Network Intrusion Detection: An Analyst's Handbook, 2/E
Judy Novak
Stephen Northcutt

ISBN-10: 0735710082
ISBN-13: 9780735710085

Publisher: Que Publishing
Copyright: 2000
Format: Paper; 480 pp


Suggested retail price: $45.00
This item is out of print and is no longer available for purchase.

For courses in Network Security.

Intrusion detection is one of the hottest growing areas of network security. As the number of corporate, government, and educational networks grow and as they become more and more interconnected through the Internet, there is a correlating increase in the types and numbers of attacks to penetrate those networks. Network Intrusion Detection: An Analyst's Handbook, Second Edition is a training aid and reference for intrusion detection analysts and networking students. This book is meant to be practical. The authors are literally the most recognized names in this specialized field, with unparalleled experience in defending our country's government and military computer networks. The book's approach is to introduce and ground topics through actual traffic patterns. The authors have been through the trenches and give you access to unusual and unique data.



Introduction.


1. IP Concepts.

The TCP/IP Internet Model. Packaging (Beyond Paper or Plastic). Addresses. Service Ports. IP Protocols. Domain Name System. Routing: How You Get There From Here.



2. Introduction to TCPdump and Transmission Control Protocol (TCP).

TCPdump. Introduction to TCP. TCP Gone Awry.



3. Fragmentation.

Theory of Fragmentation. Malicious Fragmentation.



4. ICMP.

ICMP Theory. Mapping Techniques. Normal ICMP Activity. Malicious ICMP Activity. To Block or Not To Block.



5. Stimulus and Response.

The Expected. Protocol Benders. Summary of Expected Behavior and Protocol Benders. Abnormal Stimuli. Unconventional Stimulus, Operating System Identifying Response.



6. DNS.

Back to Basics: DNS Theory. Reverse Lookups. Using DNS for Reconnaissance. Tainting DNS Responses.



7. Mitnick Attack.

Exploiting TCP. Detecting the Mitnick Attack. Network-Based Intrusion-Detection Systems. Host-Based Intrusion-Detection Systems. Preventing the Mitnick Attack.



8. Introduction to Filters and Signatures.

Filtering Policy. Signatures. Filters Used to Detect Events of Interest. Example Filters. Snort Filter Example. Policy Issues Related to Targeting Filters.



9. Architectural Issues.

Events of Interest. Limits to Observation. Low-Hanging Fruit Paradigm. Human Factors Limit Detects. Severity. Countermeasures. Calculating Severity. Sensor Placement. Push/Pull. Analyst Console. Host- or Network-Based Intrusion Detection.



10. Interoperability and Correlation.

Multiple Solutions Working Together. Commercial IDS Interoperability Solutions. Correlation. SQL Databases.



11. Network-Based Intrusion-Detection Solutions.

Snort. Commercial Tools. UNIX-Based Systems. GOTS. Evaluating Intrusion-Detection Systems.



12. Future Directions.

Increasing Threat. Improved Tools. Improved Targeting. Mobile Code. Trap Doors. Sharing-The Legacy of Y2K. Trusted Insider. Improved Response. Virus Industry Revisited. Hardware-Based ID. Defense in Depth. Program-Based ID. Smart Auditors.



13. Exploits and Scans to Apply Exploits.

False Positives. IMAP Exploits. Scans to Apply Exploits. Single Exploit, Portmap.



14. Denial of Service.

Brute-Force Denial-of-Service Traces. Elegant Kills. nmap 2.53. Distributed Denial-of-Service Attacks.



15. Detection of Intelligence Gathering.

Network and Host Mapping. NetBIOS-Specific Traces. Stealth Attacks. Measuring Response Time. Viruses as Information Gatherers.



16. The Trouble with RPCs.

portmapper. dump Is a Core Component of rpcinfo. Attacks That Directly Access an RPC Service. The Big Three. Analysis Under Fire. Oh nmap!



17. Filters to Detect, Filters to Protect.

The Mechanics of Writing TCPdump Filters. Bit Masking. TCPdump IP Filters. TCPdump UDP Filters. TCPdump TCP Filters.



