買這商品的人也買了...
-
$520$442 -
$680$537 -
$2,210$2,100 -
$1,400$1,330 -
$980$774 -
$780CMMI: Guidelines for Process Integration and Product Improvement (Harcover)
-
$760$600 -
$590$466 -
$750$675 -
$560$504 -
$560$476 -
$480$379 -
$750$593 -
$590$460 -
$3,010$2,860 -
$490$382 -
$620$490 -
$540$427 -
$990$782 -
$580$493 -
$480$408 -
$650$514 -
$780$663 -
$2,340$2,223 -
$1,078Operating System Principles, 7/e(IE) (美國版ISBN:0471694665-Operating System Concepts, 7/e) (平裝)
相關主題
商品描述
Description:
Intrusion detection is not for the faint at heart. But, if you are a network administrator chances are you're under increasing pressure to ensure that mission-critical systems are safe--in fact impenetrable--from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders.
Designing a reliable way to detect intruders before they get in is a vital but daunting challenge. Because of this, a plethora of complex, sophisticated, and pricy software solutions are now available. In terms of raw power and features, SNORT, the most commonly used Open Source Intrusion Detection System, (IDS) has begun to eclipse many expensive proprietary IDSes. In terms of documentation or ease of use, however, SNORT can seem overwhelming. Which output plugin to use? How do you to email alerts to yourself? Most importantly, how do you sort through the immense amount of information Snort makes available to you?
Many intrusion detection books are long on theory but short on specifics and practical examples. Not Managing Security with Snort and IDS Tools. This new book is a thorough, exceptionally practical guide to managing network security using Snort 2.1 (the latest release) and dozens of other high-quality open source other open source intrusion detection programs.
Managing Security with Snort and IDS Tools covers reliable methods for detecting network intruders, from using simple packet sniffers to more sophisticated IDS (Intrusion Detection Systems) applications and the GUI interfaces for managing them. A comprehensive but concise guide for monitoring illegal entry attempts, this invaluable new book explains how to shut down and secure workstations, servers, firewalls, routers, sensors and other network devices.
Step-by-step instructions are provided to quickly get up and running with Snort. Each chapter includes links for the programs discussed, and additional links at the end of the book give administrators access to numerous web sites for additional information and instructional material that will satisfy even the most serious security enthusiasts.
Managing Security with Snort and IDS Tools maps out a proactive--and effective--approach to keeping your systems safe from attack.
Table of Contents:
Preface
1. Introduction
Disappearing Perimeters
Defense-in-Depth
Detecting Intrusions (a Hierarchy of Approaches)
What Is NIDS (and What Is an Intrusion)?
The Challenges of Network Intrusion Detection
Why Snort as an NIDS?
Sites of Interest2. Network Traffic Analysis
The TCP/IP Suite of Protocols
Dissecting a Network Packet
Packet Sniffing
Installing tcpdump
tcpdump Basics
Examining tcpdump Output
Running tcpdump
ethereal
Sites of Interest3. Installing Snort
About Snort
Installing Snort
Command-Line Options
Modes of Operation4. Know Your Enemy
The Bad Guys
Anatomy of an Attack: The Five Ps
Denial-of-Service
IDS Evasion
Sites of Interest5. The snort.conf File
Network and Configuration Variables
Snort Decoder and Detection Engine Configuration
Preprocessor Configurations
Output Configurations
File Inclusions6. Deploying Snort
Deploy NIDS with Your Eyes Open
Initial Configuration
Sensor Placement
Securing the Sensor Itself
Using Snort More Effectively
Site of Interest7. Creating and Managing Snort Rules
Downloading the Rules
The Rule Sets
Creating Your Own Rules
Rule Execution
Keeping Things Up-to-Date
Interesting Sites8. Intrusion Prevention
Intrusion Prevention Strategies
IPS Deployment Risks
Flexible Response with Snort
The Snort Inline Patch
Controlling Your Border
Sites of Interest9. Tuning and Thresholding
False Positives (False Alarms)
False Negatives (Missed Alerts)
Initial Configuration and Tuning
Pass Rules
Thresholding and Suppression10. Using ACID as a Snort IDS Management Console
Software Installation and Configuration
ACID Console Installation
Accessing the ACID Console
Analyzing the Captured Data
Sites of Interest11. Using SnortCenter as a Snort IDS Management Console
SnortCenter Console Installation
SnortCenter Agent Installation
SnortCenter Management Console
Logging In and Surveying the Layout
Adding Sensors to the Console
Managing Tasks12. Additional Tools for Snort IDS Management
Open Source Solutions
Commercial Solutions13. Strategies for High-Bandwidth Implementations of Snort
Barnyard (and Sguil)
Commericial IDS Load Balancers
The IDS Distribution System (I(DS)2)A. Snort and ACID Database Schema
B. The Default snort.conf File
C. Resources
Index
商品描述(中文翻譯)
描述:
入侵檢測不是給膽小的人。但是,如果你是一個網絡管理員,你很可能面臨越來越大的壓力,要確保使命關鍵系統是安全的-事實上是無法被惡意代碼、緩衝區溢出、隱蔽端口掃描、SMB探測、操作系統指紋識別嘗試、CGI攻擊和其他網絡入侵者所侵入的。設計一種可靠的方法來在入侵者進入之前檢測到他們是一個重要但令人生畏的挑戰。因此,現在有大量複雜、精密且昂貴的軟件解決方案可供選擇。就原始動力和功能而言,最常用的開源入侵檢測系統(IDS)SNORT已經開始超越許多昂貴的專有IDS。然而,就文檔或使用便捷性而言,SNORT可能會讓人感到不知所措。該使用哪個輸出插件?如何將警報發送到自己的郵箱?最重要的是,如何整理Snort提供的大量信息?許多入侵檢測書籍在理論上很長,但在具體和實際示例上很短。《使用Snort和IDS工具管理安全性》不是這樣。這本新書是一本全面而實用的指南,介紹了如何使用Snort 2.1(最新版本)和其他許多高質量的開源入侵檢測程序來管理網絡安全。它涵蓋了從使用簡單的封包嗅探器到更複雜的IDS(入侵檢測系統)應用程序和用於管理它們的GUI界面的可靠方法來檢測網絡入侵者。這本寶貴的新書提供了逐步指南,以快速上手使用Snort。每章都包含所討論程序的鏈接,書末的其他鏈接為管理員提供了許多網站,以獲取更多信息和教材,滿足最嚴肅的安全愛好者的需求。《使用Snort和IDS工具管理安全性》制定了一種積極而有效的方法,以保護系統免受攻擊。
目錄:
前言
1. 簡介
- 消失的邊界
- 深度防禦
- 檢測入侵(一種層次結構的方法)
- 什麼是NIDS(什麼是入侵)?
- 網絡入侵檢測的挑戰
- 為什麼選擇Snort作為NIDS?
- 相關網站
2. 網絡流量分析
- TCP/IP協議套件
- 解析網絡封包
- 封包嗅探
- 安裝tcpdump
- tcpdump基礎知識
- 檢查tcpdump輸出
- 運行tcpdump
- ethereal
- 相關網站
3. 安裝Snort
- 關於Snort
- 安裝Snort
- ...