Flylib.com
List of Figures
Previous page
Table of content
Next page
Chapter 1: Introduction to Intrusion Detection
Fig. 1.1. The results of testing the security level of the DoD information system
Fig. 1.2. Levels of the Information System (IS)
Fig. 1.3. Attack via tunnels in a firewall
Fig. 1.4. An attack resulting from incorrect firewall configuration
Fig. 1.5. Bypassing a firewall (via a modem)
Fig. 1.6. Attacks bypassing the firewall (conducted by employees)
Fig. 1.7. Attack from a trusted network via a VPN connection
Fig. 1.8. Attack using a Trojan horse
Fig. 1.9. Attack by address spoofing
Fig. 1.10. Attack on the firewall
Fig. 1.11. Attack using an intercepted password
Chapter 2: Anatomy of an Attack
Fig. 2.1. A model of a security event
Fig. 2.2. Attack model
Fig. 2.3. An informal attack model
Fig. 2.4. "One-to-one" relationship
Fig. 2.5. "One-to-many" relationship
Fig. 2.6. Implementation of the attack via intermediate hosts
Fig. 2.7. "Many-to-one" relationship
Fig. 2.8. "Many-to-many" relationship
Fig. 2.9. Distributed attack
Fig. 2.10. Stages of attack
Fig. 2.11. The "Incident" model
Fig. 2.12. Complexity of attacks and intruder's skills
Chapter 4: The Three Basic Principles of Intrusion Detection
Fig. 4.1. Specifying the maximum number of login attempts permitted in Windows 2000
Fig. 4.2. Replacement of the external address
Fig. 4.3. Replacement of the internal address
Fig. 4.4. The Patch.exe process starting the NetBus Trojan
Fig. 4.5. Network scanning for detecting the NetBus Trojan
Fig. 4.6. Searching for information on IMAP service vulnerabilities at the rootshell.com server
Fig. 4.7. Analysis of the header returned by a web server
Fig. 4.8. A Windows 2000 Security Log file
Fig. 4.9. A typical anomaly detection system
Fig. 4.10. A typical misuse detection system
Chapter 5: Detecting Attack Traces
Fig. 5.1. Methods of analyzing attack information
Fig. 5.2. The hacked www.securityfocus.com server
Fig. 5.3. Control over the Windows registry
Fig. 5.4. Changing access rights to the system-registry keys
Fig. 5.5. The system variables
Fig. 5.6. Parameters of the controlled files
Chapter 6: Classification of Intrusion Detection Systems
Fig. 6.1. Classification of intrusion detection systems by attack stage
Fig. 6.2. Classification of intrusion detection systems by implementation principle
Fig. 6.3. Classification of security scanners by the type of vulnerability detected
Fig. 6.4. Classification of the methods for searching for implementation vulnerabilities
Fig. 6.5. Classification of the tools for searching for implementation vulnerabilities
Fig. 6.6. Network-level security scanner
Fig. 6.7. Security-scanner architecture (type 1)
Fig. 6.8. Security-scanner architecture (type 2)
Fig. 6.9. Security-scanner architecture (type 3)
Fig. 6.10. Security-scanner architecture (type 4)
Fig. 6.11. Security-scanner architecture (type 5)
Fig. 6.12. Architecture of the intrusion detection system
Fig. 6.13. Architecture of the intrusion detection system sensor
Fig. 6.14. Architecture of the intrusion detection system console
Fig. 6.15. Console fault-tolerant implementation
Fig. 6.16. Incorrect architecture in the intrusion detection system
Fig. 6.17. Hierarchical management of intrusion detection system sensors
Fig. 6.18. Three-level sensor-management scheme
Fig. 6.19. Components of the host-level intrusion detection system
Fig. 6.20. Components of the network-level intrusion detection system
Fig. 6.21. Comparison to the pattern (the second step)
Fig. 6.22. Comparison to the pattern (fourth and subsequent steps)
Fig. 6.23. Analysis of the protocol as a whole (the second step)
Fig. 6.24. Analysis of the protocol as a whole (the third step)
Fig. 6.25. Analysis of the protocol as a whole (the fourth step)
Fig. 6.26. Analysis of the protocol as a whole (the fifth step)
Fig. 6.27. DTK-Pro GUI
Fig. 6.28. The CyberCop Sting deception system
Chapter 7: Anticipating Attacks, or Creating an Intrusion Detection Infrastructure
Fig. 7.1. Chances of tracing an intruder based on the qualifications of the security personnel
Fig. 7.2. RealSecure synchronization mechanism
Chapter 8: The Life Cycle, Deployment, and Implementation of an IDS
Fig. 8.1. The life cycle of the IDS deployment project
Fig. 8.2. The criteria to be used during deployment and implementation
Chapter 9: Selecting an Intrusion Detection System
Fig. 9.1. A large company with remote affiliates
Fig. 9.2. An international corporation
Fig. 9.3. Mechanisms for updating intrusion detection systems
Fig. 9.4. Update center in a corporate network
Fig. 9.5. The CASL attack description system
Fig. 9.6. Controlling access to HTTP pages (using the example of the RealSecure Network Sensor system)