18. System Compromise.

Christmas Eve 1998. Where Attackers Shop. Communications Network. Anonymity.



19. The Hunt for Timex.

The Traces. The Hunt Begins. Y2K. Sources Found. Miscellaneous Findings. Summary Checklist. Epilogue and Purpose.



20. Organizational Issues.

Organizational Security Model. Defining Risk. Risk. Defining the Threat. Risk Management Is Dollar Driven. How Risky Is a Risk?.



21. Automated and Manual Response.

Automated Response. Honeypot. Manual Response.



22. Business Case for Intrusion Detection.

Part One: Management Issues. Part Two: Threats and Vulnerabilities. Part Three: Tradeoffs and Recommended Solution. Repeat the Executive Summary.



Index.

Judy Novak is a Senior Security Analyst for the Army Research Laboratory. She is one of the founding members of the three year old Computer and Security Incident Response Team which is highly regarded among the military. She has assisted in deploying intrusion detection tools and monitoring at many different military and government sites. She is an author and speaker for the SANS Institute on TCP/IP and using the Shadow intrusion detection tool for network analysis.

Intrusion detection is one of the hottest growing areas of network security. As the number of corporate, government, and educational networks grow and as they become more and more interconnected through the Internet, there is a correlating increase in the types and numbers of attacks to penetrate those networks. Intrusion Detection, Second Edition is a training aid and reference for intrusion detection analysts. This book is meant to be practical. The authors are literally the most recognized names in this specialized field, with unparalleled experience in defending our country?s government and military computer networks. People travel from all over the world to hear them speak, and this book will be a distillation of that experience. The book's approach is to introduce and ground topics through actual traffic patterns. The authors have been through the trenches and give you access to unusual and unique data.

View a Sample Chapter PDF: /samplechapter/0735710082.pdf

Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students, contact your Pearson Higher Education representative for pricing and ordering information.

This title is a member of the Landmark, which also contains the titles below . You can also visit the Landmark page.

    The goal of Developing Linux Applications is to provide a handbook for developers who are moving to the Linux platform. This book covers the GTK+ library including GLIB and GDK using C. Students will find information covered no place else—information that Linux developers need in one comprehensive development book. All of the applications and code the author developed for the title have been released under the General Public License.

  • 0735700214Developing Linux Applications
    Harlow
    © 1999 | Sams Publishing | Paper; 512 pages | Instock
    ISBN-10: 0735700214 | ISBN-13: 9780735700215
    Brief Description | Buy from myPearsonStore

    • For courses in System Administration and Windows NT/Windows 2000 Networking.

    Written for students studying Web server administrations, as well as for first-time IIS administrators and Web hosting company operators, Internet Information Services Administration highlights the best practices for running IIS in small- and large-scale environments and explains when and why to use specific options. It deals with such practical concerns as installing and managing IIS, integrating IIS with Windows 2000 security options, customizing Web sites and the FTP service, running Web applications, connecting to databases, and managing log files. Its real-world recommendations make this book an invaluable resource to those upgrading or migrating to IIS 5 in a corporate or educational environment.

  • 0735700222Internet Information Services Administration
    Adam & Stevens
    © 2000 | Sams Publishing | Paper; 192 pages | Instock
    ISBN-10: 0735700222 | ISBN-13: 9780735700222
    Brief Description | Buy from myPearsonStore

    • For advanced courses in network security.

    Intrusion Signatures and Analysis is ideal for courses looking to teach students about the concepts of intrusion detection and network security. The book opens with an introduction into the format of some of the more common detection sensors and then begins a tutorial into the unique format of the signatures and analyses used in the book. After a challenging four-chapter review, the student finds page after page of signatures, in order by categories. Then the content digs right into reaction and responses covering how sometimes what you see isn't always what is happening. The book also covers how students and analysts can spend time chasing after false positives. Also included is a section on how attacks have shut down the networks and web sites of Yahoo, and E-bay and what those attacks looked like. Students will also find review questions with answers throughout the book, to be sure they comprehend the traces and material that has been covered.

