Flylib.com
List of Figures
Previous page
Table of content
Next page
Chapter 1: Introduction to Intrusion Detection
Fig. 1.1. The results of testing the security level of the DoD information system
Fig. 1.2. Levels of the Information System (IS)
Fig. 1.3. Attack via tunnels in a firewall
Fig. 1.4. An attack resulting from incorrect firewall configuration
Fig. 1.5. Bypassing a firewall (via a modem)
Fig. 1.6. Attacks bypassing the firewall (conducted by employees)
Fig. 1.7. Attack from a trusted network via a VPN connection
Fig. 1.8. Attack using a Trojan horse
Fig. 1.9. Attack by address spoofing
Fig. 1.10. Attack on the firewall
Fig. 1.11. Attack using an intercepted password
Chapter 2: Anatomy of an Attack
Fig. 2.1. A model of a security event
Fig. 2.2. Attack model
Fig. 2.3. An informal attack model
Fig. 2.4. "One-to-one" relationship
Fig. 2.5. "One-to-many" relationship
Fig. 2.6. Implementation of the attack via intermediate hosts
Fig. 2.7. "Many-to-one" relationship
Fig. 2.8. "Many-to-many" relationship
Fig. 2.9. Distributed attack
Fig. 2.10. Stages of attack
Fig. 2.11. The "Incident" model
Fig. 2.12. Complexity of attacks and intruder's skills
Chapter 4: The Three Basic Principles of Intrusion Detection
Fig. 4.1. Specifying the maximum number of login attempts permitted in Windows 2000
Fig. 4.2. Replacement of the external address
Fig. 4.3. Replacement of the internal address
Fig. 4.4. The Patch.exe process starting the NetBus Trojan
Fig. 4.5. Network scanning for detecting the NetBus Trojan
Fig. 4.6. Searching for information on IMAP service vulnerabilities at the rootshell.com server
Fig. 4.7. Analysis of the header returned by a web server
Fig. 4.8. A Windows 2000 Security Log file
Fig. 4.9. A typical anomaly detection system
Fig. 4.10. A typical misuse detection system
Chapter 5: Detecting Attack Traces
Fig. 5.1. Methods of analyzing attack information
Fig. 5.2. The hacked www.securityfocus.com server
Fig. 5.3. Control over the Windows registry
Fig. 5.4. Changing access rights to the system-registry keys
Fig. 5.5. The system variables
Fig. 5.6. Parameters of the controlled files
Chapter 6: Classification of Intrusion Detection Systems
Fig. 6.1. Classification of intrusion detection systems by attack stage
Fig. 6.2. Classification of intrusion detection systems by implementation principle
Fig. 6.3. Classification of security scanners by the type of vulnerability detected
Fig. 6.4. Classification of the methods for searching for implementation vulnerabilities
Fig. 6.5. Classification of the tools for searching for implementation vulnerabilities
Fig. 6.6. Network-level security scanner
Fig. 6.7. Security-scanner architecture (type 1)
Fig. 6.8. Security-scanner architecture (type 2)
Fig. 6.9. Security-scanner architecture (type 3)
Fig. 6.10. Security-scanner architecture (type 4)
Fig. 6.11. Security-scanner architecture (type 5)
Fig. 6.12. Architecture of the intrusion detection system
Fig. 6.13. Architecture of the intrusion detection system sensor
Fig. 6.14. Architecture of the intrusion detection system console
Fig. 6.15. Console fault-tolerant implementation
Fig. 6.16. Incorrect architecture in the intrusion detection system
Fig. 6.17. Hierarchical management of intrusion detection system sensors
Fig. 6.18. Three-level sensor-management scheme
Fig. 6.19. Components of the host-level intrusion detection system
Fig. 6.20. Components of the network-level intrusion detection system
Fig. 6.21. Comparison to the pattern (the second step)
Fig. 6.22. Comparison to the pattern (fourth and subsequent steps)
Fig. 6.23. Analysis of the protocol as a whole (the second step)
Fig. 6.24. Analysis of the protocol as a whole (the third step)
Fig. 6.25. Analysis of the protocol as a whole (the fourth step)
Fig. 6.26. Analysis of the protocol as a whole (the fifth step)
Fig. 6.27. DTK-Pro GUI
Fig. 6.28. The CyberCop Sting deception system
Chapter 7: Anticipating Attacks, or Creating an Intrusion Detection Infrastructure
Fig. 7.1. Chances of tracing an intruder based on the qualifications of the security personnel
Fig. 7.2. RealSecure synchronization mechanism
Chapter 8: The Life Cycle, Deployment, and Implementation of an IDS
Fig. 8.1. The life cycle of the IDS deployment project
Fig. 8.2. The criteria to be used during deployment and implementation
Chapter 9: Selecting an Intrusion Detection System
Fig. 9.1. A large company with remote affiliates
Fig. 9.2. An international corporation
Fig. 9.3. Mechanisms for updating intrusion detection systems
Fig. 9.4. Update center in a corporate network
Fig. 9.5. The CASL attack description system
Fig. 9.6. Controlling access to HTTP pages (using the example of the RealSecure Network Sensor system)
Fig. 9.7. Types of IDS responses to an attack
