文件名称:
Intrusion Detection: Network Security beyond the Firewall
开发工具:
文件大小: 813kb
下载次数: 0
上传时间: 2009-02-18
详细说明: Introduction Preface Acknowledgments PART 1—Before Intrusion Detection: Traditional Computer Security Chapter 1—Intrusion Detection and the Classic Security Model Back to Basics: The Classic Security Model Goals of Computer Security Learn to Ask Tough Questions A Basic Computer Security Model The Reference Monitor What Makes a Good Reference Monitor Enhancing the Security Model Further Identification and Authentication (I&A) Access Control Auditing Classifying Security Products with a Nod to Intrusion Detect ion Identification and Authentication Access Control Scanners Intrusion Detection and Monitoring Additional Product Differences Prevention, Detection, and Response with Intrusion Detection Where to Go from Here Chapter 2—The Role of Identification and Authentication in Your Environment Identification and Authentication in UNIX Users and Groups Superuser What Are the Subjects in UNIX? UNIX Login UNIX Password Mechanism Storing Passwords in a Central Server Identification and Authentication in NT Users and Groups in NT Subjects in NT NT Login Security NT Authentication Using a Domain Controller How Hackers Exploit Weaknesses in Password Security Easily Guessed Passwords Brute Force Attacks Social Engineering Trojan Horses Network Sniffing Electromagnetic Emissions Monitoring Software Bugs Improving upon I&A with Authentication Servers Third-Party Authentication A Cryptography Primer Ideas for Improving I&A Security One-Time Passwords Strong Authentication One-Time Passwords and One-Time Pads Two-Factor Authentication Challenge-Response Authentication The Need for Intrusion Detection Biometrics Chapter 3—The Role of Access Control in Your Environment Configuration Problems Program Bugs What Is Access Control? How Are Access Control Decisions Made? Access Control Lists Who Are You? Access Control in UNIX Who Are You in the UNIX Environment? UNIX File and Directory Permissions Are You Remembering to Ask Tough Questions? Link Counts, Hard Links, and Symbolic Links Increasing Your Privileges or Capabilities Background Processes and Credentials Access Control in NT NT Rights and Privileges Who Are You in NT? Permissions for NT Files and Directories How Hackers Get around Access Control How to Improve upon Access Control Memco SeOS APIs Impact of SeOS on Base Operating System Security SeOS Auditing Other SeOS Features Going beyond SeOS Why You Still Need Intrusion Detection Chapter 4—Traditional Network Security Approaches Layers of Network Security Security between Layers on a System Security between Peer Layers across Systems I&A for Network Security Entities How Hackers Exploit Protocols How Many Network Entities Are There? I&A for Users and Groups in a Network Security Models within Models Network Node I&A Software Can Be a Network Entity Network Access Control Network Application Access Controls The Importance of Naming The Internet Protocol (IP) Probing Network Paths Problems at the IP Layer Are Your Mission-Critical Applications Safe from Attacks? IPsec Supporting Protocols for IP Address Resolution Protocol (ARP) Domain Name System (DNS) Routing Interchange Protocol (RIP) User Datagram Protocol (UDP) Port Security UDP Security Concerns Transmission Control Protocol (TCP) TCP/IP Security Concerns TCP/IP Application Security Trusted Hosts The Role of the Firewall in Traditional Security What Is a Firewall? Packet Filters Provide Access Control Services Application Proxies Provide Access Control Firewalls Provide IP Security IP Sec or Application Security How Complex Is Your Network Security? Why Intrusion Detection Is Needed after Network Security PART 2—Intrusion Detection: Beyond Traditional Security Chapter 5—Intrusion Detection and Why You Need It Do You Have Protection? The Role of Intrusion Detection Beyond I&A Beyond Access Control Beyond Network Security Intrusion Detection: Concepts and Definitions IDS Engine Categories Real Time or Interval Based Data Source A Generic IDS Model Getting Ready to Look for Hacker Trade Chapter 6—Detecting Intruders on Your System Is Fun and Easy Classes of Attacks Internal Attacks External Threats Layers of Information Sources Warning: Opportunities for Hackers! Commercial IDS Layering How Does One Get the Data? Intrusion Detection Inside a Firewall Relying on Others for Data System Data Sources syslog Audit Trails Tracing the Path of Activity Can Be Difficult Monitoring Policies Simple or Complex Attacks Prepare to Scan for Weaknesses Chapter 7—Vulnerability Scanners What Is a Scanner? Characteristics of Scanners Local Scanners Remote Scanning How a Scanner Works Improving Your Security with Scanners ISS SAFESuite Other Scanners Ballista IBM Network Security Auditor Keeping the Scanners Current Are You Done Yet? Chapter 8—UNIX System-Level IDSs Detecting Hacks with Stalker Audit Management Tracer/Browser Misuse Detector Attacks Detected by Stalker Is Stalker Right for You? Some Alternative Stalker Configurations Detecting Hacks with the Computer Misuse Detection System How CMDS Works Other IDS Features to Consider Ease of Set Up Distributed Intrusion Detection Monitoring and Privacy Finding New Attacks General Event Monitoring or Intrusion Detection Using Audit Logs to Find Attacks Two Main Reasons for Vulnerabilities Notation A Word about Sequences Focusing on Local Attacks An IDS Limitation The Scope Problem and Memory Requirements Why You’re Not Finished Yet Chapter 9—Sniffing for Intruders How Network IDSs Work Networks and Subnets Network IDSs Sniff Network Traffic Other Network IDS Features Network IDS Attack Recognition Fragmented IP Packets Advantages of Network IDSs Limitations of Network Packet Sniffing Network Sniffers Do Not See All Packets Network Sniffers Are Blinded by Encryption Missed System-Level Attacks The Network IDS Is Not the Destination Node Getting around the Encryption Problem Which Product Has the Best Nose? IBM and NetRanger RealSecure Network Flight Recorder Will Intrusion Detection Be Enough? Chapter 10—Intrusion Detection for NT NT Security Review Sources of Data for NT IDSs NT Event Log Event Records What to Monitor on NT Increased Privileges Impersonation Remote Attacks Local Vulnerabilities Intrusion Detection Products for NT Look for These Features Centrax For Further Thought PART 3—Rounding Out Your Environment Chapter 11—You’ve Been Hit! Be Prepared Discovery and Detection Responding to Intrusions Should You Pursue Your Attacker? Chapter 12—Intrusion Detection: Not the Last Chapter When It Comes to Security Traditional Computer Security The Basic Security Model I&A Access Control Network Security The Rationale for IDSs Types of IDSs Scanners System-Level IDSs Network Sniffers Improving upon IDSs Increase Application-Level Detection Adapt to Changing I&A Support Common Systems Management Simplify Development of Attack Signatures Combine Products Support Integration into Other Products Support Research Self Reference and IDSs Take It Away Bibliography Appendix A Index ...展开收缩
(系统自动生成,下载前可以参看下载内容)
下载文件列表
相关说明
- 本站资源为会员上传分享交流与学习,如有侵犯您的权益,请联系我们删除.
- 本站是交换下载平台,提供交流渠道,下载内容来自于网络,除下载问题外,其它问题请自行百度。
- 本站已设置防盗链,请勿用迅雷、QQ旋风等多线程下载软件下载资源,下载后用WinRAR最新版进行解压.
- 如果您发现内容无法下载,请稍后再次尝试;或者到消费记录里找到下载记录反馈给我们.
- 下载后发现下载的内容跟说明不相乎,请到消费记录里找到下载记录反馈给我们,经确认后退回积分.
- 如下载前有疑问,可以通过点击"提供者"的名字,查看对方的联系方式,联系对方咨询.