Fig. 9.7. Types of IDS responses to an attack
Fig. 9.8. Termination of the network connection
Fig. 9.9. Reconfiguring network equipment
Fig. 9.10. The SmlDS technology (first implementation)
Fig. 9.11. The SmlDS technology (second implementation)
Fig. 9.12. Managing the RealSecure intrusion detection system from the command line
Fig. 9.13. Managing RealSecure using the RealSecure Workgroup Manager graphic console
Fig. 9.14. Managing Specter using a graphic console
Fig. 9.15. Stealth mode
Fig. 9.16. IDS console backup
Fig. 9.17. IDS sensor backup
Fig. 9.18. Architecture of the Spitfire system
Fig. 9.19. Graphic user interface of the Spitfire system
Fig. 9.20. An example of a test bench for evaluating network intrusion detection systems
Chapter 10: Placement of the Intrusion Detection System
Fig. 10.1. Placing the network sensor between the router and firewall
Fig. 10.2. The network sensor in the demilitarized zone
Fig. 10.3. Placing the network sensor behind the firewall
Fig. 10.4. The Network sensor placed near the remote access server
Fig. 10.5. The solution developed by TopLayer and Internet Security Systems
Fig. 10.6. The results of AS3502 AppSwitch testing
Fig. 10.7. Intrusion detection when using backup Internet connections
Fig. 10.8. Intrusion detection on e-commerce hosts
Fig. 10.9. Intrusion detection in asymmetric networks
Fig. 10.10. Hub operation
Fig. 10.11. A switch operation
Fig. 10.12. The network sensor and span port
Fig. 10.13. Combined usage of a hub and switch
Fig. 10.14. Splitter operation
Fig. 10.15. The Shomiti Century 12-Tap
Fig. 10.16. Using splitters and a network sensor
Fig. 10.17. Using a Century 12-Tap and network sensor
Fig. 10.18. Closing the connection using splitters
Fig. 10.19. Using a load balancer to protect a set of controlled segments
Fig. 10.20. Connecting a splitter to a load balancing device
Fig. 10.21. The Cisco Catalyst 6000 IDS Module
Fig. 10.22. Placement of a security scanner
Fig. 10.23. The first approach to deception system placement
Fig. 10.24. The second approach to positioning the deception system
Chapter 11: Using Intrusion Detection Systems
Fig. 11.1. Cisco IDS 4200
Fig. 11.2. RealSecure for Nokia (based on IP740, IP710, IP530, IP330, IP120, IP71, IP51, and IP30)
Fig. 11.3. SecureNet 7000
Fig. 11.4. The NID 300 family
Fig. 11.5. Stealth mode implementation
Fig. 11.6. Disabling unneeded ports and protocols (in RealSecure Network Sensor)
Fig. 11.7. Implementation of mapping numeric and symbolic names
Fig. 11.8. Mapping NetBIOS host names
Fig. 11.9. Implementation of the preliminary scanning mechanism
Fig. 11.10. Grouping protected devices in RealSecure SiteProtector
Fig. 11.11. Comparison of the security level for a specified time period
Fig. 11.12. Synchronization of log files
Fig. 11.13. The endless loop situation
Fig. 11.14. Firewall configuration for IDS support
Fig. 11.15. Scheduled start of Internet Scanner with a predefined template
Chapter 12: Common IDS Problems
Fig. 12.1. The interval between a report of a new attack and the release of a signature for it
Fig. 12.2. Dragon Server
Fig. 12.3. Specific features of the management system operation
Fig. 12.4. The potential danger of reconfiguring network equipment
Fig. 12.5. The potential danger of automatically terminating network connections
Fig. 12.6. Event Viewer
Previous page
Table of content
Next page
Protect Your Information with Intrusion Detection (Power)
ISBN: 1931769117
EAN: 2147483647
Year: 2001
Pages: 152
Authors:
A. Lukatsky
,
Alex Lukatsky
BUY ON AMAZON
VBScript Programmers Reference
A Quick Introduction to Programming
What VBScript Is and Isn™t!
Control of Flow
Appendix E VBScript Error Codes and the Err Object
Appendix G The Windows Script Host Object Model
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
Introduction
Copying a File
Computing the Norm of a Vector
Creating a Thread
Using Pointers to Class Members
Java How to Program (6th Edition) (How to Program (Deitel))
The Internet and the World Wide Web
Lists
Abstract Implementations
Loading and Playing Audio Clips
Summary
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
Subqueries
Extracting and Loading Data
Advanced Scripting
Using AUTOTRACE
What Is the Product User Profile?
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
Getting Faster to Get Better Why You Need Both Lean and Six Sigma
Phase 2 Engagement (Creating Pull)
Phase 3 Mobilization
Phase 4 Performance and Control
First Wave Service Projects
Extending and Embedding PHP
The Resource Data Type
Interfaces
Advanced Embedding
Core PHP
Skeletons
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies