Managing security with Snort and IDS tools
Intrusion detection is not for the faint at heart. But, if you are a network administrator chances are you're under increasing pressure to ensure that mission-critical systems are safe--in fact impenetrable--from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinti...
| Autor principal: | |
|---|---|
| Otros Autores: | |
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Beijing ; Sebastopol, California :
O'Reilly
2004.
|
| Edición: | First edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009626960106719 |
Tabla de Contenidos:
- Managing Security with Snort and IDS Tools; About This Book; Assumptions This Book Makes; Chapter Synopsis; Conventions Used in This Book; Comments and Questions; Acknowledgments; Christopher Gerg; 1. Introduction; 1.2. Defense-in-Depth; 1.3. Detecting Intrusions (a Hierarchy of Approaches); 1.4. What Is NIDS (and What Is an Intrusion)?; 1.5. The Challenges of Network Intrusion Detection; 1.5.2. False Positives; 1.5.3. Missing Prerequisites; 1.5.4. Unrealistic Expectations; 1.6. Why Snort as an NIDS?; 1.7. Sites of Interest; 2. Network Traffic Analysis; 2.1.2. UDP; 2.1.3. IP; 2.1.4. ICMP
- 2.1.5. ARP2.2. Dissecting a Network Packet; 2.2.2. The TCP Header; 2.3. Packet Sniffing; 2.4. Installing tcpdump; 2.5. tcpdump Basics; 2.6. Examining tcpdump Output; 2.7. Running tcpdump; 2.7.2. tcpdump Filters; 2.7.3. tcpdump Capture of the TCP Three-Way Handshake; 2.8. ethereal; 2.8.2. Available Options; 2.8.3. ethereal Capture of TCP Three-Way Handshake; 2.8.4. Tethereal; 2.9. Sites of Interest; 3. Installing Snort; 3.2. Installing Snort; 3.2.2. Windows Installations; 3.2.3. Staying Current; 3.3. Command-Line Options; 3.4. Modes of Operation; 3.4.2. Snort as a Packet Logger
- 3.4.3. Snort as an NIDS: Quick and Dirty3.4.3.2. Initial configuration of the snort.conf file; 4. Know Your Enemy; 4.1.2. Professionals; 4.1.3. Disgruntled Current and Former Employees and Contractors; 4.1.4. Robots and Worms; 4.2. Anatomy of an Attack: The Five Ps; 4.2.1.2. Portscans and software version-mapping; 4.2.1.3. Automated vulnerability scanners; 4.2.1.4. Web page scanners; 4.2.1.5. Other probe tools; 4.2.2. Penetrate; 4.2.2.2. Buffer overflows; 4.2.2.3. Application behavior boundary flaws; 4.2.2.4. System configuration errors; 4.2.2.5. User input validation problems; 4.2.3. Persist
- 4.2.4. Propagate4.2.5. Paralyze; 4.3. Denial-of-Service; 4.4. IDS Evasion; 4.5. Sites of Interest; 5. The snort.conf File; 5.2. Snort Decoder and Detection Engine Configuration; 5.3. Preprocessor Configurations; 5.3.2. frag2; 5.3.3. stream4; 5.3.4. stream4_reassemble; 5.3.5. HTTP Inspect Preprocessor; 5.3.5.2. http_inspect_server; 5.3.6. rpc_decode; 5.3.7. bo; 5.3.8. telnet_decode; 5.3.9. flow-portscan; 5.3.10. arpspoof; 5.3.11. perfmonitor; 5.4. Output Configurations; 5.4.2. log_tcpdump; 5.4.3. Database; 5.4.3.2. PostgreSQL; 5.4.3.3. ODBC; 5.4.3.4. MsSQL; 5.4.3.5. Oracle; 5.4.4. unified
- 5.5. File Inclusions6. Deploying Snort; 6.2. Initial Configuration; 6.3. Sensor Placement; 6.3.2. Creating Connection Points; 6.3.3. Encrypted Traffic; 6.4. Securing the Sensor Itself; 6.4.2. Configure Interfaces; 6.4.3. Disable Unnecessary Services; 6.4.4. Apply Patches and Updates; 6.4.5. Utilize Robust Authentication; 6.4.6. Monitor System Logs; 6.5. Using Snort More Effectively; 6.6. Sites of Interest; 7. Creating and Managing Snort Rules; 7.2. The Rule Sets; 7.3. Creating Your Own Rules; 7.3.2. Rule Options; 7.3.3. Common Rule Options; 7.4. Rule Execution; 7.5. Keeping Things Up-to-Date
- 7.6. Sites of Interest
