Intrusion Detection: Network Security beyond the F

文件名称: Intrusion Detection: Network Security beyond the Firewall

所属分类: Access

开发工具:

文件大小: 813kb

下载次数: 0

上传时间: 2009-02-18

提供者: shenxins*********

下载 (813kb)

不能下载？报告错误

详细说明： Introduction Preface Acknowledgments PART 1—Before Intrusion Detection: Traditional Computer Security Chapter 1—Intrusion Detection and the Classic Security Model Back to Basics: The Classic Security Model Goals of Computer Security Learn to Ask Tough Questions A Basic Computer Security Model The Reference Monitor What Makes a Good Reference Monitor Enhancing the Security Model Further Identification and Authentication (I&A) Access Control Auditing Classifying Security Products with a Nod to Intrusion Detect ion Identification and Authentication Access Control Scanners Intrusion Detection and Monitoring Additional Product Differences Prevention, Detection, and Response with Intrusion Detection Where to Go from Here Chapter 2—The Role of Identification and Authentication in Your Environment Identification and Authentication in UNIX Users and Groups Superuser What Are the Subjects in UNIX? UNIX Login UNIX Password Mechanism Storing Passwords in a Central Server Identification and Authentication in NT Users and Groups in NT Subjects in NT NT Login Security NT Authentication Using a Domain Controller How Hackers Exploit Weaknesses in Password Security Easily Guessed Passwords Brute Force Attacks Social Engineering Trojan Horses Network Sniffing Electromagnetic Emissions Monitoring Software Bugs Improving upon I&A with Authentication Servers Third-Party Authentication A Cryptography Primer Ideas for Improving I&A Security One-Time Passwords Strong Authentication One-Time Passwords and One-Time Pads Two-Factor Authentication Challenge-Response Authentication The Need for Intrusion Detection Biometrics Chapter 3—The Role of Access Control in Your Environment Configuration Problems Program Bugs What Is Access Control? How Are Access Control Decisions Made? Access Control Lists Who Are You? Access Control in UNIX Who Are You in the UNIX Environment? UNIX File and Directory Permissions Are You Remembering to Ask Tough Questions? Link Counts, Hard Links, and Symbolic Links Increasing Your Privileges or Capabilities Background Processes and Credentials Access Control in NT NT Rights and Privileges Who Are You in NT? Permissions for NT Files and Directories How Hackers Get around Access Control How to Improve upon Access Control Memco SeOS APIs Impact of SeOS on Base Operating System Security SeOS Auditing Other SeOS Features Going beyond SeOS Why You Still Need Intrusion Detection Chapter 4—Traditional Network Security Approaches Layers of Network Security Security between Layers on a System Security between Peer Layers across Systems I&A for Network Security Entities How Hackers Exploit Protocols How Many Network Entities Are There? I&A for Users and Groups in a Network Security Models within Models Network Node I&A Software Can Be a Network Entity Network Access Control Network Application Access Controls The Importance of Naming The Internet Protocol (IP) Probing Network Paths Problems at the IP Layer Are Your Mission-Critical Applications Safe from Attacks? IPsec Supporting Protocols for IP Address Resolution Protocol (ARP) Domain Name System (DNS) Routing Interchange Protocol (RIP) User Datagram Protocol (UDP) Port Security UDP Security Concerns Transmission Control Protocol (TCP) TCP/IP Security Concerns TCP/IP Application Security Trusted Hosts The Role of the Firewall in Traditional Security What Is a Firewall? Packet Filters Provide Access Control Services Application Proxies Provide Access Control Firewalls Provide IP Security IP Sec or Application Security How Complex Is Your Network Security? Why Intrusion Detection Is Needed after Network Security PART 2—Intrusion Detection: Beyond Traditional Security Chapter 5—Intrusion Detection and Why You Need It Do You Have Protection? The Role of Intrusion Detection Beyond I&A Beyond Access Control Beyond Network Security Intrusion Detection: Concepts and Definitions IDS Engine Categories Real Time or Interval Based Data Source A Generic IDS Model Getting Ready to Look for Hacker Trade Chapter 6—Detecting Intruders on Your System Is Fun and Easy Classes of Attacks Internal Attacks External Threats Layers of Information Sources Warning: Opportunities for Hackers! Commercial IDS Layering How Does One Get the Data? Intrusion Detection Inside a Firewall Relying on Others for Data System Data Sources syslog Audit Trails Tracing the Path of Activity Can Be Difficult Monitoring Policies Simple or Complex Attacks Prepare to Scan for Weaknesses Chapter 7—Vulnerability Scanners What Is a Scanner? Characteristics of Scanners Local Scanners Remote Scanning How a Scanner Works Improving Your Security with Scanners ISS SAFESuite Other Scanners Ballista IBM Network Security Auditor Keeping the Scanners Current Are You Done Yet? Chapter 8—UNIX System-Level IDSs Detecting Hacks with Stalker Audit Management Tracer/Browser Misuse Detector Attacks Detected by Stalker Is Stalker Right for You? Some Alternative Stalker Configurations Detecting Hacks with the Computer Misuse Detection System How CMDS Works Other IDS Features to Consider Ease of Set Up Distributed Intrusion Detection Monitoring and Privacy Finding New Attacks General Event Monitoring or Intrusion Detection Using Audit Logs to Find Attacks Two Main Reasons for Vulnerabilities Notation A Word about Sequences Focusing on Local Attacks An IDS Limitation The Scope Problem and Memory Requirements Why You’re Not Finished Yet Chapter 9—Sniffing for Intruders How Network IDSs Work Networks and Subnets Network IDSs Sniff Network Traffic Other Network IDS Features Network IDS Attack Recognition Fragmented IP Packets Advantages of Network IDSs Limitations of Network Packet Sniffing Network Sniffers Do Not See All Packets Network Sniffers Are Blinded by Encryption Missed System-Level Attacks The Network IDS Is Not the Destination Node Getting around the Encryption Problem Which Product Has the Best Nose? IBM and NetRanger RealSecure Network Flight Recorder Will Intrusion Detection Be Enough? Chapter 10—Intrusion Detection for NT NT Security Review Sources of Data for NT IDSs NT Event Log Event Records What to Monitor on NT Increased Privileges Impersonation Remote Attacks Local Vulnerabilities Intrusion Detection Products for NT Look for These Features Centrax For Further Thought PART 3—Rounding Out Your Environment Chapter 11—You’ve Been Hit! Be Prepared Discovery and Detection Responding to Intrusions Should You Pursue Your Attacker? Chapter 12—Intrusion Detection: Not the Last Chapter When It Comes to Security Traditional Computer Security The Basic Security Model I&A Access Control Network Security The Rationale for IDSs Types of IDSs Scanners System-Level IDSs Network Sniffers Improving upon IDSs Increase Application-Level Detection Adapt to Changing I&A Support Common Systems Management Simplify Development of Attack Signatures Combine Products Support Integration into Other Products Support Research Self Reference and IDSs Take It Away Bibliography Appendix A Index ...展开收缩

(系统自动生成,下载前可以参看下载内容)