Intrusion Prevention Fundamentals 

1 2 3

• 1. Intrusion Prevention Fundamentals

• 2. Table of Contents

• 3. Copyright

  Copyright Warning and Disclaimer Corporate and Government Sales Trademark Acknowledgments Feedback Information Dedications

• 4. About the Authors

  About the Authors

• 5. About the Technical Reviewers

  About the Technical Reviewers

• 6. Acknowledgments

  Acknowledgments

• 7. Icons Used in This Book

  Icons Used in This Book Command Syntax Conventions Introduction

• 8. Part I: Intrusion Prevention Overview

• 9. Chapter 1. Intrusion Prevention Overview

  Chapter 1. Intrusion Prevention Overview

• 10. Evolution of Computer Security Threats

  Firewall Mainframes Client-Server Architecture Peer-To-Peer Networking Internet TCPIP Security Risks War-Dialer Drive-By Spamming Viruses Worms and Trojans Buffer Overflow Vulnerability Evolution of Computer Security Threats

• 11. Evolution of Attack Mitigation

  Automated Response Open Systems Interconnection Model Evolution of Attack Mitigation

• 12. IPS Capabilities

  IPS Capabilities

• 13. Summary

  Summary

• 14. Chapter 2. Signatures and Actions

  Chapter 2. Signatures and Actions

• 15. Signature Types

  State Land Attack Event Horizon Signature Types

• 16. Signature Triggers

  Trigerring Mechanism Protocol Decodes Regular Expression RPC Protocol Signature Triggers

• 17. Signature Actions

  Automatic Summarization Signature Actions

• 18. Summary

  Summary

• 19. Chapter 3. Operational Tasks

  Chapter 3. Operational Tasks

• 20. Deploying IPS Devices and Applications

  Deploying IPS Devices and Applications

• 21. Configuring IPS Devices and Applications

  False Positive False Negative True Positive True Negative Software Update Inline Sensor EtherChannel Configuring IPS Devices and Applications

• 22. Monitoring IPS Activities

  Network Time Protocol Monitoring IPS Activities

• 23. Securing IPS Communications

  Securing IPS Communications

• 24. Summary

  Summary

• 25. Chapter 4. Security in Depth

  Chapter 4. Security in Depth

• 26. Defense-in-Depth Examples

  Valid TCP Connection Day Zero Attacks 802.1X One-Time Passwords Defense-in-Depth Examples

• 27. The Security Policy

  The Security Policy

• 28. The Future of IPS

  The Future of IPS

• 29. Summary

  Summary

• 30. Part II: Host Intrusion Prevention

• 31. Chapter 5. Host Intrusion Prevention Overview

  Chapter 5. Host Intrusion Prevention Overview

• 32. Host Intrusion Prevention Capabilities

  Host Intrusion Prevention Capabilities

• 33. Host Intrusion Prevention Benefits

  Vulnerabilities and Patches Wired and Wireless Network Adapters Host Intrusion Prevention Benefits

• 34. Host Intrusion Prevention Limitations

  Host Intrusion Prevention Limitations

• 35. Summary

  Summary

• 36. References in This Chapter

  References in This Chapter

• 37. Chapter 6. HIPS Components

  Chapter 6. HIPS Components

• 38. Endpoint Agents

  Social Engineering Buffer Overruns Rootkits Endpoint Agents

• 39. Management Infrastructure

  Management Models Management Infrastructure

• 40. Summary

  Summary

• 41. Part III: Network Intrusion Prevention

• 42. Chapter 7. Network Intrusion Prevention Overview

  Chapter 7. Network Intrusion Prevention Overview

• 43. Network Intrusion Prevention Capabilities

  Forwarding Device Network Intrusion Prevention Capabilities

• 44. Network Intrusion Prevention Benefits

  Normalizing Traffic Network Intrusion Prevention Benefits

• 45. Network Intrusion Prevention Limitations

  Network Intrusion Prevention Limitations

• 46. Hybrid IPSIDS Systems

  Hybrid IPSIDS Systems

• 47. Shared IDSIPS Capabilities

  Automatic Blocking IP Spoofing Address Resolution Protocol Shared IDSIPS Capabilities

• 48. Summary

  Summary

• 49. Chapter 8. NIPS Components

  Chapter 8. NIPS Components

• 50. Sensor Capabilities

  Sensor Capabilities

1 2 3