did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9781587052392

Intrusion Prevention Fundamentals

by ;
  • ISBN13:

    9781587052392

  • ISBN10:

    1587052393

  • Edition: 1st
  • Format: Paperback
  • Copyright: 2006-01-18
  • Publisher: Cisco Press
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $64.99

Summary

An introduction to network attack mitigation with IPS Where did IPS come from? How has it evolved? How does IPS work? What components does it have? What security needs can IPS address? Does IPS work with other security products? What is the "big picture"? What are the best practices related to IPS? How is IPS deployed, and what should be considered prior to a deployment? Intrusion Prevention Fundamentalsoffers an introduction and in-depth overview of Intrusion Prevention Systems (IPS) technology. Using real-world scenarios and practical case studies, this book walks you through the lifecycle of an IPS projectfrom needs definition to deployment considerations. Implementation examples help you learn how IPS works, so you can make decisions about how and when to use the technology and understand what "flavors" of IPS are available. The book will answer questions like: Whether you are evaluating IPS technologies or want to learn how to deploy and manage IPS in your network, this book is an invaluable resource for anyone who needs to know how IPS technology works, what problems it can or cannot solve, how it is deployed, and where it fits in the larger security marketplace. Understand the types, triggers, and actions of IPS signatures Deploy, configure, and monitor IPS activities and secure IPS communications Learn the capabilities, benefits, and limitations of host IPS Examine the inner workings of host IPS agents and management infrastructures Enhance your network security posture by deploying network IPS features Evaluate the various network IPS sensor types and management options Examine real-world host and network IPS deployment scenarios This book is part of the Cisco Pressreg; Fundamentals Series. Books in this series introduce networking professionals to new networking technologies, covering network topologies, example deployment concepts, protocols, and management techniques. Includes a FREE 45-Day Online Edition

Author Biography

Earl Carter is a consulting engineer and member of the Security Technologies Assessment Team (STAT) for Cisco Systems Jonathan Hogue, CISSP, is a technical marketing engineer in the Cisco security business unit where his primary focus is the Cisco Security Agent

Table of Contents

Introduction xxi
Part I Intrusion Prevention Overview
3(84)
Intrusion Prevention Overview
5(28)
Evolution of Computer Security Threats
5(17)
Technology Adoption
7(1)
Client-Server Computing
7(2)
The Internet
9(1)
Wireless Connectivity
10(1)
Mobile Computing
10(1)
Target Value
11(1)
Information Theft
12(1)
Zombie Systems
12(1)
Attack Characteristics
12(1)
Attack Delivery Mechanism
13(1)
Attack Complexity
14(1)
Attack Target
15(1)
Attack Impact
16(1)
Attack Examples
17(1)
Replacement Login
17(1)
The Morris Worm
17(2)
CIH Virus
19(1)
Loveletter Virus
19(1)
Nimda
20(1)
SQL Slammer
21(1)
Evolution of Attack Mitigation
22(5)
Host
23(1)
Antivirus
23(1)
Personal Firewalls
24(1)
Host-Based Intrusion Detection
25(1)
Network
25(1)
System Log Analysis
25(1)
Promiscuous Monitoring
25(1)
Inline Prevention
26(1)
IPS Capabilities
27(1)
Attack Prevention
27(1)
Regulatory Compliance
27(1)
Summary
28(5)
Technology Adoption
28(1)
Target Value
29(1)
Attack Characteristics
30(3)
Signatures and Actions
33(20)
Signature Types
34(3)
Atomic Signatures
34(1)
Atomic Signature Considerations
34(1)
Host-Based Examples
35(1)
Network-Based Examples
35(1)
Stateful Signatures
36(1)
Stateful Signature Considerations
36(1)
Host-Based Examples
36(1)
Network-Based Examples
37(1)
Signature Triggers
37(8)
Pattern Detection
40(1)
Pattern Matching Considerations
41(1)
Host-Based Examples
41(1)
Network-Based Examples
41(1)
Anomaly-Based Detection
42(1)
Anomaly-Based Detection Considerations
42(1)
Host-Based Examples
43(1)
Network-Based Examples
43(1)
Behavior-Based Detection
44(1)
Behavior-Based Detection Considerations
44(1)
Host-Based Examples
44(1)
Network-Based Examples
44(1)
Signature Actions
45(3)
Alert Signature Action
45(1)
Atomic Alerts
45(1)
Summary Alerts
46(1)
Drop Signature Action
46(1)
Log Signature Action
47(1)
Block Signature Action
47(1)
TCP Reset Signature Action
47(1)
Allow Signature Action
47(1)
Summary
48(5)
Operational Tasks
53(18)
Deploying IPS Devices and Applications
53(6)
Deploying Host IPS
53(1)
Threat Posed by Known Exploits
54(1)
Criticality of the Systems
54(1)
Accessibility of the Systems
54(1)
Security Policy Requirements
55(1)
Identifying Unprotected Systems
55(1)
Deploying Network IPS
55(1)
Security Policy Requirements
56(1)
Maximum Traffic Volume
56(1)
Number and Placement of Sensors
57(1)
Business Partner Links
58(1)
Remote Access
58(1)
Identifying Unprotected Segments
58(1)
Configuring IPS Devices and Applications
59(5)
Signature Tuning
59(1)
Event Response
60(1)
Deny
61(1)
Alert
61(1)
Block
61(1)
Log
61(1)
Software Updates
61(1)
Configuration Updates
62(1)
Device Failure
62(1)
Inline Sensor Failure
62(1)
Management Console Failure
63(1)
Monitoring IPS Activities
64(2)
Management Method
65(1)
Event Correlation
65(1)
Security Staff
66(1)
Incident Response Plan
66(1)
Securing IPS Communications
66(2)
Management Communication
66(1)
Out-of-Band Management
67(1)
Secure Protocols
67(1)
Device-to-Device Communication
68(1)
Summary
68(3)
Security in Depth
71(16)
Defense-in-Depth Examples
72(7)
External Attack Against a Corporate Database
72(1)
Layer 1: The Internet Perimeter Router
73(1)
Layer 2: The Internet Perimeter Firewall
74(1)
Layer 3: The DMZ Firewall
75(1)
Layer 4: Network IPS
75(1)
Layer 5: NetFlow
76(1)
Layer 6: Antivirus
76(1)
Layer 7: Host IPS
77(1)
Internal Attack Against a Management Server
77(1)
Layer 1: The Switch
78(1)
Layer 2: Network IPS
78(1)
Layer 3: Encryption
78(1)
Layer 4: Strong Authentication
79(1)
Layer 5: Host IPS
79(1)
The Security Policy
79(1)
The Future of IPS
80(3)
Intrinsic IPS
80(1)
Collaboration Between Layers
81(1)
Enhanced Accuracy
81(1)
Better Detection Capability
82(1)
Automated Configuration and Response
82(1)
Summary
83(4)
Part II Host Intrusion Prevention
87(46)
Host Intrusion Prevention Overview
89(12)
Host Intrusion Prevention Capabilities
90(2)
Blocking Malicious Code Activities
90(1)
Not Disrupting Normal Operations
90(1)
Distinguishing Between Attacks and Normal Events
91(1)
Stopping New and Unknown Attacks
91(1)
Protecting Against Flaws in Permitted Applications
91(1)
Host Intrusion Prevention Benefits
92(4)
Attack Prevention
92(1)
Patch Relief
92(1)
Internal Attack Propagation Prevention
93(1)
Policy Enforcement
94(1)
Acceptable Use Policy Enforcement
95(1)
Regulatory Requirements
96(1)
Host Intrusion Prevention Limitations
96(1)
Subject to End User Tampering
96(1)
Lack of Complete Coverage
97(1)
Attacks That Do Not Target Hosts
97(1)
Summary
97(1)
References in This Chapter
98(3)
HIPS Components
101(32)
Endpoint Agents
101(24)
Identifying the Resource Being Accessed
102(2)
Network
104(1)
Memory
105(2)
Application Execution
107(1)
Files
108(1)
System Configuration
108(1)
Additional Resource Categories
109(1)
Gathering Data About the Operation
110(1)
How Data Is Gathered
110(5)
What Data Is Gathered
115(1)
Determining the State
115(1)
Location State
116(1)
User State
117(1)
System State
118(1)
Consulting the Security Policy
119(1)
Anomaly-Based
120(1)
Atomic Rule-Based
121(1)
Pattern-Based
122(1)
Behavioral
122(2)
Access Control Matrix
124(1)
Taking Action
124(1)
Management Infrastructure
125(5)
Management Center
125(1)
Database
126(1)
Event and Alert Handler
127(1)
Policy Management
128(1)
Management Interface
129(1)
Summary
130(3)
Part III Network Intrusion Prevention
133(42)
Network Intrusion Prevention Overview
135(14)
Network Intrusion Prevention Capabilities
135(2)
Dropping a Single Packet
136(1)
Dropping All Packets for a Connection
137(1)
Dropping All Traffic from a Source IP
137(1)
Network Intrusion Prevention Benefits
137(1)
Traffic Normalization
138(1)
Security Policy Enforcement
138(1)
Network Intrusion Prevention Limitations
138(2)
Hybrid IPS/IDS Systems
140(1)
Shared IDS/IPS Capabilities
141(4)
Generating Alerts
141(1)
Initiating IP Logging
142(1)
Logging Attacker Traffic
142(1)
Logging Victim Traffic
142(1)
Logging Traffic Between Attacker and Victim
143(1)
Resetting TCP Connections
143(1)
Initiating IP Blocking
143(2)
Summary
145(4)
NIPS Components
149(26)
Sensor Capabilities
150(4)
Sensor Processing Capacity
150(1)
Sensor Interfaces
151(1)
Sensor Form Factor
152(1)
Standalone Appliance Sensors
153(1)
Blade-Based Sensors
153(1)
IPS Software Integrated into the OS on Infrastructure Devices
154(1)
Capturing Network Traffic
154(10)
Capturing Traffic for In-line Mode
155(2)
Capturing Traffic for Promiscuous Mode
157(1)
Traffic Capture Devices
158(3)
Cisco Switch Capture Mechanisms
161(3)
Analyzing Network Traffic
164(2)
Atomic Operations
164(1)
Stateful Operations
164(1)
Protocol Decode Operations
165(1)
Anomaly Operations
165(1)
Normalizing Operations
165(1)
Responding to Network Traffic
166(2)
Alerting Actions
166(1)
Logging Actions
167(1)
Blocking Actions
167(1)
Dropping Actions
167(1)
Sensor Management and Monitoring
168(2)
Small Sensor Deployments
168(1)
Large Sensor Deployments
169(1)
Summary
170(5)
Part IV Deployment Solutions
175(84)
Cisco Security Agent Deployment
177(26)
Step 1: Understand the Product
178(2)
Components
178(1)
Cisco Security Agents
178(1)
CSA Management
179(1)
Capabilities
179(1)
Step 2: Predeployment Planning
180(9)
Review the Security Policy
180(1)
Define Project Goals
181(1)
Balance
181(2)
Problems to Solve
183(1)
Select and Classify Target Hosts
184(1)
Select Target Hosts
184(1)
Classify Selected Hosts
185(2)
Plan for Ongoing Management
187(1)
Choose the Appropriate Management Architecture
187(2)
Step 3: Implement Management
