The tao of network security monitoring : beyond intrusion detection

Detalles Bibliográficos
Autor Principal: Bejtlich, Richard
Formato: Libro
Lengua:inglés
Datos de publicación: Boston : Addison-Wesley, 2005
Edición:1st ed.
Temas:
SEGURIDAD EN REDES
SEGURIDAD Y PROTECCIÓN
propiedades de red
Acceso en línea:Consultar en el Cátalogo
Notas:Contiene índice
Descripción Física:798 p. : il.
ISBN:0321246772
Tabla de Contenidos:
  • Part I Introduction to network security monitoring
  • Chapter 1 The security process
  • What is security?
  • What is risk?
  • A case study on risk
  • Security principles: characteristics of the intruder
  • Security principles: phases of compromise
  • Security principles: defensibe networks
  • Conclusion
  • Chapter 2 What is network scurity monitoring
  • Indications and warnings
  • Collection, analysis, and escalation
  • Detecting and responding to intrusions
  • Why do IDS deployments often fail?
  • Outsiders principles: what is NSM'sfocus?
  • Security principles: detection
  • Security principles: limitations
  • What NSM is not
  • NSM in action
  • Conclusion
  • Chapter 3 Deployment considerations
  • Threat models and monitoring zones
  • Accesing traffic in each zone
  • Wireless monitoring
  • Sensor management
  • Conclusion
  • Part II Network security monitoring products
  • Chapter 4 The reference intrusion model
  • The scenario
  • The attack
  • Conclusion
  • Chapter 5 Full content data
  • A note on software
  • Libpcap
  • Tcpdump
  • Tethereal
  • Snort as packet logger
  • Finding specific parts of packets with tcpdump, tethereal, and snort
  • Ethereal
  • A note on commercial fill content colection options
  • Conclusion
  • Chapter 6 Additional data analysis
  • Editcap and mergecap
  • Tcpslice
  • Tcpreplay
  • Tcpflow
  • Ngrep
  • Ipsumdump
  • Etherape
  • Netdude
  • P0f
  • Conclusion
  • Chapter 7 Session data
  • Form of session data
  • Cisco's netflow
  • Fprobe
  • Ng_tools
  • sFlow and sFlow Toolkit
  • Argus
  • Tcptrace
  • Conclusion
  • Chapter 8 Statistical data
  • What is statistical data?
  • Cosco accounting
  • Ipcad
  • Ifstat
  • Bmon
  • Trafshow
  • Ttt
  • Tcpdstat
  • MRTG
  • Ntop
  • Conclusion
  • Chapter 9 Alert data: bro and prelude
  • Bro
  • Prelude
  • Conclusion
  • Chapter 10 Alert data: NSM using sguil
  • Why sguil?
  • So what is sguil?
  • The basic sguil interfece
  • Sguil's answer to "now what?"
  • Making desicions with sguil
  • Sguil versus the reference intrusion model
  • Conclusion
  • Part III Network security monitoring processes
  • Chapter 11 Best practices
  • Assessment
  • Protection
  • Detection
  • Response
  • Back to assessment
  • Conclusion
  • Chapter 12 Case studies for managers
  • Introduction to hawke helicopter supplies
  • Case study 1: emergency network security monitoring
  • Case study 2: Evaluating managed security monitoring providers
  • Case study 3: Deploying an in-house NSM solution
  • Conclusion
  • Part IV Network security monitoring people
  • Chapter 13 Analyst training program
  • Weapons and tactics
  • Telecommunications
  • System administration
  • Scripting and programming
  • Management and policy
  • Training in action
  • Periodicals and web sites
  • Case study: staying current with tools
  • Conclusion
  • Chapter 14 Discovering DNS
  • Normal port 53 traffic
  • Suspicious port 53 traffic
  • Malicious port 53 traffic
  • Conclusion
  • Chapter 15 Harnessing the power of session data
  • The session scenario
  • Session data from the wireless segment
  • Session data from the DMZ segment
  • Session data from the VLANs
  • Session data from the external segment
  • Conclusion
  • Chapter 16 Packet monkey heaven
  • Truncated TCO options
  • SCAN FIN
  • Chained covert channels
  • Conclusion
  • Part V The intruder versus network security monitoring
  • Chapter 17 Tools for attacking network security monitoring
  • Packit
  • IP Sorcery
  • Fragroute
  • LFT
  • Xprobe2
  • Cisco IOS denial of service
  • Solaris sadmin exploitation attempt
  • Microsoft RPC exploitation
  • Conclusion
  • Chapter 18 Tactics for attacking network security monitoring
  • Promote anonymity
  • Evade detection
  • Appear normal
  • Degrade or deny collection
  • Self-inflicted problems in NSM
  • Conclusion
  • Epilogue The future of network security monitoring
  • Remote packet capture and centralized analysis
  • Integration of vulnerability assessment products
  • Anomaly detection
  • NSM beyond the gateway
  • Conclusion

Ejemplares similares