1 option
Managing security with Snort and IDS tools / Kerry Cox and Christopher Gerg.
- Format:
- Book
- Author/Creator:
- Cox, Kerry.
- Language:
- English
- Subjects (All):
- Snort (Software).
- Computer security.
- Computers--Access control.
- Computers.
- Intrusion detection systems (Computer security).
- Physical Description:
- 1 online resource (288 p.)
- Edition:
- First edition.
- Place of Publication:
- Beijing ; Sebastopol, California : O'Reilly, 2004.
- Language Note:
- English
- System Details:
- text file
- Summary:
- Intrusion detection is not for the faint at heart. But, if you are a network administrator chances are you're under increasing pressure to ensure that mission-critical systems are safe--in fact impenetrable--from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is a vital but daunting challenge. Because of this, a plethora of complex, sophisticated, and pricy software solutions are now available. In terms of raw power and features
- Contents:
- Managing Security with Snort and IDS Tools; About This Book; Assumptions This Book Makes; Chapter Synopsis; Conventions Used in This Book; Comments and Questions; Acknowledgments; Christopher Gerg; 1. Introduction; 1.2. Defense-in-Depth; 1.3. Detecting Intrusions (a Hierarchy of Approaches); 1.4. What Is NIDS (and What Is an Intrusion)?; 1.5. The Challenges of Network Intrusion Detection; 1.5.2. False Positives; 1.5.3. Missing Prerequisites; 1.5.4. Unrealistic Expectations; 1.6. Why Snort as an NIDS?; 1.7. Sites of Interest; 2. Network Traffic Analysis; 2.1.2. UDP; 2.1.3. IP; 2.1.4. ICMP
- 2.1.5. ARP2.2. Dissecting a Network Packet; 2.2.2. The TCP Header; 2.3. Packet Sniffing; 2.4. Installing tcpdump; 2.5. tcpdump Basics; 2.6. Examining tcpdump Output; 2.7. Running tcpdump; 2.7.2. tcpdump Filters; 2.7.3. tcpdump Capture of the TCP Three-Way Handshake; 2.8. ethereal; 2.8.2. Available Options; 2.8.3. ethereal Capture of TCP Three-Way Handshake; 2.8.4. Tethereal; 2.9. Sites of Interest; 3. Installing Snort; 3.2. Installing Snort; 3.2.2. Windows Installations; 3.2.3. Staying Current; 3.3. Command-Line Options; 3.4. Modes of Operation; 3.4.2. Snort as a Packet Logger
- 3.4.3. Snort as an NIDS: Quick and Dirty3.4.3.2. Initial configuration of the snort.conf file; 4. Know Your Enemy; 4.1.2. Professionals; 4.1.3. Disgruntled Current and Former Employees and Contractors; 4.1.4. Robots and Worms; 4.2. Anatomy of an Attack: The Five Ps; 4.2.1.2. Portscans and software version-mapping; 4.2.1.3. Automated vulnerability scanners; 4.2.1.4. Web page scanners; 4.2.1.5. Other probe tools; 4.2.2. Penetrate; 4.2.2.2. Buffer overflows; 4.2.2.3. Application behavior boundary flaws; 4.2.2.4. System configuration errors; 4.2.2.5. User input validation problems; 4.2.3. Persist
- 4.2.4. Propagate4.2.5. Paralyze; 4.3. Denial-of-Service; 4.4. IDS Evasion; 4.5. Sites of Interest; 5. The snort.conf File; 5.2. Snort Decoder and Detection Engine Configuration; 5.3. Preprocessor Configurations; 5.3.2. frag2; 5.3.3. stream4; 5.3.4. stream4_reassemble; 5.3.5. HTTP Inspect Preprocessor; 5.3.5.2. http_inspect_server; 5.3.6. rpc_decode; 5.3.7. bo; 5.3.8. telnet_decode; 5.3.9. flow-portscan; 5.3.10. arpspoof; 5.3.11. perfmonitor; 5.4. Output Configurations; 5.4.2. log_tcpdump; 5.4.3. Database; 5.4.3.2. PostgreSQL; 5.4.3.3. ODBC; 5.4.3.4. MsSQL; 5.4.3.5. Oracle; 5.4.4. unified
- 5.5. File Inclusions6. Deploying Snort; 6.2. Initial Configuration; 6.3. Sensor Placement; 6.3.2. Creating Connection Points; 6.3.3. Encrypted Traffic; 6.4. Securing the Sensor Itself; 6.4.2. Configure Interfaces; 6.4.3. Disable Unnecessary Services; 6.4.4. Apply Patches and Updates; 6.4.5. Utilize Robust Authentication; 6.4.6. Monitor System Logs; 6.5. Using Snort More Effectively; 6.6. Sites of Interest; 7. Creating and Managing Snort Rules; 7.2. The Rule Sets; 7.3. Creating Your Own Rules; 7.3.2. Rule Options; 7.3.3. Common Rule Options; 7.4. Rule Execution; 7.5. Keeping Things Up-to-Date
- 7.6. Sites of Interest
- Notes:
- Includes index.
- Description based on online resource; title from PDF title page (ebrary, viewed October 5, 2013).
- ISBN:
- 9780596517847
- 059651784X
- 9780596552435
- 0596552432
- OCLC:
- 609840885
The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.