Flylib.com
Managing Security with Snort and IDS Tools
Managing Security with Snort and IDS Tools
ISBN: 0596006616
EAN: 2147483647
Year: 2006
Pages: 136
Authors:
Christopher Gerg
,
Kerry J. Cox
BUY ON AMAZON
Managing Security with Snort and IDS Tools
Table of Contents
Copyright
Preface
Audience
About This Book
Assumptions This Book Makes
Chapter Synopsis
Conventions Used in This Book
Comments and Questions
Acknowledgments
Chapter 1. Introduction
1.1 Disappearing Perimeters
1.2 Defense-in-Depth
1.3 Detecting Intrusions (a Hierarchy of Approaches)
1.4 What Is NIDS (and What Is an Intrusion)?
1.5 The Challenges of Network Intrusion Detection
1.6 Why Snort as an NIDS?
1.7 Sites of Interest
Chapter 2. Network Traffic Analysis
2.1 The TCPIP Suite of Protocols
2.2 Dissecting a Network Packet
2.3 Packet Sniffing
2.4 Installing tcpdump
2.5 tcpdump Basics
2.6 Examining tcpdump Output
2.7 Running tcpdump
2.8 ethereal
2.9 Sites of Interest
Chapter 3. Installing Snort
3.1 About Snort
3.2 Installing Snort
3.3 Command-Line Options
3.4 Modes of Operation
Chapter 4. Know Your Enemy
4.1 The Bad Guys
4.2 Anatomy of an Attack: The Five Ps
4.3 Denial-of-Service
4.4 IDS Evasion
4.5 Sites of Interest
Chapter 5. The snort.conf File
5.1 Network and Configuration Variables
5.2 Snort Decoder and Detection Engine Configuration
5.3 Preprocessor Configurations
5.4 Output Configurations
5.5 File Inclusions
Chapter 6. Deploying Snort
6.1 Deploy NIDS with Your Eyes Open
6.2 Initial Configuration
6.3 Sensor Placement
6.4 Securing the Sensor Itself
6.5 Using Snort More Effectively
6.6 Sites of Interest
Chapter 7. Creating and Managing Snort Rules
7.1 Downloading the Rules
7.2 The Rule Sets
7.3 Creating Your Own Rules
7.4 Rule Execution
7.5 Keeping Things Up-to-Date
7.6 Sites of Interest
Chapter 8. Intrusion Prevention
8.1 Intrusion Prevention Strategies
8.2 IPS Deployment Risks
8.3 Flexible Response with Snort
8.4 The Snort Inline Patch
8.5 Controlling Your Border
8.6 Sites of Interest
Chapter 9. Tuning and Thresholding
9.1 False Positives (False Alarms)
9.2 False Negatives (Missed Alerts)
9.3 Initial Configuration and Tuning
9.4 Pass Rules
9.5 Thresholding and Suppression
Chapter 10. Using ACID as a Snort IDS Management Console
10.1 Software Installation and Configuration
10.2 ACID Console Installation
10.3 Accessing the ACID Console
10.4 Analyzing the Captured Data
10.5 Sites of Interest
Chapter 11. Using SnortCenter as a Snort IDS Management Console
11.1 SnortCenter Console Installation
11.2 SnortCenter Agent Installation
11.3 SnortCenter Management Console
11.4 Logging In and Surveying the Layout
11.5 Adding Sensors to the Console
11.6 Managing Tasks
Chapter 12. Additional Tools for Snort IDS Management
12.1 Open Source Solutions
12.2 Commercial Solutions
Chapter 13. Strategies for High-Bandwidth Implementations of Snort
13.1 Barnyard (and Sguil)
13.2 Commericial IDS Load Balancers
13.3 The IDS Distribution System (I(DS)2)
Appendix A. Snort and ACID Database Schema
A.1 acid_ag
Appendix B. The Default snort.conf File
Appendix C. Resources
C.1 From Chapter 1: Introduction
C.2 From Chapter 2: Network Traffic Analysis
C.3 From Chapter 4: Know Your Enemy
C.4 From Chapter 6: Deploying Snort
C.5 From Chapter 7: Creating and Managing Snort Rules
C.6 From Chapter 8: Intrusion Prevention
C.7 From Chapter 10: Using ACID as a Snort IDS Management Console
C.8 From Chapter 12: Additional Tools for Snort IDS Management
C.9 From Chapter 13: Strategies for High-Bandwidth Implementations of Snort
Colophon
Index
index_SYMBOL
index_A
index_B
index_C
index_D
index_E
index_F
index_G
index_H
index_I
index_J
index_K
index_L
index_M
index_N
index_O
index_P
index_Q
index_R
index_S
index_T
index_U
index_V
index_W
index_X
index_Y
Managing Security with Snort and IDS Tools
ISBN: 0596006616
EAN: 2147483647
Year: 2006
Pages: 136
Authors:
Christopher Gerg
,
Kerry J. Cox
BUY ON AMAZON
Strategies for Information Technology Governance
Assessing Business-IT Alignment Maturity
Measuring and Managing E-Business Initiatives Through the Balanced Scorecard
A View on Knowledge Management: Utilizing a Balanced Scorecard Methodology for Analyzing Knowledge Metrics
Governing Information Technology Through COBIT
Governance in IT Outsourcing Partnerships
Introduction to 80x86 Assembly Language and Computer Architecture
Procedures
String Operations
Bit Manipulation
Appendix C MASM 6.11 Reserved Words
Appendix D 80x86 Instructions (by Mnemonic)
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Individual change
Team change
Leading change
Restructuring
Cultural change
.NET-A Complete Development Cycle
Requirements for the GDI+ Extensions
Unit Tests
Refining Requirements for 3D Text Display
Performance Optimization, Multithreading, and Profiling
Security and Database Access
MPLS Configuration on Cisco IOS Software
Overview of MPLS Forwarding
Outbound Route Filters
Inter-Provider VPNs
Option 1: Inter-Provider VPN Using Back-to-Back VRF Method
Case Study 10: BGP Site of Origin
Java All-In-One Desk Reference For Dummies
Making Choices
Using the ArrayList Class
Programming Threads
Book VIII - Files and Databases
Using JDBC to Connect to a Database
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies