Network Intrusion Detection : An... | Buy

Summary

Written to be both a training aid and a technical reference for intrusion detection analysts, Northcutt's book contains unparalleled, practical experience that can't be found anywhere else. With detailed explanations and illustrative examples from his own career, Northcutt covers the topic completely, from detect evaluation, analysis, and situation handling, through the theories involved in understanding hackers, intelligence gathering, and coordinated attacks, to an arsenal of preventive and aggressive security measures. Ideal for the serious security analyst, Network Intrusion Detection: An Analyst's Handbook is the tool that puts you in full control of your network's security.

Author Biography

Stephen Northcutt is a graduate of Mary Washington College. He is the author of Incident Handling: Step-by-Step and Intrusion Detection: Shadow Style, both published by the SANS Institute. He was the original developer of the Shadow intrusion detection system and served as the leader of the Department of Defense's Shadow Intrusion Detection Team for two years. Formerly the Director of the U.S. Navy's Information System Security Office at the Naval Security Warfare Center, he is currently the Chief Information Warfare Officer for the U.S. Ballistic Missile Defense Organization. Stephen is a featured lecturer and co-chair of the SANS Conference and is the program chair of the first Intrustion Detection Conference.

1. Mitnick Attack.

Exploiting TCP. Detecting the Mitnick Attack. Preventing the Mitnick Attack. Summary.

2. Introduction to Filters and Signatures.

Filtering Policy. Signatures. Filter Examples. Policy Issues Related to Targeting Filters. Summary.

3. Architectural Issues.

Events of Interest. Limits to Observation. Low-Hanging Fruit Paradigm. Human Factors Limit Detects. Severity. Countermeasures. Sensor Placement. Outside Firewall. Push/Pull. Analyst Console. Host- or Network- Based Intrusion Detection. Summary.

4. Interoperability and Correlation.

Multiple Solutions Working Together. Commercial IDS Interoperability Solutions. Correlation. SQL Databases. Summary.

5. Network-Based Intrusion Detection Solutions.

Commercial Tools. MS Windows-Capable Systems. UNIX-Based Systems. GOTS. Evaluating Intrusion Detection Systems. Lincoln Labs Approach. Summary.

6. Detection of Exploits.

False Positives. IMAP Exploits. Exploit Ports with SYN/FIN Set. Scans to Apply Exploits. Single Exploit, portmap. Summary.

7. Denial of Service.

Commonly Detected Denial-of-Service Traces. Rarely Seen Well- Known Programs. Summary.

8. Intelligence Gathering Techniques.

Network and Host Mapping. NetBIOS Specific Traces. Stealth Attacks. Summary.

9. Introduction to Hacking.

Christmas Eve 1998. Where Attackers Shop. Communications Network. Anonymity. Summary.

10. Coordinated Attacks.

Coordinated Traceroutes. NetBIOS Deception. RESETs and More RESETs. SFRP Scans. Target-Based Analysis. Summary.

11. Additional Tools.

eNTrax. CMDS 4.0. tripwire. nmap. Summary.

12. Risk Management and Intrusion Detection.

Intrusion Detection in a Security Model. Defining Risk. Risk. Defining the Threat. Risk Management Is Dollar Driven. How Risky Is a Risk? Summary.

13. Automated and Manual Response.

Automated Response. Honeypot. Manual Response. Summary.

14. Business Case for Intrusion Detection.

Part One: Management Issues. Part Two: Threats and Vulnerabilities. Part Three: Tradeoffs and Recommended Solutions. Summary.

15. Future Directions.

Increasing Threat. Cyber Terrorism and Y2K. Trusted Insider. Improved Response. The Virus Industry Revisited. Hardware-Based ID. Defense in Depth. Program-Based ID. PDD63. Smart Auditors.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.