Intrusion Detection: Network Security Beyond the Firewall:Table of Contents









































function GetCookie (name)
{
var arg = name + "=";
var alen = arg.length;
var clen = document.cookie.length;
var i = 0;
while (i < clen)
{
var j = i + alen;
if (document.cookie.substring(i, j) == arg) {
var end = document.cookie.indexOf (";", j);
if (end == -1)
end = document.cookie.length;
return unescape(document.cookie.substring(j, end));
}
i = document.cookie.indexOf(" ", i) + 1;
if (i == 0) break;
}
return null;
}
var m1='';
var gifstr=GetCookie("UsrType");
if((gifstr!=0 ) && (gifstr!=null)) { m2=gifstr; }
document.write(m1+m2+m3);









        






























 



Keyword
Title
Author
ISBN
Publisher
Imprint


Brief
Full

 Advanced      Search
 Search Tips














Please Select
-----------
Components
Content Mgt
Certification
Databases
Enterprise Mgt
Fun/Games
Groupware
Hardware
IBM Redbooks
Intranet Dev
Middleware
Multimedia
Networks
OS
Prod Apps
Programming
Security

UI
Web Services
Webmaster
Y2K
-----------
New Titles
-----------
Free Archive


























To access the contents, click the chapter and section titles.


Intrusion Detection: Network Security beyond the Firewall


(Publisher: John Wiley & Sons, Inc.)

Author(s): Terry Escamilla

ISBN: 0471290009

Publication Date: 11/01/98



function isIE4()
{
return( navigator.appName.indexOf("Microsoft") != -1 && (navigator.appVersion.charAt(0)=='4') );
}
function bookMarkit()
{
var url="http://www.itknowledge.com/PSUser/EWBookMarks.html?url="+window.location+"&isbn=0";
parent.location.href=url;
//var win = window.open(url,"myitk");
//if(!isIE4())
// win.focus();

}












Search this book:
 




















Introduction
Preface
Acknowledgments


PART 1—Before Intrusion Detection: Traditional Computer Security

Chapter 1—Intrusion Detection and the Classic Security Model


Back to Basics: The Classic Security Model
Goals of Computer Security
Learn to Ask Tough Questions
A Basic Computer Security Model

The Reference Monitor
What Makes a Good Reference Monitor

Enhancing the Security Model Further

Identification and Authentication (I&A)
Access Control
Auditing

Classifying Security Products with a Nod to Intrusion Detection

Identification and Authentication
Access Control
Scanners
Intrusion Detection and Monitoring
Additional Product Differences

Prevention, Detection, and Response with Intrusion Detection
Where to Go from Here


Chapter 2—The Role of Identification and Authentication in Your Environment


Identification and Authentication in UNIX

Users and Groups
Superuser
What Are the Subjects in UNIX?
UNIX Login
UNIX Password Mechanism
Storing Passwords in a Central Server

Identification and Authentication in NT

Users and Groups in NT
Subjects in NT
NT Login Security
NT Authentication Using a Domain Controller

How Hackers Exploit Weaknesses in Password Security

Easily Guessed Passwords
Brute Force Attacks
Social Engineering
Trojan Horses
Network Sniffing
Electromagnetic Emissions Monitoring
Software Bugs

Improving upon I&A with Authentication Servers

Third-Party Authentication
A Cryptography Primer

Ideas for Improving I&A Security

One-Time Passwords
Strong Authentication
One-Time Passwords and One-Time Pads
Two-Factor Authentication
Challenge-Response Authentication

The Need for Intrusion Detection

Biometrics



Chapter 3—The Role of Access Control in Your Environment


Configuration Problems
Program Bugs
What Is Access Control?

How Are Access Control Decisions Made?
Access Control Lists
Who Are You?

Access Control in UNIX

Who Are You in the UNIX Environment?
UNIX File and Directory Permissions
Are You Remembering to Ask Tough Questions?
Link Counts, Hard Links, and Symbolic Links
Increasing Your Privileges or Capabilities
Background Processes and Credentials

Access Control in NT

NT Rights and Privileges
Who Are You in NT?
Permissions for NT Files and Directories

How Hackers Get around Access Control
How to Improve upon Access Control

Memco SeOS
APIs
Impact of SeOS on Base Operating System Security
SeOS Auditing
Other SeOS Features

Going beyond SeOS
Why You Still Need Intrusion Detection


Chapter 4—Traditional Network Security Approaches


Layers of Network Security

Security between Layers on a System
Security between Peer Layers across Systems

I&A for Network Security Entities

How Hackers Exploit Protocols
How Many Network Entities Are There?
I&A for Users and Groups in a Network
Security Models within Models
Network Node I&A
Software Can Be a Network Entity

