買這商品的人也買了...
-
資料結構-使用 C++ (Fundamentals of Data Structures in C++)$520$411 -
計算機組織與設計--軟硬體界面第二版 (Computer Organization & Design, 2/e)$680$537 -
Network Programming with Perl$2,260$2,147 -
Learning Perl, 3/e$1,430$1,359 -
C++ Primer, 3/e 中文版$980$774 -
$780CMMI: Guidelines for Process Integration and Product Improvement (Harcover) -
資料庫系統原理第三版 (Fundamentals of Database Systems, 3/e)$760$600 -
ASP.NET 程式設計徹底研究$590$466 -
鳥哥的 Linux 私房菜-伺服器架設篇$750$638 -
鳥哥的 Linux 私房菜─基礎學習篇增訂版$560$476 -
Java 2 教學範本$560$476 -
人月神話:軟體專案管理之道 (20 週年紀念版)(The Mythical Man-Month: Essays on Software Engineering, Anniversary Edition, 2/e)$480$379 -
JSP 2.0 技術手冊$750$593 -
JSP 與 Servlet 500 個應用範例技巧大全集$590$460 -
The Linux Networking Architecture: Design and Implementation of Network Protocols in the Linux Kernel (Paperback)$3,070$2,917 -
最新 JavaScript 完整語法參考辭典 第三版$490$382 -
Word 排版藝術$620$490 -
Eclipse 整合開發工具 (Eclipse)$540$427 -
Windows 程式設計使用 MFC (Programming Windows with MFC, 2/e)$990$782 -
Internet TCP/IP 協定觀念與實作, 2/e$580$458 -
RFID 技術與應用$480$379 -
WDM Driver 程式設計實務$650$514 -
Linux 系統管理實務─自動化、備份救援、系統安全、叢集$780$616 -
Microsoft Windows Internals: Microsoft Windows Server 2003, Windows XP, and Windows 2000, 4/e$2,390$2,271 -
$1,078Operating System Principles, 7/e(IE) (美國版ISBN:0471694665-Operating System Concepts, 7/e) (平裝)
商品描述
Description:
Intrusion detection is not for the faint at heart. But, if you are a network administrator chances are you're under increasing pressure to ensure that mission-critical systems are safe--in fact impenetrable--from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders.
Designing a reliable way to detect intruders before they get in is a vital but daunting challenge. Because of this, a plethora of complex, sophisticated, and pricy software solutions are now available. In terms of raw power and features, SNORT, the most commonly used Open Source Intrusion Detection System, (IDS) has begun to eclipse many expensive proprietary IDSes. In terms of documentation or ease of use, however, SNORT can seem overwhelming. Which output plugin to use? How do you to email alerts to yourself? Most importantly, how do you sort through the immense amount of information Snort makes available to you?
Many intrusion detection books are long on theory but short on specifics and practical examples. Not Managing Security with Snort and IDS Tools. This new book is a thorough, exceptionally practical guide to managing network security using Snort 2.1 (the latest release) and dozens of other high-quality open source other open source intrusion detection programs.
Managing Security with Snort and IDS Tools covers reliable methods for detecting network intruders, from using simple packet sniffers to more sophisticated IDS (Intrusion Detection Systems) applications and the GUI interfaces for managing them. A comprehensive but concise guide for monitoring illegal entry attempts, this invaluable new book explains how to shut down and secure workstations, servers, firewalls, routers, sensors and other network devices.
Step-by-step instructions are provided to quickly get up and running with Snort. Each chapter includes links for the programs discussed, and additional links at the end of the book give administrators access to numerous web sites for additional information and instructional material that will satisfy even the most serious security enthusiasts.
Managing Security with Snort and IDS Tools maps out a proactive--and effective--approach to keeping your systems safe from attack.
Table of Contents:
Preface
1. Introduction
Disappearing Perimeters
Defense-in-Depth
Detecting Intrusions (a Hierarchy of Approaches)
What Is NIDS (and What Is an Intrusion)?
The Challenges of Network Intrusion Detection
Why Snort as an NIDS?
