Extrusion Detection: Security Monitoring for Internal Intrusions
Richard Bejtlich
- 出版商: Addison Wesley
- 出版日期: 2005-11-01
- 售價: $1,800
- 貴賓價: 9.5 折 $1,710
- 語言: 英文
- 頁數: 424
- 裝訂: Paperback
- ISBN: 0321349962
- ISBN-13: 9780321349965
-
相關分類:
資訊安全
立即出貨(限量) (庫存=1)
買這商品的人也買了...
-
$690$587 -
$2,180$2,071 -
$1,170$1,112 -
$413Hibernate: A Developer's Notebook
-
$1,980The Tao Of Network Security Monitoring: Beyond Intrusion Detection
-
$2,520$2,394 -
$490$441 -
$1,240GNU/Linux Application Programming (Paperback)
-
$2,800$2,660 -
$480$432 -
$880$581 -
$560$442 -
$480$408 -
$390$332 -
$890$757 -
$260$205 -
$450$356 -
$780$702 -
$775Security Log Management: Identifying Patterns in the Chaos
-
$720$569 -
$580$493 -
$390$332 -
$650$507 -
$1,728Virtual Honeypots: From Botnet Tracking to Intrusion Detection
-
$2,020$1,919
相關主題
商品描述
Table of Contents
Table of Contents |
Foreword. Preface. I. DETECTING AND CONTROLLING INTRUSIONS. 1. Network Security Monitoring Revisited. Why Extrusion Detection? Defining The Security Process Security Principles Network Security Monitoring Theory Network Security Monitoring Techniques Network Security Monitoring Tools Conclusion 2. Defensible Network Architecture. Monitoring the Defensible Network Controlling the Defensible Network Minimizing the Defensible Network Keeping the Defensible Network Current Conclusion 3. Extrusion Detection Illustrated. Intrusion Detection Defined Extrusion Detection Defined History of Extrusion Detection Extrusion Detection Through NSM Conclusion 4. Enterprise Network Instrumentation. Common Packet Capture Methods PCI Tap Dual Port Aggregator Tap 2X1 10/100 Regeneration Tap 2X1 10/100 SPAN Regeneration Tap Matrix Switch Link Aggregator Tap Distributed Traffic Collection with Pf Dup-To Squid SSL Termination Reverse Proxy Conclusion 5. Layer 3 Network Access Control. Internal Network Design Internet Service Provider Sink Holes Enterprise Sink Holes Using Sink Holes to Identify Internal Intrusions Internal Intrusion Containment Notes on Enterprise Sink Holes in the Field Conclusion II. NETWORK SECURITY OPERATIONS. 6. Traffic Threat Assessment. Why Traffic Threat Assessment? Assumptions First Cuts Looking for Odd Traffic Inspecting Individual Services: NTP Inspecting Individual Services: ISAKMP Inspecting Individual Services: ICMP Inspecting Individual Services: Secure Shell Inspecting Individual Services: Whois Inspecting Individual Services: LDAP Inspecting Individual Services: Ports 3003 to 9126 TCP Inspecting Individual Services: Ports 44444 and 49993 TCP Inspecting Individual Services: DNS Inspecting Individual Services: SMTP Inspecting Individual Services: Wrap-Up Conclusion 7. Network Incident Response. Preparation for Network Incident Response Secure CSIRT Communications Intruder Profiles Incident Detection Methods Network First Response Network-Centric General Response and Remediation Conclusion 8. Network Forensics. What Is Network Forensics? Collecting Network Traffic as Evidence Protecting and Preserving Network-Based Evidence Analyzing Network-Based Evidence Presenting and Defending Conclusions Conclusion III. INTERNAL INTRUSIONS. 9. Traffic Threat Assessment Case Study. Initial Discovery Making Sense of Argus Output Argus Meets Awk Examining Port 445 TCP Traffic Were the Targets Compromised? Tracking Down the Internal Victims Moving to Full Content Data Correlating Live Response Data with Network Evidence Conclusion 10. Malicious Bots. Introduction to IRC Bots Communication and Identification Server and Control Channels Exploitation and Propagation Final Thoughts on Bots Dialogue with a Bot Net Admin Conclusion Epilogue Appendix A: Collecting Session Data in an Emergency. Appendix B: Minimal Snort Installation Guide. Appendix C: Survey of Enumeraiton Methods. Appendix D: Open Source Host Enumeration. Index. |
商品描述(中文翻譯)
init(1);
目錄
目錄
前言。
前言。
I. 偵測和控制入侵。
1. 重新思考網路安全監控。
為什麼需要外洩偵測?
定義安全流程
安全原則
網路安全監控理論
網路安全監控技術
網路安全監控工具
結論
2. 可防禦的網路架構。
監控可防禦的網路
控制可防禦的網路
最小化可防禦的網路
保持可防禦的網路更新
結論
3. 外洩偵測實例。
定義入侵偵測
定義外洩偵測
外洩偵測的歷史
通過NSM進行外洩偵測
結論
4. 企業網路儀器。
常見的封包捕獲方法
PCI Tap
雙Po