Intrusion Detection: Network Security Beyond the Firewall:Table of Contents
function GetCookie (name)
{
var arg = name + "=";
var alen = arg.length;
var clen = document.cookie.length;
var i = 0;
while (i < clen)
{
var j = i + alen;
if (document.cookie.substring(i, j) == arg) {
var end = document.cookie.indexOf (";", j);
if (end == -1)
end = document.cookie.length;
return unescape(document.cookie.substring(j, end));
}
i = document.cookie.indexOf(" ", i) + 1;
if (i == 0) break;
}
return null;
}
var m1='';
var gifstr=GetCookie("UsrType");
if((gifstr!=0 ) && (gifstr!=null)) { m2=gifstr; }
document.write(m1+m2+m3);
Keyword
Title
Author
ISBN
Publisher
Imprint
Brief
Full
Advanced Search
Search Tips
Please Select
-----------
Components
Content Mgt
Certification
Databases
Enterprise Mgt
Fun/Games
Groupware
Hardware
IBM Redbooks
Intranet Dev
Middleware
Multimedia
Networks
OS
Prod Apps
Programming
Security
UI
Web Services
Webmaster
Y2K
-----------
New Titles
-----------
Free Archive
To access the contents, click the chapter and section titles.
Intrusion Detection: Network Security beyond the Firewall
(Publisher: John Wiley & Sons, Inc.)
Author(s): Terry Escamilla
ISBN: 0471290009
Publication Date: 11/01/98
function isIE4()
{
return( navigator.appName.indexOf("Microsoft") != -1 && (navigator.appVersion.charAt(0)=='4') );
}
function bookMarkit()
{
var url="http://www.itknowledge.com/PSUser/EWBookMarks.html?url="+window.location+"&isbn=0";
parent.location.href=url;
//var win = window.open(url,"myitk");
//if(!isIE4())
// win.focus();
}
Search this book:
Introduction
Preface
Acknowledgments
PART 1Before Intrusion Detection: Traditional Computer Security
Chapter 1Intrusion Detection and the Classic Security Model
Back to Basics: The Classic Security Model
Goals of Computer Security
Learn to Ask Tough Questions
A Basic Computer Security Model
The Reference Monitor
What Makes a Good Reference Monitor
Enhancing the Security Model Further
Identification and Authentication (I&A)
Access Control
Auditing
Classifying Security Products with a Nod to Intrusion Detection
Identification and Authentication
Access Control
Scanners
Intrusion Detection and Monitoring
Additional Product Differences
Prevention, Detection, and Response with Intrusion Detection
Where to Go from Here
Chapter 2The Role of Identification and Authentication in Your Environment
Identification and Authentication in UNIX
Users and Groups
Superuser
What Are the Subjects in UNIX?
UNIX Login
UNIX Password Mechanism
Storing Passwords in a Central Server
Identification and Authentication in NT
Users and Groups in NT
Subjects in NT
NT Login Security
NT Authentication Using a Domain Controller
How Hackers Exploit Weaknesses in Password Security
Easily Guessed Passwords
Brute Force Attacks
Social Engineering
Trojan Horses
Network Sniffing
Electromagnetic Emissions Monitoring
Software Bugs
Improving upon I&A with Authentication Servers
Third-Party Authentication
A Cryptography Primer
Ideas for Improving I&A Security
One-Time Passwords
Strong Authentication
One-Time Passwords and One-Time Pads
Two-Factor Authentication
Challenge-Response Authentication
The Need for Intrusion Detection
Biometrics
Chapter 3The Role of Access Control in Your Environment
Configuration Problems
Program Bugs
What Is Access Control?
How Are Access Control Decisions Made?
Access Control Lists
Who Are You?
Access Control in UNIX
Who Are You in the UNIX Environment?
UNIX File and Directory Permissions
Are You Remembering to Ask Tough Questions?
Link Counts, Hard Links, and Symbolic Links
Increasing Your Privileges or Capabilities
Background Processes and Credentials
Access Control in NT
NT Rights and Privileges
Who Are You in NT?
Permissions for NT Files and Directories
How Hackers Get around Access Control
How to Improve upon Access Control
Memco SeOS
APIs
Impact of SeOS on Base Operating System Security
SeOS Auditing
Other SeOS Features
Going beyond SeOS
Why You Still Need Intrusion Detection
Chapter 4Traditional Network Security Approaches
Layers of Network Security
Security between Layers on a System
Security between Peer Layers across Systems
I&A for Network Security Entities
How Hackers Exploit Protocols
How Many Network Entities Are There?
I&A for Users and Groups in a Network
Security Models within Models
Network Node I&A
Software Can Be a Network Entity
Network Access Control
Network Application Access Controls
The Importance of Naming
The Internet Protocol (IP)
Probing Network Paths
Problems at the IP Layer
Are Your Mission-Critical Applications Safe from Attacks?
