Titel: Intrusion Prevention Fundamentals
Autor/en: Earl Carter, Jonathan Hogue
Implement an around-the-clock network surveillance system with the official CSIDS Coursebook.
Januar 2006 - kartoniert - 287 Seiten
For the first time ever in 2004, virus costs outpaced the costs for any other type of security incident. A new technology called Intrusion Prevention Security (IPS) greatly mitigates the virus problem. IPS can be loosely defined as any device or software which exercises access control to protect computers from exploitation. The wide-scale adoption of IPS is inevitable as Corporations know they need to strengthen their defenses against viruses. Intrusion Prevention Fundamentals can help sort out all the claims, technical literature, and marketing buzzwords. This valuable, fundamental resource will help readers know how the technology works, what problems it can solve, how it is deployed, and where it fits in the security marketplace. The book offers an introduction and in-depth overview of IPS technology. The use of real-world scenarios and case studies are used to walk through the lifecycle of an IPS project from needs definition to deployment. Common concerns, such as how IPS works, the security needs IPS can address, how IPS works with other security products, how is IPS deployed, and what should be considered prior to a deployment are answered. The RFP/RFI guidelines, a return on investment calculator, a sample statement of work (task list, general time frames, etc. for an IPS deployment), and a HIPS/NIPS comparison matrix are included in the book.
Part I Intrusion Prevention Overview Chapter 1 Intrusion Prevention Overview Evolution of Computer Security Threats Technology Adoption Target Value Attack Characteristics Attack Examples Evolution of Attack Mitigation Host Network IPS Capabilities Attack Prevention Regulatory Compliance Summary Technology Adoption Target Value Attack Characteristics Chapter 2 Signatures and Actions Signature Types Atomic Signatures Stateful Signatures Signature Triggers Pattern Detection Anomaly-Based Detection Behavior-Based Detection Signature Actions Alert Signature Action Drop Signature Action Log Signature Action Block Signature Action TCP Reset Signature Action Allow Signature Action Summary Chapter 3 Operational Tasks Deploying IPS Devices and Applications Deploying Host IPS Deploying Network IPS Configuring IPS Devices and Applications Signature Tuning Event Response Software Updates Configuration Updates Device Failure Monitoring IPS Activities Management Method Event Correlation Security Staff Incident Response Plan Securing IPS Communications Management Communication Device-to-Device Communication Summary Chapter 4 Security in Depth Defense-in-Depth Examples External Attack Against a Corporate Database Internal Attack Against a Management Server The Security Policy The Future of IPS Intrinsic IPS Collaboration Between Layers Summary Part II Host Intrusion Prevention Chapter 5 Host Intrusion Prevention Overview Host Intrusion Prevention Capabilities Blocking Malicious Code Activities Not Disrupting Normal Operations Distinguishing Between Attacks and Normal Events Stopping New and Unknown Attacks Protecting Against Flaws in Permitted Applications Host Intrusion Prevention Benefits Attack Prevention Patch Relief Internal Attack Propagation Prevention Policy Enforcement Acceptable Use Policy Enforcement Regulatory Requirements Host Intrusion Prevention Limitations Subject to End User Tampering Lack of Complete Coverage Attacks That Do Not Target Hosts Summary References in This Chapter Chapter 6 HIPS Components Endpoint Agents Identifying the Resource Being Accessed Gathering Data About the Operation Determining the State Consulting the Security Policy Taking Action Management Infrastructure ManagementCenter Management Interface Summary Part III Network Intrusion Prevention Chapter 7 Network Intrusion Prevention Overview Network Intrusion Prevention Capabilities Dropping a Single Packet Dropping All Packets for a Connection Dropping All Traffic from a Source IP Network Intrusion Prevention Benefits Traffic Normalization Security Policy Enforcement Network Intrusion Prevention Limitations Hybrid IPS/IDS Systems Shared IDS/IPS Capabilities Generating Alerts Initiating IP Logging Resetting TCP Connections Initiating IP Blocking Summary Chapter 8 NIPS Components Sensor Capabilities Sensor Processing Capacity Sensor Interfaces Sensor Form Factor Capturing Network Traffic Capturing Traffic for In-line Mode Capturing Traffic for Promiscuous Mode Analyzing Network Traffic Atomic Operations Stateful Operations Protocol Decode Operations Anomaly Operations Normalizing Operations Responding to Network Traffic Alerting Actions Logging Actions Blocking Actions Dropping Actions Sensor Management and Monitoring Small Sensor Deployments Large Sensor Deployments Summary Part IV Deployment Solutions Chapter 9 Cisco Security Agent Deployment Step1: Understand the Product Components Capabilities Step 2: Predeployment Planning Review the Security Policy Define Project Goals Select and Classify Target Hosts Plan for Ongoing Management Choose the Appropriate Management Architecture Step 3: Implement Management Install and Secure the CSA MC Understand the MC Configure Groups Configure Policies Step 4: Pilot Scope Objectives Step 5: Tuning Step 6: Full Deployment Step 7: Finalize the Project Summary Understand the Product Predeployment Planning Implement Management Pilot Tuning Full Deployment Finalize the Project Chapter 10 Deploying Cisco Network IPS Step 1: Understand the Product Sensors Available In-line Support Management and Monitoring Options NIPS Capabilities Signature Database and Update Schedule Step 2: Predeployment Planning Review the Security Policy Define Deployment Goals Select and Classify Sensor Deployment Locations Plan for Ongoing Management Choose the Appropriate Management Architecture Step 3: Sensor Deployment Understand Sensor CLI and IDM Install Sensors Install and Secure the IPS MC and Understand the Management Center Step 4: Tuning Identify False Positives Configure Signature Filters Configure Signature Actions Step 5: Finalize the Project Summary Understand the Product Predeployment Planning Sensor Deployment Tuning Finalize the Project Chapter 11 Deployment Scenarios Large Enterprise Limiting Factors Security Policy Goals HIPS Implementation NIPS Implementation Branch Office Limiting Factors Security Policy Goals HIPS Implementation NIPS Implementation Medium Financial Enterprise Limiting Factors Security Policy Goals HIPS Implementation NIPS Implementation Medium Educational Institution Limiting Factors Security Policy Goals HIPS Implementation NIPS Implementation Small Office Limiting Factors Security Policy Goals HIPS Implementation NIPS Implementation Home Office Limiting Factors Security Policy Goals HIPS Implementation NIPS Implementation Summary Large Enterprise Branch Office Medium Financial Enterprise Medium Educational Institution Small Office Home Office Part V Appendix Appendix A Glossary 1587052393TOC121905
Earl Carter bereist als Hotel-, Interieur- und Food-Fotograf von seiner Heimat Australien aus die ganze Welt. Seine Bilder erscheinen in Büchern und Magazinen.