Synopsis
Authors Carl Endorf, Eugene Schultz, and Jim Mellander deliver the hands-on implementation techniques that IT professionals need. Learn to implement the top intrusion detection products into real-world networked environments and covers the most popular intrusion detection tools including Internet Security Systems' Black ICE & RealSecure, Cisco Systems' Secure IDS, Computer Associates’ eTrust, Entercept, and the open source Snort tool.
"synopsis" may belong to another edition of this title.
About the Author
Carl Endorf,(Normal, IL) MS, CISSP, SSCP, MCSE, CCNA, ITIL, CIWA, GSEC, IAM is a technical security analyst for one of the largest Insurance and banking companies in the U.S. He has practical experience in intrusion attack detection, as an incident manager, forensics, corporate investigations and Internet security. Carl has written two certification study guides and has written many articles for Information Security Bulletin. Eugene Schultz, Ph.D., CISSP (Livermore, CA) is a Principal Engineer with Lawrence Berkeley National Laboratory and also teaches computer science courses at the University of California at Berkeley. He is the author/co-author of multiple security titles for New Riders and O’Reilly. Gene is the Editor-in-Chief of Computers and Security, and was the Editor-in-Chief of Information Security Bulletin from 2000 through 2001. Jim Mellander (El Sobrante, CA) Is the developer of innovative peer-to-peer control software called Kazaa Obliterator, which prevents unauthorized peer-to-peer use at LBNL. He also taught classes at community colleges, user groups and conferences on the topics of Intrusion Detection/Incident Response, UNIX vulnerabilities, Linux firewalls, and TCP/UDP basics for Network Security, and is a SANS Instructor who teaches a course on UPDATE
From the Back Cover
Implement enterprise-wide security solutions based on detailed traffic and attack analysis
In today’s converged networking environment, cyber crime is on the rise and getting more sophisticated every day. Malicious hackers lurk in dark corners, scanning for vulnerable systems and launching debilitating attacks. Intrusion Detection & Prevention shows you, step-by-step, how to mount a comprehensive defense, perform real-time security monitoring, and implement a proactive incident response plan. Major examples of IDS software are covered, including TCPDump, RealSecure, Cisco Secure IDS, Network Flight Recorder, and Snort 2.0. You’ll learn how to properly place and configure network sensors, analyze packets and TCP streams, correlate data, and counter attempted break-ins. Plus, you’ll get vital coverage of legal standards, business guidelines, and the future of intrusion prevention.
Inside, learn to:- Identify and eliminate abnormal network traffic patterns and application-level abuses
- Capture, store, and analyze network transactions with TCPDump
- Deploy sensors, agents, and manager components in single-tiered, multi-tiered, and peer-to-peer architectures
- Grab, filter, decode, and process data packets and TCP streams
- Manage RealSecure Network Sensors, alerts, encryption keys, and reports
- Implement ISS’s new central management system, SiteProtector 2.0
- Administer Cisco Secure IDS, Cisco Threat Response, and the Cisco Security Agent
- Distribute CSIDS 4200 Series Sensors and Catalyst 6000 IDS modules
- Use Snort 2.0 rules, outputs, and plug-ins to detect unauthorized activity
- Monitor transactions with the Snort 2.0 Protocol Flow Analyzer
- Perform packet inspection and protocol anomaly detection with Network Flight Recorder
- Assess threat levels using data correlation, fusion, and vulnerability scanning
"About this title" may belong to another edition of this title.