Network intrusion detection : an analyst's handbook / Stephen Northcutt.
By: Northcutt, Stephen.
Material type: BookPublisher: Indianapolis : New Riders, 1999Description: xviii, 267 p. : ill. ; 23 cm.ISBN: 0735708681.Subject(s): Computer security | Computer networks -- Security measuresDDC classification: 005.8Item type | Current library | Call number | Copy number | Status | Date due | Barcode | Item holds |
---|---|---|---|---|---|---|---|
General Lending | MTU Bishopstown Library Lending | 005.8 (Browse shelf(Opens below)) | 1 | Available | 00071054 |
Enhanced descriptions from Syndetics:
Written to be both a training aid and a technical reference for intrusion detection analysts, Northcutt's book contains unparalleled, practical experience that can't be found anywhere else. With detailed explanations and illustrative examples from his own career, Northcutt covers the topic completely, from detect evaluation, analysis, and situation handling, through the theories involved in understanding hackers, intelligence gathering, and coordinated attacks, to an arsenal of preventive and aggressive security measures. Ideal for the serious security analyst, Network Intrusion Detection: An Analyst's Handbook is the tool that puts you in full control of your network's security.
Includes bibliographical references and index.
Mitnick Attack -- Introduction to Filters and Signatures -- Architectural Issues -- Interoperability and Correlation -- Network-Based Intrusion Detection Solutions -- Detection of Exploits -- Denial of Service -- Intelligence Gathering Techniques -- Introduction to Hacking -- Coordinated Attacks -- Additional Tools -- Risk Management and Intrusion Detection -- Automated and Manual Response -- Business Case for Intrusion Detection -- Future Directions.
Table of contents provided by Syndetics
- 1 Mitnick Attack (p. 1)
- Exploiting TCP (p. 1)
- Detecting the Mitnick Attack (p. 12)
- Preventing the Mitnick Attack (p. 15)
- Summary (p. 16)
- 2 Introduction to Filters and Signatures (p. 17)
- Filtering Policy (p. 17)
- Signatures (p. 18)
- Filter Examples (p. 20)
- Policy Issues Related to Targeting Filters (p. 30)
- Summary (p. 32)
- 3 Architectural Issues (p. 33)
- Events of Interest (p. 34)
- Limits to Observation (p. 35)
- Low-Hanging Fruit Paradigm (p. 36)
- Human Factors Limit Detects (p. 37)
- Severity (p. 39)
- Countermeasures (p. 40)
- Sensor Placement (p. 41)
- Outside Firewall (p. 42)
- Push/Pull (p. 45)
- Analyst Console (p. 46)
- Host- or Network-Based Intrusion Detection (p. 49)
- Summary (p. 51)
- 4 Interoperability and Correlation (p. 53)
- Multiple Solutions Working Together (p. 53)
- Commercial IDS Interoperability Solutions (p. 57)
- Correlation (p. 60)
- SQL Databases (p. 68)
- Summary (p. 72)
- 5 Network-Based Intrusion Detection Solutions (p. 75)
- Commercial Tools (p. 76)
- MS Windows-Capable Systems (p. 76)
- UNIX-Based Systems (p. 80)
- GOTS (p. 82)
- Evaluating Intrusion Detection Systems (p. 85)
- Lincoln Labs Approach (p. 86)
- Summary (p. 88)
- 6 Detection of Exploits (p. 89)
- False Positives (p. 89)
- IMAP Exploits (p. 95)
- Exploit Ports with SYN/FIN Set (p. 96)
- Scans to Apply Exploits (p. 99)
- Single Exploit, portmap (p. 102)
- Summary (p. 109)
- 7 Denial of Service (p. 111)
- Commonly Detected Denial-of-Service Traces (p. 111)
- Rarely Seen Well-Known Programs (p. 120)
- Summary (p. 122)
- 8 Intelligence Gathering Techniques (p. 123)
- Network and Host Mapping (p. 124)
- NetBIOS Specific Traces (p. 133)
- Stealth Attacks (p. 136)
- Summary (p. 139)
- 9 Introduction to Hacking (p. 141)
- Christmas Eve 1998 (p. 142)
- Where Attackers Shop (p. 153)
- Communications Network (p. 155)
- Anonymity (p. 158)
- Summary (p. 158)
- 10 Coordinated Attacks (p. 159)
- Coordinated Traceroutes (p. 160)
- NetBIOS Deception (p. 162)
- RESETs and More RESETs (p. 163)
- SFRP Scans (p. 169)
- Target-Based Analysis (p. 170)
- Summary (p. 172)
- 11 Additional Tools (p. 175)
- eNTrax (p. 175)
- CMDS 4.0 (p. 180)
- Tripwire (p. 181)
- Nmap (p. 183)
- Summary (p. 192)
- 12 Risk Management and Intrusion Detection (p. 193)
- Intrusion Detection in a Security Model (p. 193)
- Defining Risk (p. 196)
- Risk (p. 197)
- Defining the Threat (p. 202)
- Risk Management Is Dollar Driven (p. 205)
- How Risky Is a Risk? (p. 206)
- Summary (p. 207)
- 13 Automated and Manual Response (p. 209)
- Automated Response (p. 210)
- Honeypot (p. 213)
- Manual Response (p. 215)
- Summary (p. 222)
- 14 Business Case for Intrusion Detection (p. 223)
- Part 1 Management Issues (p. 224)
- Part 2 Threats and Vulnerabilities (p. 228)
- Part 3 Tradeoffs and Recommended Solutions (p. 232)
- Summary (p. 236)
- 15 Future Directions (p. 237)
- Increasing Threat (p. 238)
- Cyber Terrorism and Y2K (p. 242)
- Trusted Insider (p. 242)
- Improved Response (p. 244)
- The Virus Industry Revisited (p. 245)
- Hardware-Based ID (p. 246)
- Defense in Depth (p. 247)
- Program-Based ID (p. 247)
- PDD63 (p. 248)
- Smart Auditors (p. 248)
- Summary (p. 249)