Sites of Interest2. Network Traffic Analysis
The TCP/IP Suite of Protocols
Dissecting a Network Packet
Packet Sniffing
Installing tcpdump
tcpdump Basics
Examining tcpdump Output
Running tcpdump
ethereal
Sites of Interest3. Installing Snort
About Snort
Installing Snort
Command-Line Options
Modes of Operation4. Know Your Enemy
The Bad Guys
Anatomy of an Attack: The Five Ps
Denial-of-Service
IDS Evasion
Sites of Interest5. The snort.conf File
Network and Configuration Variables
Snort Decoder and Detection Engine Configuration
Preprocessor Configurations
Output Configurations
File Inclusions6. Deploying Snort
Deploy NIDS with Your Eyes Open
Initial Configuration
Sensor Placement
Securing the Sensor Itself
Using Snort More Effectively
Site of Interest7. Creating and Managing Snort Rules
Downloading the Rules
The Rule Sets
Creating Your Own Rules
Rule Execution
Keeping Things Up-to-Date
Interesting Sites8. Intrusion Prevention
Intrusion Prevention Strategies
IPS Deployment Risks
Flexible Response with Snort
The Snort Inline Patch
Controlling Your Border
Sites of Interest9. Tuning and Thresholding
False Positives (False Alarms)
False Negatives (Missed Alerts)
Initial Configuration and Tuning
Pass Rules
Thresholding and Suppression10. Using ACID as a Snort IDS Management Console
Software Installation and Configuration
ACID Console Installation
Accessing the ACID Console
Analyzing the Captured Data
Sites of Interest11. Using SnortCenter as a Snort IDS Management Console
SnortCenter Console Installation
SnortCenter Agent Installation
SnortCenter Management Console
Logging In and Surveying the Layout
Adding Sensors to the Console
Managing Tasks12. Additional Tools for Snort IDS Management
Open Source Solutions
Commercial Solutions13. Strategies for High-Bandwidth Implementations of Snort
Barnyard (and Sguil)
Commericial IDS Load Balancers
The IDS Distribution System (I(DS)2)A. Snort and ACID Database Schema
B. The Default snort.conf File
C. Resources
Index
商品描述(中文翻譯)
**描述:**
入侵檢測並不適合心臟不夠強健的人。但如果你是一名網路管理員,你可能面臨越來越大的壓力,必須確保任務關鍵系統的安全——事實上是無法穿透的——免受惡意程式碼、緩衝區溢位、隱形端口掃描、SMB 探測、作業系統指紋識別嘗試、CGI 攻擊及其他網路入侵者的威脅。
設計一種可靠的方法來在入侵者進入之前檢測他們是一項至關重要但艱巨的挑戰。因此,現在有大量複雜、精密且價格不菲的軟體解決方案可供選擇。在原始性能和功能方面,SNORT,最常用的開源入侵檢測系統(IDS),已開始超越許多昂貴的專有 IDS。然而,在文檔或易用性方面,SNORT 可能會讓人感到不知所措。應該使用哪個輸出插件?如何將警報通過電子郵件發送給自己?最重要的是,如何篩選 SNORT 提供的大量資訊?
許多入侵檢測書籍在理論上長篇大論,但在具體和實用範例上卻顯得不足。《Managing Security with Snort and IDS Tools》則不然。這本新書是一本全面且極具實用性的指南,旨在使用 SNORT 2.1(最新版本)及其他數十個高品質開源入侵檢測程式來管理網路安全。
《Managing Security with Snort and IDS Tools》涵蓋了檢測網路入侵者的可靠方法,從使用簡單的封包嗅探器到更複雜的 IDS 應用程式及其管理的 GUI 介面。這本寶貴的新書是監控非法入侵嘗試的全面但簡明的指南,解釋了如何關閉和保護工作站、伺服器、防火牆、路由器、感測器及其他網路設備。
提供逐步指導,讓你能快速啟動並運行 SNORT。每章都包含所討論程式的連結,書末的附加連結則為管理員提供了訪問眾多網站的途徑,以獲取更多資訊和教學材料,滿足即使是最嚴肅的安全愛好者的需求。
《Managing Security with Snort and IDS Tools》規劃出一種主動且有效的方法,以保護你的系統免受攻擊。
**目錄:**
前言
1. 介紹
消失的邊界
深度防禦
檢測入侵(方法的層次)
什麼是 NIDS(以及什麼是入侵)?
網路入侵檢測的挑戰
為什麼選擇 SNORT 作為 NIDS?
相關網站
2. 網路流量分析
TCP/IP 協議套件
解剖網路封包
封包嗅探
安裝 tcpdump
tcpdump 基礎
檢查 tcpdump 輸出
執行 tcpdump
ethereal
相關網站
3. 安裝 SNORT
關於 SNORT
安裝 SNORT
命令行選項
操作模式
4. 了解你的敵人
壞人
攻擊的解剖:五個 P
拒絕服務
IDS 逃避
相關網站
5. snort.conf 檔案
網路和配置變數
SNORT 解碼器和檢測引擎配置
前處理器配置
輸出配置
檔案包含
6. 部署 SNORT
以開放的眼睛部署 NIDS
初始配置
感測器放置
確保感測器本身的安全
更有效地使用 SNORT
相關網站
7. 創建和管理 SNORT 規則
下載規則
規則集
創建自己的規則
規則執行
保持更新
有趣的網站
8. 入侵預防
入侵預防策略
IPS 部署風險
使用 SNORT 的靈活響應
SNORT Inline 補丁
控制你的邊界
相關網站
9. 調整和閾值設定
假陽性(誤報)
假陰性(漏報)
初始配置和調整
通過規則
閾值設定和抑制
10. 使用 ACID 作為 SNORT IDS 管理控制台
軟體安裝和配置
ACID 控制台安裝
訪問 ACID 控制台
分析捕獲的數據
相關網站
11. 使用 SnortCenter 作為 SNORT IDS 管理控制台
SnortCenter 控制台安裝
SnortCenter 代理安裝
SnortCenter 管理控制台
登入並檢視佈局
向控制台添加感測器
管理任務
12. SNORT IDS 管理的其他工具
開源解決方案
商業解決方案
13. SNORT 高帶寬實施策略
Barnyard(和 Sguil)
商業 IDS 負載平衡器
IDS 分發系統 (I(DS)2)
A. SNORT 和 ACID 數據庫架構
B. 預設 snort.conf 檔案
C. 資源
索引