Network Access Control

Network Application Access Controls
The Importance of Naming

The Internet Protocol (IP)

Probing Network Paths
Problems at the IP Layer
Are Your Mission-Critical Applications Safe from Attacks?
IPsec

Supporting Protocols for IP

Address Resolution Protocol (ARP)
Domain Name System (DNS)
Routing Interchange Protocol (RIP)

User Datagram Protocol (UDP)

Port Security
UDP Security Concerns

Transmission Control Protocol (TCP)

TCP/IP Security Concerns

TCP/IP Application Security

Trusted Hosts

The Role of the Firewall in Traditional Security

What Is a Firewall?
Packet Filters Provide Access Control Services
Application Proxies Provide Access Control
Firewalls Provide IP Security
IP Sec or Application Security

How Complex Is Your Network Security?
Why Intrusion Detection Is Needed after Network Security



PART 2—Intrusion Detection: Beyond Traditional Security

Chapter 5—Intrusion Detection and Why You Need It


Do You Have Protection?
The Role of Intrusion Detection

Beyond I&A
Beyond Access Control
Beyond Network Security

Intrusion Detection: Concepts and Definitions

IDS Engine Categories
Real Time or Interval Based
Data Source
A Generic IDS Model

Getting Ready to Look for Hacker Trade


Chapter 6—Detecting Intruders on Your System Is Fun and Easy


Classes of Attacks

Internal Attacks
External Threats

Layers of Information Sources

Warning: Opportunities for Hackers!

Commercial IDS Layering
How Does One Get the Data?

Intrusion Detection Inside a Firewall
Relying on Others for Data

System Data Sources

syslog
Audit Trails

Tracing the Path of Activity Can Be Difficult

Monitoring Policies

Simple or Complex Attacks
Prepare to Scan for Weaknesses


Chapter 7—Vulnerability Scanners


What Is a Scanner?
Characteristics of Scanners

Local Scanners
Remote Scanning

How a Scanner Works
Improving Your Security with Scanners

ISS SAFESuite

Other Scanners

Ballista
IBM Network Security Auditor
Keeping the Scanners Current

Are You Done Yet?


Chapter 8—UNIX System-Level IDSs


Detecting Hacks with Stalker

Audit Management
Tracer/Browser
Misuse Detector
Attacks Detected by Stalker
Is Stalker Right for You?
Some Alternative Stalker Configurations

Detecting Hacks with the Computer Misuse Detection System

How CMDS Works

Other IDS Features to Consider

Ease of Set Up
Distributed Intrusion Detection
Monitoring and Privacy
Finding New Attacks
General Event Monitoring or Intrusion Detection

Using Audit Logs to Find Attacks

Two Main Reasons for Vulnerabilities
Notation
A Word about Sequences
Focusing on Local Attacks
An IDS Limitation
The Scope Problem and Memory Requirements

Why You’re Not Finished Yet


Chapter 9—Sniffing for Intruders


How Network IDSs Work

Networks and Subnets
Network IDSs Sniff Network Traffic
Other Network IDS Features

Network IDS Attack Recognition

Fragmented IP Packets

Advantages of Network IDSs
Limitations of Network Packet Sniffing

Network Sniffers Do Not See All Packets
Network Sniffers Are Blinded by Encryption
Missed System-Level Attacks
The Network IDS Is Not the Destination Node
Getting around the Encryption Problem

Which Product Has the Best Nose?

IBM and NetRanger
RealSecure
Network Flight Recorder

Will Intrusion Detection Be Enough?


Chapter 10—Intrusion Detection for NT


NT Security Review
Sources of Data for NT IDSs

NT Event Log
Event Records

What to Monitor on NT

Increased Privileges
Impersonation
Remote Attacks
Local Vulnerabilities

Intrusion Detection Products for NT

Look for These Features
Centrax

For Further Thought



PART 3—Rounding Out Your Environment

Chapter 11—You’ve Been Hit!


Be Prepared
Discovery and Detection
Responding to Intrusions
Should You Pursue Your Attacker?


Chapter 12—Intrusion Detection: Not the Last Chapter When It Comes to Security


Traditional Computer Security

The Basic Security Model
I&A
Access Control
Network Security

The Rationale for IDSs
Types of IDSs

Scanners
System-Level IDSs
Network Sniffers

Improving upon IDSs

Increase Application-Level Detection
Adapt to Changing I&A
Support Common Systems Management
Simplify Development of Attack Signatures
Combine Products
Support Integration into Other Products
Support Research
Self Reference and IDSs

Take It Away





Bibliography
Appendix A
Index





























Products |  Contact Us |  About Us |  Privacy  |  Ad Info  |  Home


Use of this site is subject to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc.
All rights reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited.