- ホーム
- > 洋書
- > 英文書
- > Internet / General
Full Description
For the first time ever in 2004, virus costs outpaced the costs for any other type of security incident. A new technology called Intrusion Prevention Systems (IPS) greatly mitigates the virus problem. IPS can be loosely defined as any device or software which exercises access control to protect computers from exploitation. The wide-scale adoption of IPS is inevitable as Corporations know they need to strengthen their defenses against viruses. Intrusion Prevention Fundamentals can help sort out all the claims, technical literature, and marketing buzzwords. This valuable, fundamental resource will help readers know how the technology works, what problems it can solve, how it is deployed, and where it fits in the security marketplace. The book offers an introduction and in-depth overview of IPS technology. The use of real-world scenarios and case studies are used to walk through the lifecycle of an IPS project from needs definition to deployment. Common concerns, such as how IPS works, the security needs IPS can address, how IPS works with other security products, how is IPS deployed, and what should be considered prior to a deployment are answered. The RFP/RFI guidelines, a return on investment calculator, a sample statement of work (task list, general time frames, etc. for an IPS deployment), and a HIPS/NIPS comparison matrix are included in the book.
Contents
Part I Intrusion Prevention OverviewChapter 1 Intrusion Prevention Overview Evolution of Computer Security Threats Technology Adoption Target ValueAttack CharacteristicsAttack ExamplesEvolution of Attack MitigationHostNetworkIPS CapabilitiesAttack PreventionRegulatory ComplianceSummaryTechnology AdoptionTarget ValueAttack CharacteristicsChapter 2 Signatures and ActionsSignature TypesAtomic SignaturesStateful SignaturesSignature TriggersPattern DetectionAnomaly-Based DetectionBehavior-Based DetectionSignature ActionsAlert Signature ActionDrop Signature ActionLog Signature ActionBlock Signature ActionTCP Reset Signature ActionAllow Signature ActionSummaryChapter 3 Operational TasksDeploying IPS Devices and ApplicationsDeploying Host IPSDeploying Network IPSConfiguring IPS Devices and ApplicationsSignature TuningEvent ResponseSoftware UpdatesConfiguration UpdatesDevice FailureMonitoring IPS ActivitiesManagement MethodEvent CorrelationSecurity StaffIncident Response PlanSecuring IPS CommunicationsManagement CommunicationDevice-to-Device CommunicationSummaryChapter 4 Security in DepthDefense-in-Depth ExamplesExternal Attack Against a Corporate DatabaseInternal Attack Against a Management ServerThe Security PolicyThe Future of IPSIntrinsic IPSCollaboration Between LayersSummaryPart II Host Intrusion PreventionChapter 5 Host Intrusion Prevention OverviewHost Intrusion Prevention CapabilitiesBlocking Malicious Code ActivitiesNot Disrupting Normal OperationsDistinguishing Between Attacks and Normal EventsStopping New and Unknown AttacksProtecting Against Flaws in Permitted ApplicationsHost Intrusion Prevention BenefitsAttack PreventionPatch ReliefInternal Attack Propagation PreventionPolicy EnforcementAcceptable Use Policy EnforcementRegulatory RequirementsHost Intrusion Prevention LimitationsSubject to End User TamperingLack of Complete CoverageAttacks That Do Not Target HostsSummaryReferences in This ChapterChapter 6 HIPS ComponentsEndpoint AgentsIdentifying the Resource Being AccessedGathering Data About the OperationDetermining the StateConsulting the Security PolicyTaking ActionManagement InfrastructureManagement CenterManagement InterfaceSummaryPart III Network Intrusion PreventionChapter 7 Network Intrusion Prevention OverviewNetwork Intrusion Prevention CapabilitiesDropping a Single PacketDropping All Packets for a ConnectionDropping All Traffic from a Source IPNetwork Intrusion Prevention BenefitsTraffic NormalizationSecurity Policy EnforcementNetwork Intrusion Prevention LimitationsHybrid IPS/IDS SystemsShared IDS/IPS CapabilitiesGenerating AlertsInitiating IP LoggingResetting TCP ConnectionsInitiating IP BlockingSummaryChapter 8 NIPS ComponentsSensor CapabilitiesSensor Processing CapacitySensor InterfacesSensor Form FactorCapturing Network TrafficCapturing Traffic for In-line ModeCapturing Traffic for Promiscuous ModeAnalyzing Network TrafficAtomic OperationsStateful OperationsProtocol Decode OperationsAnomaly OperationsNormalizing OperationsResponding to Network TrafficAlerting ActionsLogging ActionsBlocking ActionsDropping ActionsSensor Management and MonitoringSmall Sensor DeploymentsLarge Sensor DeploymentsSummaryPart IV Deployment SolutionsChapter 9 Cisco Security Agent DeploymentStep1: Understand the ProductComponentsCapabilitiesStep 2: Predeployment PlanningReview the Security PolicyDefine Project GoalsSelect and Classify Target HostsPlan for Ongoing ManagementChoose the Appropriate Management ArchitectureStep 3: Implement ManagementInstall and Secure the CSA MCUnderstand the MCConfigure GroupsConfigure PoliciesStep 4: PilotScopeObjectivesStep 5: TuningStep 6: Full DeploymentStep 7: Finalize the ProjectSummaryUnderstand the ProductPredeployment PlanningImplement ManagementPilotTuningFull DeploymentFinalize the ProjectChapter 10 Deploying Cisco Network IPSStep 1: Understand the ProductSensors AvailableIn-line SupportManagement and Monitoring OptionsNIPS CapabilitiesSignature Database and Update ScheduleStep 2: Predeployment PlanningReview the Security PolicyDefine Deployment GoalsSelect and Classify Sensor Deployment LocationsPlan for Ongoing ManagementChoose the Appropriate Management ArchitectureStep 3: Sensor DeploymentUnderstand Sensor CLI and IDMInstall SensorsInstall and Secure the IPS MC and Understand the Management CenterStep 4: TuningIdentify False PositivesConfigure Signature FiltersConfigure Signature ActionsStep 5: Finalize the ProjectSummaryUnderstand the ProductPredeployment PlanningSensor DeploymentTuningFinalize the ProjectChapter 11 Deployment ScenariosLarge EnterpriseLimiting FactorsSecurity Policy GoalsHIPS ImplementationNIPS ImplementationBranch OfficeLimiting FactorsSecurity Policy GoalsHIPS ImplementationNIPS ImplementationMedium Financial EnterpriseLimiting FactorsSecurity Policy GoalsHIPS ImplementationNIPS ImplementationMedium Educational InstitutionLimiting FactorsSecurity Policy GoalsHIPS ImplementationNIPS ImplementationSmall OfficeLimiting FactorsSecurity Policy GoalsHIPS ImplementationNIPS ImplementationHome OfficeLimiting FactorsSecurity Policy GoalsHIPS ImplementationNIPS ImplementationSummaryLarge EnterpriseBranch OfficeMedium Financial EnterpriseMedium Educational InstitutionSmall OfficeHome OfficePart V AppendixAppendix AGlossary1587052393TOC121905