  • 0735710635Intrusion Signatures and Analysis
    Fearnow, Northcutt, Frederick & Cooper
    © 2001 | Sams Publishing | Paper; 448 pages | Instock
    ISBN-10: 0735710635 | ISBN-13: 9780735710634
    Brief Description | Buy from myPearsonStore

  • 073571195XJava for the Web with Servlets, JSP, and EJB: A Developer's Guide to J2EE Solutions
    Kurniawan
    © 2002 | Sams Publishing | Paper Bound w/CD-ROM; 992 pages | Instock
    ISBN-10: 073571195X | ISBN-13: 9780735711952
    Buy from myPearsonStore

    • For courses in Database Design.

    “MySQL and Perl for the Web” provides an extensive and detailed guide for using the combination of MySQL and Perl to build dynamic and interactive database-backed Web sites. It shows how to use Perl's DBI database access module, pairing it with the CGI.pm module that allows Web pages and forms to be generated and processed easily. These tools provide developers with a solid foundation for creating applications that incorporate database content to create dynamic, up-to-date Web sites. The book employs a practical learn-by-doing approach that demonstrates development techniques by building complete applications, not just fragmentary pieces. It shows what to do at each step of the way during the process of building live, working examples. Applications are fully explained so you can understand how they work and apply the techniques they illustrate to your own projects.

  • 0735710546MySQL and Perl for the Web
    DuBois
    © 2002 | Sams Publishing | Paper; 552 pages | Instock
    ISBN-10: 0735710546 | ISBN-13: 9780735710542
    Brief Description | Buy from myPearsonStore

    • For courses in System Administration, Windows, and Network Management.

    The authors of this book have implemented one of the largest rollouts of SMS in a production environment. They call upon their years of experience with SMS to demystify its complexities in SMS 2.0 Administration. Combining their real-world knowledge with that of other systems management experts, this book provides practical advice on, and recommendations for, dealing with SMS administration. From concept and design through installation, configuration, security, usage, and troubleshooting, SMS 2.0 Administration is a practical guide for students that uses realistic scenarios to help them make sense of SMS's sometimes confusing issues. With this book, not only will student understand SMS, they'll be able to deploy and maintain an SMS system in their own environment.

  • 0735700826SMS 2 Administration
    Doshi & Lubanski
    © 2000 | Sams Publishing | Paper; 448 pages | Instock
    ISBN-10: 0735700826 | ISBN-13: 9780735700826
    Brief Description | Buy from myPearsonStore

    • For courses in Networking.

    This book provides connectivity solutions, delivering both an understanding of technology fundamentals and their practical applications. Written for beginning to intermediate networking students, this book will give readers a framework to assess the requirements and problems of their particular environment, and the information and know-how to build the optimal network for that environment. Understanding the Network addresses the student in practical terminology, and describes the most essential information and tools required to build high-availability networks in a step-by-step implementation format. The content builds progressively toward a summary of the essential concepts needed to put together a wide-area network.

  • 0735709777Understanding the Network
    Martin
    © 2000 | Sams Publishing | Paper; 720 pages | Instock
    ISBN-10: 0735709777 | ISBN-13: 9780735709775
    Brief Description | Buy from myPearsonStore

    • For students looking to streamline their use of and development on the Linux OS, the Vi editor will be part of their toolset. An improved version of Vi, VIM (Vi iMproved) is now shipping with every major Linux distribution. VIM is a definitive, concise reference to the vi editor and takes a task oriented approach allowing students to learn only the commands that make your tasks easier.

  • 0735710015Vi iMproved (VIM)
    Oualline
    © 2001 | Sams Publishing | Paper; 624 pages | Instock
    ISBN-10: 0735710015 | ISBN-13: 9780735710016
    Brief Description | Buy from myPearsonStore

    • For courses in PHP.

    As Web sites and intranets become larger and more complex, static HTML files hit their limits. They are hard to maintain and cannot be used for advanced Web-based applications like e-commerce systems or XML data processing. PHP is the right tool for anyone wanting to create highly sophisticated Web applications. This server-side scripting language is easy to use for novice Web developers. This book teaches students the advanced aspects of Web application development. They will learn how to write applications that provide real value, how to connect databases to the Web, use XML to layout data and make large Web sites easier to maintain. In the first part of Web Application Development with PHP 4.0 the authors explain PHP's advanced syntax like classes, recursive functions and variable variables. They present software development methodologies and coding conventions which are a must-know for industry quality products as well as to help making development faster and more productive. This part also covers many standard algorithms for tree-structures, string sorting and searching. Part two focuses on the concept of Web applications (as opposed to single scripts) and gives insight into user and session management, e-commerce systems, XML applications and WDDX. The third part of the book is for students who need to take PHP to the limit: it covers extending PHP with C functions, shows PHP4's great new features and tools, such as the debugger and optimizing compiler.

  • 0735709971Web Application Development with PHP 4.0
    Ratschiller & Gerken
    © 2000 | Sams Publishing | Paper Bound w/CD-ROM; 416 pages | Instock
    ISBN-10: 0735709971 | ISBN-13: 9780735709973
    Brief Description | Buy from myPearsonStore

    • For courses in Windows NT and Windows 2000 Networking.

    For students of computer science and those focusing on operating systems and system administration, Microsoft's Active Directory is a quantum leap forward in the management, interoperability, and security of the enterprise network. More than just an overview of the features, Windows 2000 Active Directory helps students get the most out of this new tool's potential. Brovick, Hauger and Wade help students avoid obvious pitfalls while giving them detailed solutions and pragmatic advice they won't find anywhere else. Perfect for those learning the ropes of Windows 2000, this book describes the intricacies of Active Directory while keeping real-world systems and constraints in mind.

  • 0735708703Windows 2000 Active Directory
    Hauger, Wade & Brovick
    © 2000 | Sams Publishing | Paper; 416 pages | Instock
    ISBN-10: 0735708703 | ISBN-13: 9780735708709
    Brief Description | Buy from myPearsonStore

    • For courses in Windows NT and Windows 2000 Networking.

    Windows 2000 Routing and Remote Access Service will show students how to create cost-effective and secure remote access across the network. Author Kackie Charles uses concrete examples to demonstrate how to smoothly integrate Windows 2000 routing with existing routing infrastructure, and connect the network and users while maximizing available bandwidth. With featured coverage on new authentication methods, routing protocols, and configuration of the Windows 2000 router, Kackie draws on her years of experience to guide students through essential RRAS topics, such as advanced administration, Virtual Private Networking, the Internet Authentication Service, design issues, security, and troubleshooting.

  • 0735709513Windows 2000 Routing and Remote Access Service
    Charles
    © 2000 | Sams Publishing | Paper; 400 pages | Instock
    ISBN-10: 0735709513 | ISBN-13: 9780735709515
    Brief Description | Buy from myPearsonStore

    • This book is a solutions-driven guide shows you how to manage hardware, Windows NT Workstation and other clients, notebook computers, application software, and Internet settings in the most efficient and cost-effective manner possible.

  • 1562059416Windows NT Registry
    Osborne
    © 1998 | Sams Publishing | Paper; 576 pages | Instock
    ISBN-10: 1562059416 | ISBN-13: 9781562059415
    Brief Description | Buy from myPearsonStore

  • 157870264XWriting Information Security Policies
    Barman
    © 2002 | Sams Publishing | Paper; 240 pages | Estimated Availability: 11/02/2001
    ISBN-10: 157870264X | ISBN-13: 9781578702640
    Buy from myPearsonStore

  • 0735712271XML and PHP
    Vaswani
    © 2003 | Sams Publishing | Paper; 384 pages | Instock
    ISBN-10: 0735712271 | ISBN-13: 9780735712270
    Buy from myPearsonStore

Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students contact your Pearson Higher Education representative.


Copyright ©2008 Pearson Education. All rights reserved. Legal Notice | Privacy Policy | Permissions