Network intrusion detection : an analyst's handbook / Stephen Northcutt, Judy Novak and Donald McLachlan.
By: Northcutt, Stephen.
Contributor(s): Novak, Judy | McLachlan, Donald.
Material type: BookPublisher: Indianapolis : New Riders, 2001Description: xxxii, 430 p. : ill. ; 23 cm.ISBN: 0735710082.Subject(s): Computer networks -- Security measures | Internet -- Security measures | Computer securityDDC classification: 005.8Item type | Current library | Call number | Copy number | Status | Date due | Barcode | Item holds |
---|---|---|---|---|---|---|---|
General Lending | MTU Bishopstown Library Lending | 005.8 (Browse shelf(Opens below)) | 1 | Available | 00083108 |
Enhanced descriptions from Syndetics:
A training aid and reference for intrusion detection analysts. The authors have been through the trenches and give you access to unusual and unique data.
Includes index.
IP Concepts -- Introduction to TCPdump and Transmission Control Protocol (TCP) -- Fragmentation -- ICMP -- Stimulus and Response -- DNS -- Mitnick Attack -- Introduction to Filters and Signatures -- Architectural Issues -- Interoperability and Correlation -- Network-Based Intrusion-Detection Solutions -- Future Directions -- Exploits and Scans to Apply Exploits -- Denial of Service -- Detection of Intelligence Gathering -- The Trouble with RPCs -- Filters to Detect, Filters to Protect -- System Compromise -- The Hunt for Timex -- Organizational Issues -- Automated and Manual Response -- Business Case for Intrusion Detection.
Table of contents provided by Syndetics
- Introduction (p. xviii)
- 1 IP Concepts (p. 1)
- The TCP/IP Internet Model (p. 2)
- Packaging (Beyond Paper or Plastic) (p. 4)
- Addresses (p. 9)
- Service Ports (p. 12)
- IP Protocols (p. 13)
- Domain Name System (p. 15)
- Routing: How You Get There From Here (p. 16)
- Summary (p. 18)
- 2 Introduction to TCP dump and Transmission Control Protocol (TCP) (p. 19)
- TCP dump (p. 20)
- Introduction to TCP (p. 25)
- TCP Gone Awry (p. 31)
- Summary (p. 34)
- 3 Fragmentation (p. 35)
- Theory of Fragmentation (p. 36)
- Malicious Fragmentation (p. 44)
- Summary (p. 46)
- 4 ICMP (p. 49)
- ICMP Theory (p. 49)
- Mapping Techniques (p. 52)
- Normal ICMP Activity (p. 57)
- Malicious ICMP Activity (p. 60)
- To Block or Not To Block (p. 66)
- Summary (p. 67)
- Hardware-Based ID (p. 214)
- Defense in Depth (p. 214)
- Program-Based ID (p. 215)
- Smart Auditors (p. 216)
- Summary (p. 216)
- 13 Exploits and Scans to Apply Exploits (p. 217)
- False Positives (p. 217)
- IMAP Exploits (p. 225)
- Scans to Apply Exploits (p. 228)
- Single Exploit, Portmap (p. 233)
- Summary (p. 240)
- 14 Denial of Service (p. 241)
- Brute-Force Denial-of-Service Traces (p. 242)
- Elegant Kills (p. 246)
- nmap 2.53 (p. 250)
- Distributed Denial-of-Service Attacks (p. 251)
- Summary (p. 254)
- 15 Detection of Intelligence Gathering (p. 255)
- Network and Host Mapping (p. 256)
- NetBIOS-Specific Traces (p. 265)
- Stealth Attacks (p. 267)
- Measuring Response Time (p. 272)
- Viruses as Information Gatherers (p. 274)
- Summary (p. 278)
- 16 The Trouble with RPCs (p. 279)
- portmapper (p. 279)
- dump Is a Core Component of rpcinfo (p. 282)
- Attacks That Directly Access an RPC Service (p. 284)
- The Big Three (p. 287)
- Analysis Under Fire (p. 287)
- Oh nmap! (p. 291)
- Summary (p. 294)
- 17 Filters to Detect, Filters to Protect (p. 295)
- The Mechanics of Writing TCPdump Filters (p. 296)
- Bit Masking (p. 297)
- TCPdump IP Filters (p. 300)
- TCPdump UDP Filters (p. 302)
- TCPdump TCP Filters (p. 304)
- Summary (p. 308)
- 18 System Compromise (p. 309)
- Christmas Eve 1998 (p. 310)
- Where Attackers Shop (p. 323)
- Communications Network (p. 325)
- Anonymity (p. 328)
- Summary (p. 328)
- 19 The Hunt for Timex (p. 329)
- The Traces (p. 329)
- The Hunt Begins (p. 331)
- Y2K (p. 339)
- Sources Found (p. 343)
- Miscellaneous Findings (p. 343)
- Summary Checklist (p. 347)
- Epilogue and Purpose (p. 347)
- Summary (p. 348)
- 20 Organizational Issues (p. 349)
- Organizational Security Model (p. 349)
- Defining Risk (p. 353)
- Risk (p. 354)
- Defining the Threat (p. 359)
- Risk Management Is Dollar Driven (p. 363)
- How Risky Is a Risk? (p. 363)
- Summary (p. 365)
- 21 Automated and Manual Response (p. 367)
- Automated Response (p. 368)
- Honeypot (p. 373)
- Manual Response (p. 375)
- Summary (p. 383)
- 22 Business Case for Intrusion Detection (p. 385)
- Part 1 Management Issues (p. 387)
- Part 2 Threats and Vulnerabilities (p. 391)
- Part 3 Tradeoffs and Recommended Solution (p. 395)
- Repeat the Executive Summary (p. 400)
- Summary (p. 400)
- Index (p. 403)