IPsec
Supporting Protocols for IP
Address Resolution Protocol (ARP)
Domain Name System (DNS)
Routing Interchange Protocol (RIP)
User Datagram Protocol (UDP)
Port Security
UDP Security Concerns
Transmission Control Protocol (TCP)
TCP/IP Security Concerns
TCP/IP Application Security
Trusted Hosts
The Role of the Firewall in Traditional Security
What Is a Firewall?
Packet Filters Provide Access Control Services
Application Proxies Provide Access Control
Firewalls Provide IP Security
IP Sec or Application Security
How Complex Is Your Network Security?
Why Intrusion Detection Is Needed after Network Security
PART 2Intrusion Detection: Beyond Traditional Security
Chapter 5Intrusion Detection and Why You Need It
Do You Have Protection?
The Role of Intrusion Detection
Beyond I&A
Beyond Access Control
Beyond Network Security
Intrusion Detection: Concepts and Definitions
IDS Engine Categories
Real Time or Interval Based
Data Source
A Generic IDS Model
Getting Ready to Look for Hacker Trade
Chapter 6Detecting Intruders on Your System Is Fun and Easy
Classes of Attacks
Internal Attacks
External Threats
Layers of Information Sources
Warning: Opportunities for Hackers!
Commercial IDS Layering
How Does One Get the Data?
Intrusion Detection Inside a Firewall
Relying on Others for Data
System Data Sources
syslog
Audit Trails
Tracing the Path of Activity Can Be Difficult
Monitoring Policies
Simple or Complex Attacks
Prepare to Scan for Weaknesses
Chapter 7Vulnerability Scanners
What Is a Scanner?
Characteristics of Scanners
Local Scanners
Remote Scanning
How a Scanner Works
Improving Your Security with Scanners
ISS SAFESuite
Other Scanners
Ballista
IBM Network Security Auditor
Keeping the Scanners Current
Are You Done Yet?
Chapter 8UNIX System-Level IDSs
Detecting Hacks with Stalker
Audit Management
Tracer/Browser
Misuse Detector
Attacks Detected by Stalker
Is Stalker Right for You?
Some Alternative Stalker Configurations
Detecting Hacks with the Computer Misuse Detection System
How CMDS Works
Other IDS Features to Consider
Ease of Set Up
Distributed Intrusion Detection
Monitoring and Privacy
Finding New Attacks
General Event Monitoring or Intrusion Detection
Using Audit Logs to Find Attacks
Two Main Reasons for Vulnerabilities
Notation
A Word about Sequences
Focusing on Local Attacks
An IDS Limitation
The Scope Problem and Memory Requirements
Why Youre Not Finished Yet
Chapter 9Sniffing for Intruders
How Network IDSs Work
Networks and Subnets
Network IDSs Sniff Network Traffic
Other Network IDS Features
Network IDS Attack Recognition
Fragmented IP Packets
Advantages of Network IDSs
Limitations of Network Packet Sniffing
Network Sniffers Do Not See All Packets
Network Sniffers Are Blinded by Encryption
Missed System-Level Attacks
The Network IDS Is Not the Destination Node
Getting around the Encryption Problem
Which Product Has the Best Nose?
IBM and NetRanger
RealSecure
Network Flight Recorder
Will Intrusion Detection Be Enough?
Chapter 10Intrusion Detection for NT
NT Security Review
Sources of Data for NT IDSs
NT Event Log
Event Records
What to Monitor on NT
Increased Privileges
Impersonation
Remote Attacks
Local Vulnerabilities
Intrusion Detection Products for NT
Look for These Features
Centrax
For Further Thought
PART 3Rounding Out Your Environment
Chapter 11Youve Been Hit!
Be Prepared
Discovery and Detection
Responding to Intrusions
Should You Pursue Your Attacker?
Chapter 12Intrusion Detection: Not the Last Chapter When It Comes to Security
Traditional Computer Security
The Basic Security Model
I&A
Access Control
Network Security
The Rationale for IDSs
Types of IDSs
Scanners
System-Level IDSs
Network Sniffers
Improving upon IDSs
Increase Application-Level Detection
Adapt to Changing I&A
Support Common Systems Management
Simplify Development of Attack Signatures
Combine Products
Support Integration into Other Products
Support Research
Self Reference and IDSs
Take It Away
Bibliography
Appendix A
Index
Products | Contact Us | About Us | Privacy | Ad Info | Home
Use of this site is subject to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc.
All rights reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited.
Wyszukiwarka
Podobne podstrony:
ewtoc (6)ewtoc (14)ewtocewtoc (5)ewtoc (15)ewtocewtocewtoc (3)ewtoc (8)ewtoc (4)ewtoc (12)ewtocewtoc (10)ewtoc (9)ewtoc (11)ewtoc (7)ewtoc (13)ewtocewtocwięcej podobnych podstron