We see that javascript is disabled or not supported by your browser - javascript is needed for important actions on the site. Read more

What's New - Home - Login

Member $avings: $81,565,516.07 | Books Available: 796,125 | Members Online: 80

Swap Used Books - Buy New Books at Great Prices!

How To Swap Books Sign Up Search submenu

PBS Market (New Books)

Gift Buying Guide

Book Browser Advanced Search Books Posted Today Member Book Reviews Award Winning Books NYT Best Sellers Amazon Best Sellers Most Traveled Copies Club Wish List

Discussion Forums Book Lists

Club Lists My Book Lists My Watched Lists Create a List

Blog Donations

School Donation Program In Memory of... Military Donation Program Friends of PBS

Box-O-Books Maps The Eclectic Pen Fun Stuff

20 Questions Sudoku Bookmark Creator

Top 100

Requests Posts Swappers Referrers Reviewers

Pulse of PBS Spread The Word

Invite Friends Bookmarks Facebook Page Facebook App More Ways...

Photo Gallery Recipes Club Tag Cloud Member Testimonials

Help Center submenu

How To Swap Books Browse Help Docs Ask the Librarian PBS Member Icons Live Help

Kiosk

PBS Market (New Books) Go Shopping Buy Credits Buy PBS Money Upgrade Membership Gift Certificates Transfer Credits

Need Help?

Search - Intrusion Prevention and Active Response : Deploying Network and Host IPS

Intrusion Prevention and Active Response Deploying Network and Host IPS
Author: Michael Rash, Angela D. Orebaugh, Graham Clark, Becky Pinkard, Jake Babbin

From the Foreword by Stephen Northcutt, Director of Training and Certification, The SANS InstituteWithin a year of the infamous "Intrusion Detection is Dead" report by Gartner, we started seeing Intrusion Prevention System (IPS) products that actually worked in the real world. Security professionals are going to be approaching management ... more »for funding in the next year or two to procure intrusion prevention devices, especially Intelligent switches from 3Com (TippingPoint), as well as host-based intrusion prevention solutions like Cisco Security Agent, Platform Logic, Ozone or CrossTec. Both managers and security technologists face a pressing need to get up to speed, and fast, on the commercial and open source intrusion prevention solutions. This is the first book-length work that specifically concentrates on the concept, implementation, and implications of intrusion prevention and active response. The term IPS has been thrown around with reckless abandon by the security community. Here, the author team works to establish a common understanding and terminology, as well as compare the approaches to intrusion prevention.

Transition from Intrusion Detection to Intrusion Prevention Unlike IDS, IPS can modify application-layer data or perform system call interception.
Develop an Effective Packet Inspection Toolbox Use products such as the Metasploit Framework as a source of test attacks.
Travel Inside the SANS Internet Storm Center Review packet captures of actual attacks, like the "Witty" worm, directly from the handler's diary.
Protect Against False Positives Remember that, unlike an IDS, an IPS will REACT to an intrusion.
Integrate Multiple Layers of IPS Create a multivendor defense at the Data Link, Network, Transport, and Application layers.
Deploy Host Attack Prevention Mechanisms Includes stack hardening, system call interception, and application shimming.
Implement Inline Packet Payload Alteration Use Snort Inline or a Linux kernel patch to the Netfilter string match extension.
Covers all Major Intrusion Prevention and Active Response Systems Includes Snort Inline, SnortSAM, PaX, StackGuard, LIDS, FWSnort, PSAD, Enterasys Web IPS, and mod_securit.
Deploy IPS on Web Servers at the Applications Layer The loading of an application-level IPS in process by the Web server will protect the server and inspect encrypted traffic.

TABLE OF Contents Foreword by Stephen NorthcuttIntrusion Prevention and Active ResponsePacket Inspection for Intrusion AnalysisFalse Positives and Real DamageFour Layers of IPS ActionsNetwork Inline Data ModificationProtecting Your Host Through the Operating SystemIPS at the Application LayerDeploying Open Source IPS SolutionsIPS Evasion Techniques

ISBN-13: 9781932266474
ISBN-10: 193226647X
Publication Date: 4/12/2005
Pages: 424
Rating:

0 stars, based on 0 rating

Publisher: Syngress
Book Type: Paperback
Members Wishing: 0
Reviews: Amazon | Write a Review

Genres:

Back to the Top ↑

Search - Intrusion Prevention and Active Response : Deploying Network and Host IPS

Loading...