Book description
“Practical Intrusion Analysis provides a solid fundamental overview of the art and science of intrusion analysis.”
–Nate Miller, Cofounder, Stratum Security
The Only Definitive Guide to New State-of-the-Art Techniques in Intrusion Detection and Prevention
Recently, powerful innovations in intrusion detection and prevention have evolved in response to emerging threats and changing business environments. However, security practitioners have found little reliable, usable information about these new IDS/IPS technologies. In Practical Intrusion Analysis, one of the field’s leading experts brings together these innovations for the first time and demonstrates how they can be used to analyze attacks, mitigate damage, and track attackers.
Ryan Trost reviews the fundamental techniques and business drivers of intrusion detection and prevention by analyzing today’s new vulnerabilities and attack vectors. Next, he presents complete explanations of powerful new IDS/IPS methodologies based on Network Behavioral Analysis (NBA), data visualization, geospatial analysis, and more.
Writing for security practitioners and managers at all experience levels, Trost introduces new solutions for virtually every environment. Coverage includes
Assessing the strengths and limitations of mainstream monitoring tools and IDS technologies
Using Attack Graphs to map paths of network vulnerability and becoming more proactive about preventing intrusions
Analyzing network behavior to immediately detect polymorphic worms, zero-day exploits, and botnet DoS attacks
Understanding the theory, advantages, and disadvantages of the latest Web Application Firewalls
Implementing IDS/IPS systems that protect wireless data traffic
Enhancing your intrusion detection efforts by converging with physical security defenses
Identifying attackers’ “geographical fingerprints” and using that information to respond more effectively
Visualizing data traffic to identify suspicious patterns more quickly
Revisiting intrusion detection ROI in light of new threats, compliance risks, and technical alternatives
Includes contributions from these leading network security experts:
Jeff Forristal, a.k.a. Rain Forest Puppy, senior security professional and creator of libwhisker
Seth Fogie, CEO, Airscanner USA; leading-edge mobile security
researcher; coauthor of Security Warrior
Dr. Sushil Jajodia, Director, Center for Secure Information Systems; founding Editor-in-Chief, Journal of Computer Security
Dr. Steven Noel, Associate Director and Senior Research Scientist, Center for Secure Information Systems, George Mason University
Alex Kirk, Member, Sourcefire Vulnerability Research Team
Table of contents
- Title Page
- Copyright Page
- Contents
- Preface
- Acknowledgments
- About the Author
- About the Contributing Authors
- 1. Network Overview
- 2. Infrastructure Monitoring
- 3. Intrusion Detection Systems
- 4. Lifecycle of a Vulnerability
- 5. Proactive Intrusion Prevention and Response via Attack Graphs
- 6. Network Flows and Anomaly Detection
- 7. Web Application Firewalls
- 8. Wireless IDS/IPS
- 9. Physical Intrusion Detection for IT
- 10. Geospatial Intrusion Detection
- 11. Visual Data Communications
- 12. Return on Investment: Business Justification
- A. Bro Installation Guide
- Index
Product information
- Title: Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century
- Author(s):
- Release date: June 2009
- Publisher(s): Addison-Wesley Professional
- ISBN: 9780321591807
You might also like
book
Network Intrusion Detection, Third Edition
The Chief Information Warfare Officer for the entire United States teaches you how to protect your …
book
Network Intrusion Analysis
Nearly every business depends on its network to provide information services to carry out essential activities, …
book
The Tao of Network Security Monitoring Beyond Intrusion Detection
"The book you are about to read will arm you with the knowledge you need to …
book
The Practice of Network Security Monitoring
Network security is not simply about building impenetrable walls — determined attackers will eventually overcome traditional …