Fig. 9.8. Termination of the network connection
Fig. 9.9. Reconfiguring network equipment
Fig. 9.10. The SmlDS technology (first implementation)
Fig. 9.11. The SmlDS technology (second implementation)
Fig. 9.12. Managing the RealSecure intrusion detection system from the command line
Fig. 9.13. Managing RealSecure using the RealSecure Workgroup Manager graphic console
Fig. 9.14. Managing Specter using a graphic console
Fig. 9.15. Stealth mode
Fig. 9.16. IDS console backup
Fig. 9.17. IDS sensor backup
Fig. 9.18. Architecture of the Spitfire system
Fig. 9.19. Graphic user interface of the Spitfire system
Fig. 9.20. An example of a test bench for evaluating network intrusion detection systems
Chapter 10: Placement of the Intrusion Detection System
Fig. 10.1. Placing the network sensor between the router and firewall
Fig. 10.2. The network sensor in the demilitarized zone
Fig. 10.3. Placing the network sensor behind the firewall
Fig. 10.4. The Network sensor placed near the remote access server
Fig. 10.5. The solution developed by TopLayer and Internet Security Systems
Fig. 10.6. The results of AS3502 AppSwitch testing
Fig. 10.7. Intrusion detection when using backup Internet connections
Fig. 10.8. Intrusion detection on e-commerce hosts
Fig. 10.9. Intrusion detection in asymmetric networks
Fig. 10.10. Hub operation
Fig. 10.11. A switch operation
Fig. 10.12. The network sensor and span port
Fig. 10.13. Combined usage of a hub and switch
Fig. 10.14. Splitter operation
Fig. 10.15. The Shomiti Century 12-Tap
Fig. 10.16. Using splitters and a network sensor
Fig. 10.17. Using a Century 12-Tap and network sensor
Fig. 10.18. Closing the connection using splitters
Fig. 10.19. Using a load balancer to protect a set of controlled segments
Fig. 10.20. Connecting a splitter to a load balancing device
Fig. 10.21. The Cisco Catalyst 6000 IDS Module
Fig. 10.22. Placement of a security scanner
Fig. 10.23. The first approach to deception system placement
Fig. 10.24. The second approach to positioning the deception system
Chapter 11: Using Intrusion Detection Systems
Fig. 11.1. Cisco IDS 4200
Fig. 11.2. RealSecure for Nokia (based on IP740, IP710, IP530, IP330, IP120, IP71, IP51, and IP30)
Fig. 11.3. SecureNet 7000
Fig. 11.4. The NID 300 family
Fig. 11.5. Stealth mode implementation
Fig. 11.6. Disabling unneeded ports and protocols (in RealSecure Network Sensor)
Fig. 11.7. Implementation of mapping numeric and symbolic names
Fig. 11.8. Mapping NetBIOS host names
Fig. 11.9. Implementation of the preliminary scanning mechanism
Fig. 11.10. Grouping protected devices in RealSecure SiteProtector
Fig. 11.11. Comparison of the security level for a specified time period
Fig. 11.12. Synchronization of log files
Fig. 11.13. The endless loop situation
Fig. 11.14. Firewall configuration for IDS support
Fig. 11.15. Scheduled start of Internet Scanner with a predefined template
Chapter 12: Common IDS Problems
Fig. 12.1. The interval between a report of a new attack and the release of a signature for it
Fig. 12.2. Dragon Server
Fig. 12.3. Specific features of the management system operation
Fig. 12.4. The potential danger of reconfiguring network equipment
Fig. 12.5. The potential danger of automatically terminating network connections
Fig. 12.6. Event Viewer
Previous page
Table of content
Next page
Protect Your Information with Intrusion Detection (Power)
ISBN: 1931769117
EAN: 2147483647
Year: 2001
Pages: 152
Authors:
A. Lukatsky
,
Alex Lukatsky
BUY ON AMAZON
Image Processing with LabVIEW and IMAQ Vision
Charge-Coupled Devices
Other Image Sources
Gray-Scale Operations
Pixel Value Analysis
Quantitative Analysis
Adobe After Effects 7.0 Studio Techniques
Adjustment and Guide Layers
Color Keying
Blue-Screen and Green-Screen Keying
Video Gamma Space
Particulate Matter
The Complete Cisco VPN Configuration Guide
VPNs: Choosing a Solution
ISAKMP/IKE Phase 1
Summary
Troubleshooting PIX and ASA Connections
ISAKMP/IKE Phase 2 Connections
Twisted Network Programming Essentials
Managing a Hierarchy of Resources
Using a Web Client to Update Resources Through REST
Calling XML-RPC Functions
Providing POP3 Access to Mailboxes
Setting Up a Custom SSH Server
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
Value Stream Mapping and Process Flow Tools
Data Collection
Descriptive Statistics and Data Displays
Identifying and Verifying Causes
Complexity Value Stream Mapping and Complexity Analysis
What is Lean Six Sigma
The Four Keys to Lean Six Sigma
Key #3: Work Together for Maximum Gain
Key #4: Base Decisions on Data and Facts
When Companies Start Using Lean Six Sigma
Making Improvements That Last: An Illustrated Guide to DMAIC and the Lean Six Sigma Toolkit
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies