Table of Contents

intrusion detection & prevention
Intrusion Detection & Prevention
by Carl Endorf, Eugene Schultz and Jim Mellander  ISBN:0072229543
McGraw-Hill © 2004 (388 pages)

This book demonstrates, step-by-step, how to mount a comprehensive defense against cyber crime, perform real-time security monitoring, and implement a proactive incident response plan.

Table of Contents
Intrusion Detection & Prevention
Part I - Intrusion Detection: Primer
Chapter 1- Understanding Intrusion Detection
Chapter 2- Crash Course in the Internet Protocol Suite
Chapter 3- Unauthorized Activity I
Chapter 4- Unauthorized Activity II
Chapter 5- Tcpdump
Part II - Architecture
Chapter 6- IDS and IPS Architecture
Chapter 7- IDS and IPS Internals
Part III - Implementation and Deployment
Chapter 8- Internet Security System’s RealSecure
Chapter 9- Cisco Secure IDS
Chapter 10- Snort
Chapter 11- NFR Security
Part IV - Security and IDS Management
Chapter 12- Data Correlation
Chapter 13- Incident Response
Chapter 14- Policy and Procedures
Chapter 15- Laws, Standards, and Organizations
Chapter 16- Security Business Issues
Chapter 17- The Future of Intrusion Detection and Prevention
Appendix A- Intrusion Detection and Prevention Systems
List of Figures
List of Tables
List of Case Studies
List of Sidebars

In today’s converged networking environment, cyber crime is on the rise and getting more sophisticated every day. Malicious hackers lurk in dark corners, scanning for vulnerable systems and launching debilitating attacks. Intrusion Detection & Prevention shows you, step-by-step, how to mount a comprehensive defense, perform real-time security monitoring, and implement a proactive incident response plan. Major examples of IDS software are covered, including TCPDump, RealSecure, Cisco Secure IDS, Network Flight Recorder, and Snort 2.0. You’ll learn how to properly place and configure network sensors, analyze packets and TCP streams, correlate data, and counter attempted break-ins. Plus, you’ll get vital coverage of legal standards, business guidelines, and the future of intrusion prevention.

Inside, learn to:

  • Identify and eliminate abnormal network traffic patterns and application-level abuses
  • Capture, store, and analyze network transactions with TCPDump
  • Deploy sensors, agents, and manager components in single-tiered, multi-tiered, and peer-to-peer architectures
  • Grab, filter, decode, and process data packets and TCP streams
  • Manage RealSecure Network Sensors, alerts, encryption keys, and reports
  • Implement ISS’s new central management system, SiteProtector 2.0
  • Administer Cisco Secure IDS, Cisco Threat Response, and the Cisco Security Agent
  • Distribute CSIDS 4200 Series Sensors and Catalyst 6000 IDS modules
  • Use Snort 2.0 rules, outputs, and plug-ins to detect unauthorized activity
  • Monitor transactions with the Snort 2.0 Protocol Flow Analyzer
  • Perform packet inspection and protocol anomaly detection with Network Flight Recorder
  • Assess threat levels using data correlation, fusion, and vulnerability scanning

About the Authors

Carl F. Endorf is a technical security analyst working in the financial and insurance industries.

Eugene Schultz is a principal engineer with Lawrence Berkeley National Laboratory and the Editor-in-Chief of Computers and Security.

Jim Mellander, a Principal Engineer with Lawrence Berkeley National Laboratory, developed the Kazaa Obliterator software, which prevents unauthorized peer-to-peer use. He teaches courses on intrusion detection and incident response.