189(5)
Install and Secure the CSA MC
189(1)
Understand the MC
190(1)
Configure Groups
191(1)
Policy Groups
191(1)
Secondary Groups
192(2)
Configure Policies
194(1)
Step 4: Pilot
194(2)
Scope
195(1)
Objectives
195(1)
Step 5: Tuning
196(1)
Step 6: Full Deployment
197(1)
Step 7: Finalize the Project
198(1)
Summary
199(1)
Understand the Product
199(1)
Predeployment Planning
199(1)
Implement Management
200(3)
Pilot
200(1)
Tuning
200(1)
Full Deployment
200(1)
Finalize the Project
200(3)
Deploying Cisco Network IPS
203(26)
Step 1: Understand the Product
205(7)
Sensors Available
205(1)
Cisco IPS 4200 Series Appliance Sensors
206(1)
Cisco Catalyst 6500 Series IDS Module
206(1)
Cisco IDS Network Module
207(1)
Cisco IOS IPS Sensors
208(1)
In-line Support
208(1)
Management and Monitoring Options
209(1)
Command-Line Interface
209(1)
IPS Device Manager
209(1)
CiscoWorks Management Center for IPS Sensors
209(1)
CS-MARS
210(1)
NIPS Capabilities
211(1)
Signature Database and Update Schedule
212(1)
Step 2: Predeployment Planning
212(9)
Review the Security Policy
212(1)
Define Deployment Goals
213(1)
Security Posture
213(2)
Problems to Solve
215(1)
Select and Classify Sensor Deployment Locations
216(1)
Austin Headquarters Site
216(1)
Large Sales Office Sites
217(1)
Manufacturing Sites
218(1)
Small Sales Office Sites
218(1)
Plan for Ongoing Management
218(1)
Choose the Appropriate Management Architecture
218(3)
Step 3: Sensor Deployment
221(1)
Understand Sensor CLI and IDM
221(1)
Install Sensors
221(1)
Configuring the Sensor
221(1)
Cabling the Sensor
222(1)
Install and Secure the IPS MC and Understand the Management Center
222(1)
Step 4: Tuning
222(3)
Identify False Positives
223(1)
Configure Signature Filters
224(1)
Configure Signature Actions
224(1)
Step 5: Finalize the Project
225(1)
Summary
225(4)
Understand the Product
226(1)
Predeployment Planning
226(1)
Sensor Deployment
226(1)
Tuning
226(1)
Finalize the Project
227(2)
Deployment Scenarios
229(30)
Large Enterprise
229(7)
Limiting Factors
231(1)
Security Policy Goals
231(1)
HIPS Implementation
231(1)
Target Hosts
232(1)
Management Architecture
232(1)
Agent Configuration
233(1)
NIPS Implementation
233(1)
Sensor Deployment
234(1)
NIPS Management
235(1)
Branch Office
236(4)
Limiting Factors
237(1)
Security Policy Goals
237(1)
HIPS Implementation
238(1)
Target Hosts
238(1)
Management Architecture
238(1)
Agent Configuration
238(1)
NIPS Implementation
239(1)
Sensor Deployment
239(1)
NIPS Management
239(1)
Medium Financial Enterprise
240(3)
Limiting Factors
241(1)
Security Policy Goals
241(1)
HIPS Implementation
241(1)
Target Hosts
242(1)
Management Architecture
242(1)
Agent Configuration
242(1)
NIPS Implementation
242(1)
Sensor Deployment
242(1)
NIPS Management
243(1)
Medium Educational Institution
243(4)
Limiting Factors
244(1)
Security Policy Goals
245(1)
HIPS Implementation
245(1)
Target Hosts
245(1)
Management Architecture
245(1)
Agent Configuration
246(1)
NIPS Implementation
246(1)
Sensor Deployment
246(1)
NIPS Management
247(1)
Small Office
247(3)
Limiting Factors
248(1)
Security Policy Goals
248(1)
HIPS Implementation
248(1)
Target Hosts
249(1)
Management Architecture
249(1)
Agent Configuration
249(1)
NIPS Implementation
250(1)
Home Office
250(2)
Limiting Factors
251(1)
Security Policy Goals
251(1)
HIPS Implementation
251(1)
Management Architecture
251(1)
Agent Configuration
251(1)
NIPS Implementation
252(1)
Summary
252(7)
Large Enterprise
253(1)
Branch Office
253(1)
Medium Financial Enterprise
254(1)
Medium Educational Institution
254(1)
Small Office
255(1)
Home Office
255(4)
Part V Appendix
259(12)
Appendix A
261(10)
Glossary 271(7)
Index 278

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program