception, and application shims.


  • Corporate spending for Intrusion Prevention systems increased dramatically by 11% in the last quarter of 2004 alone
  • Lead author, Michael Rash, is well respected in the IPS Community, having authored FWSnort, which greatly enhances the intrusion prevention capabilities of the market-leading Snort IDS

Product Details

ISBN-13: 9781932266474
Publisher: Elsevier Science
Publication date: 02/01/2005
Edition description: 1st Edition
Pages: 428
Product dimensions: 0.87(w) x 7.00(h) x 10.00(d)

About the Author

Angela Orebaugh (, GCIA, GCFW, GCIH, GSEC, CCNA) is a Senior Scientist in the Advanced Technology Research Center of Sytex, Inc. where she works with a specialized team to advance the state of the art in information systems security. She has over 10 years experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. She has a Masters in Computer Science, and is currently pursuing her Ph.D. with a concentration in Information Security at George Mason University.

Table of Contents

Introduction to Intrusion Prevention ; False Positives and Real Damage ; Data Link IPS ; Network IPS ; Transport IPS ; Application Layer Responses ; Host IPS Actions ; Hybrid IPS Actions ; Network Inline Data Modification

Foreword

by Stephen Northcutt, Director of Training and Certification, The SANS Institute

Within a year of the infamous "Intrusion Detection is Dead" report by Gartner, we started seeing Intrusion Prevention System (IPS) products that actually worked in the real world. Security professionals are going to be approaching management for funding in the next year or two to procure intrusion prevention devices, especially Intelligent switches from 3Com (TippingPoint), as well as host-based intrusion prevention solutions like Cisco Security Agent, Platform Logic, Ozone or CrossTec. Both managers and security technologists face a pressing need to get up to speed, and fast, on the commercial and open source intrusion prevention solutions. This is the first book-length work that specifically concentrates on the concept, implementation, and implications of intrusion prevention and active response. The term IPS has been thrown around with reckless abandon by the security community. Here, the author team works to establish a common understanding and terminology, as well as compare the approaches to intrusion prevention.

·          Transition from Intrusion Detection to Intrusion Prevention
Unlike IDS, IPS can modify application-layer data or perform system call interception.

·          Develop an Effective Packet Inspection Toolbox
Use products such as the Metasploit Framework as a source of test attacks.

·          Travel Inside the SANS Internet Storm Center
Review packet captures of actual attacks, like the “Witty” worm, directly from the handler’s diary.

·          Protect Against False Positives
Remember that, unlike an IDS, an IPS will REACT to an intrusion.

·          Integrate Multiple Layers of IPS
Create a multivendor defense at the Data Link, Network, Transport, and Application layers.

·          Deploy Host Attack Prevention Mechanisms
Includes stack hardening, system call interception, and application shimming.

·          Implement Inline Packet Payload Alteration
Use Snort Inline or a Linux kernel patch to the Netfilter string match extension.

·          Covers all Major Intrusion Prevention and Active Response Systems
Includes  Snort Inline, SnortSAM, PaX, StackGuard, LIDS, FWSnort, PSAD, Enterasys Web IPS, and mod_securit.

·          Deploy IPS on Web Servers at the Applications Layer
The loading of an application-level IPS in process by the Web server will protect the server and inspect encrypted traffic.


From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Networking & Telecommunications
Security - Computer Networks
Computers
Networking & Telecommunications
Security - Computer Networks

Customer Reviews