Intrusion Prevention and Active Response provides an introduction to the field of Intrusion Prevention and provides detailed information on various IPS methods and technologies. Specific methods are covered in depth, including both network and host IPS and response technologies such as port deactivation, firewall/router network layer ACL modification, session sniping, outright application layer data modification, system call interception, and application shims.
- Corporate spending for Intrusion Prevention systems increased dramatically by 11% in the last quarter of 2004 alone
- Lead author, Michael Rash, is well respected in the IPS Community, having authored FWSnort, which greatly enhances the intrusion prevention capabilities of the market-leading Snort IDS
|Edition description:||1st Edition|
|Product dimensions:||0.87(w) x 7.00(h) x 10.00(d)|
Table of Contents
Introduction to Intrusion Prevention ; False Positives and Real Damage ; Data Link IPS ; Network IPS ; Transport IPS ; Application Layer Responses ; Host IPS Actions ; Hybrid IPS Actions ; Network Inline Data Modification
Most Helpful Customer Reviews
As malware and cracking become more potent, so too have the countermeasures. Hitherto, IDS have been popular, to detect such incursions into your network. But sterner tactics have evolved. An IDS is essentially passive. This book explores the concept of an Intrusion Prevention System. The strongest configuration is to put an IPS inline. So that it sits between the Internet and your computers. It parses the network traffic at any or all of the 5 layers, from data link to application. In its most intensive incarnation, it can analyse application layer data and modify these before passing them on. Plus, of course, it can block suspects attack messages, even in a zero-day mode. The discussion is fairly technical. A good prior knowledge of UDP and TCP is needed to make sense of much of the text. The book is also careful to warn of the pitfalls of using an IPS, especially inline. False positives and negatives. It is very hard to correctly find all the attacks. That is, to be able to implement a robust rule set to remove attacks from the traffic.