Icons Used in This Book


Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventions used in the IOS Command Reference. The Command Reference describes these conventions as follows:

  • Boldface indicates commands and keywords that are entered literally as shown. In actual configuration examples and output (not general command syntax), boldface indicates commands that are manually input by the user (such as a show command).

  • Italics indicate arguments for which you supply actual values.

  • Vertical bars (|) separate alternative, mutually exclusive elements.

  • Square brackets [ ] indicate optional elements.

  • Braces { } indicate a required choice.

  • Braces within brackets [{ }] indicate a required choice within an optional element.

Introduction

Intrusion Prevention is a fairly new technology that you can deploy to protect your network from attack and help enforce your security policy guidelines. Understanding this technology is vital to successfully deploying this technology on your network. This book is designed to provide an overview of Intrusion Prevention that enables technology analysts and architects, especially those in charge of corporate security, to determine how Intrusion Prevention can be deployed on their networks. Furthermore, the information provided assists the reader to assess the benefits of Intrusion Prevention.

Goals and Methods

The goal of this book is to provide an introduction and in-depth overview of Intrusion Prevention as a technology, rather than a technical configuration guide. It uses real-world scenarios and fictitious case studies to walk readers through the lifecycle of an IPS project from needs definition to deployment considerations. Cisco IPS products are used as examples to help readers learn how IPS works, make decisions about how and when to use the technology, and what "flavors" of IPS are available. However, the intent of the material is to provide information on Intrusion Prevention as a technology, not just Cisco Intrusion Prevention products. The book answers questions such as the following:

  • Where did IPS come from? How has it evolved?

  • How does IPS work? What components does it have?

  • What security needs can IPS address? How?

  • Does IPS work with other security products? What is the "big picture?"

  • Are there best practices related to IPS? What are they?

  • How is IPS deployed, and what should be considered before a deployment?

Intrusion Prevention can be applied to your network at both the host level and at the network level. Each of these levels has specific capabilities that complement each other to provide a stronger overall level of security protection. This book explains the benefits of each of these areas of protection, and it walks the reader through detailed deployment examples to help you understand the steps you need to perform to deploy Intrusion Prevention on your network.

This Book's Audience

The primary audience for this book comprises information technology analysts and architects, especially those in charge of corporate security, networks, and business needs. These people should have an intermediate level of experience. The secondary audience includes network and security engineers with advanced experience as well as general technology analysts and journalists with experience at a beginner's level.

This book assumes that the reader has a basic understanding of common security technologies such as antivirus, Intrusion Detection Systems, and firewalls. Readers should also have a basic understanding of security threat and security regulations.

How This Book Is Organized

This book is organized into five major parts with subsections for each part. Part I introduces Intrusion Prevention technology as a whole, with subsections that detail the history and evolution of Intrusion Prevention System (IPS), the reason for its evolution, and continuing technology trends. Part II focuses on Host Intrusion Prevention specifically, how it works technically, an in-depth technical look at its components, what problems it can solve, purchase decisions, and so on. Part III examines Network Intrusion Prevention in a similar manner. Part IV delves into deployment of both technologies. Part V provides a sample Request for Information (RFI) document as well as a glossary of some key terms associated with Intrusion Prevention.

  • Part I: Intrusion Prevention Overview

    The initial part provides a high-level overview of intrusion prevention. This overview provides the reader with a strong background understanding of Intrusion Prevention that is expanded in the Host Intrusion Prevention and Network Intrusion Prevention parts.

    - Chapter 1, "Intrusion Prevention Overview"This chapter examines the factors that led to the existence of IPS, the evolution of security threats, the evolution of attack mitigation, and basic IPS capabilities.

    - Chapter 2, "Signatures and Actions"This chapter discusses the types, triggers, and actions of IPS signatures.

    - Chapter 3, "Operational Tasks"This chapter reviews the high-level tasks related to using IPS. These include deployment, configuration, monitor IPS activities, and secure IPS communications.

    - Chapter 4, "Security in Depth"This chapter demonstrates the importance of security in depth. It gives examples, explains the role of the security policy, and describes future IPS developments that re-enforce the concept.

  • Part II: Host Intrusion Prevention

    This part provides detailed information about Host Intrusion Prevention and uses Cisco Security Agent (CSA) as a realistic example. The information provided, however, is not detailed step-by-step configuration examples. Instead, it explains in detail how the products can be used to provide Intrusion Prevention. Throughout each chapter, specific information is provided as to how CSA handles specific Host Intrusion Prevention problems that you might experience on your network.

    - Chapter 5, "Host Intrusion Prevention Overview"This chapter looks at the capabilities, benefits, and limitations of HIPS.

    - Chapter 6, "HIPS Components"This chapter examines the inner workings of HIPS agents and management infrastructures.

  • Part III: Network Intrusion Prevention

    This part provides detailed information about Network Intrusion Prevention, along with realistic information to use Cisco Network Intrusion Prevention products. The information provided, however, is not detailed step-by-step configuration examples. Instead, it explains in detail how the products can be used to provide Intrusion Prevention. Each chapter provides detailed information on Cisco Network Intrusion product capabilities and how those capabilities can protect your network.

    - Chapter 7, "Network Intrusion Prevention Overview"This chapter explains the capabilities that Network Intrusion Prevention Systems (NIPS) can add to a network to enhance its security posture.

    - Chapter 8, "NIPS Components"This chapter analyzes and explains the various components that comprise a NIPS, including various sensor types and management options.

  • Part IV: Deployment Solutions

    This section walks you through the deployment of Intrusion Prevention in different network configurations.

    - Chapter 9, "Cisco Security Agent Deployment"This chapter describes the tasks and decisions you need to make during the implementation of a real-world HIPS product, the Cisco Security Agent (CSA).

    - Chapter 10, "Deploying Cisco Network IPS"This chapter describes the tasks and decisions you need to make during the implementation of a real-world NIPS deployment, using the Cisco Network Intrusion Prevention System products as an example.

    - Chapter 11, "Deployment Scenarios"This chapter covers an assortment of IPS deployment scenarios where each scenario uses a different type of company as an example.

  • Part V: Appendix

    - Appendix A, "Sample Request for Information (RFI) Questions"This appendix provides a sample RFI to help the reader understand some of the issues that need to be considered when defining your IPS deployment requirements.

  • GlossaryThe glossary provides the definitions for various terms related to Intrusion Prevention along with definitions of other terms related to the book that the reader might need to understand.




Intrusion Prevention Fundamentals
Intrusion Prevention Fundamentals
ISBN: 1587052393
EAN: 2147483647
Year: N/A
Pages: 115

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net