Cisco Secure Intrusion Detection System (Hardcover)
暫譯: Cisco 安全入侵偵測系統 (精裝版)

Earl Carter

Cisco Secure Intrusion Detection System (Hardcover)
  • 出版商: Cisco Press
  • 出版日期: 2001-10-01
  • 定價: $1,500
  • 售價: 5.0$750
  • 語言: 英文
  • 頁數: 871
  • 裝訂: Hardcover
  • ISBN: 158705034X
  • ISBN-13: 9781587050343
  • 相關分類: Cisco

    • 立即出貨(限量) (庫存=8)

買這商品的人也買了...

相關主題

商品描述

 

Implement network surveillance system for 24-hour security with the official CSIDS Coursebook.

  • The only book that concentrates solely on implementation of Cisco Secure Intrusion Detection Systems.
  • Full of configuration techniques and security management details.
  • Based on officially developed course materials from Cisco Systems.
Cisco Secure Intrusion Detection Systems provides a clear explanation of why network security is crucial in today's converged networking environment, how CSIDS improves the security on a network, and how to install and configure CSIDS. The Cisco Secure Intrusion Detection System (CSIDS) is a real-time, network-based IDS designed to detect, report, and terminate unauthorized activity throughout a network. The industry's first and now the market-leading IDS, the CSIDS is the dynamic security component of Cisco's end-to-end security product line.

Earl Carter is a Security Research Engineer and member of the Security Technologies Assessment Team (STAT) for Cisco Systems, Inc. where he performs security evaluations on numerous Cisco products including everything from the PIX Firewall to Atliga and other VPN solutions to Cisco CallManager. The STAT team developed the initial prototype that has evolved into the current Gigabit IDS solution. Earl started with Cisco doing research for Cisco Secure IDS (formerly NetRanger) and Cisco Secure Scanner (formerly NetSonar). Earl began learning about computer security at the Air Force Information Warfare Center, where his primary responsibility was the securing of Air Force networks against attacks. Earl has a Bachelor of Science from the University of Texas at San Antonio, and he is currently working on attaining his CCNP certification.

Table of Contents

I. INTRODUCTION TO NETWORK SECURITY.

1. Need for Network Security.
Security Threats. Security Concepts. The Phases of an Attack. Attack Methodologies. Network Attack Points. Hacking Tools and Techniques.

2. Cisco Security Wheel.
Securing the Network. Monitoring Network Security. Testing Network Security. Improving Network Security.

II. INTRUSION DETECTION AND THE CSIDS ENVIRONMENT.

3. Intrusion Detection Systems.
IDS Triggers. IDS Monitoring Locations. Hybrid Characteristics.

4. Cisco Secure IDS Overview.
System Function and Features. Sensor Platforms and Modules. Director Platforms. Cisco Secure IDS and the PostOffice Protocol.

III. CSIDS INSTALLATION.

5. Cisco Secure IDS Sensor Deployment.
Preparing for Deployment: Analyzing Your Network Topology. Executing the Deployment: Sensor Installation Considerations.

6. Cisco Secure Policy Manager Installation.
CSPM Overview. CSPM Installation Requirements. CSPM Installation Settings and Options. Starting CSPM.

7. 4200 Series Sensor Installation Within CSPM.
Understanding the Sensor Appliance. Configuring the Sensor Bootstrap. Adding a Sensor to a CSPM Director.

IV. ALARM MANAGEMENT AND INTRUSION DETECTION SIGNATURES.

8. Working with Cisco Secure IDS Alarms in CSPM.
Managing Alarms. Customizing the Event Viewer. Preference Settings. Connection Status Pane.

9. Understanding Cisco Secure IDS Signatures.
Signature Definition. Signature Classes. Signature Types. Signature Severity.

10. Signature Series.
IP Signatures (1000 Series). ICMP Signatures (2000 Series). TCP Signatures (3000 Series). UDP Signatures (4000 Series). Web/HTTP Signatures (5000 Series). Cross-Protocol Signatures (6000 Series). String-Matching Signatures (8000 Series). Policy-Violation Signatures (10000 Series).

V. CSIDS CONFIGURATION.

11. Sensor Configuration Within CSPM.
CSPM Sensor Configuration Screens. Basic Configuration Changes. Log File Configuration. Advanced Configuration Changes. Pushing a New Configuration to Your Sensor.

12. Signature and Intrusion Detection Configuration.
Basic Signature Configuration. Signature Templates. Signature Filtering. Advanced Signature Configuration. Creating ACL Signatures.

13. IP Blocking Configurations.
Understanding ACLs. ACL Placement Considerations. Configuring the Sensor for IP Blocking.

14. Catalyst 6000 IDS Module Configuration.
Understanding the Catalyst 6000 IDS Module. IDSM Ports and Traffic Flow. Capturing Traffic. Configuration Tasks. Updating IDSM Components. Troubleshooting.

VI. CISCO SECURE INTRUSION DETECTION DIRECTOR (CSIDD).

15. Cisco Secure ID Director Installation.
Director Software Installation. Starting the Director. Sensor Configuration.

16. The Configuration File Management Utility (nrConfigure).
Working with nrConfigure. Host Types for Add Host Wizard. Connecting to a Previously Configured Sensor. Verifying That the Sensor Is Added to nrConfigure. Verifying That the Sensor Is Added to the Cisco Secure IDS Submap. Deleting a Sensor. Removing the Sensor Icon. Working with the Configuration Library.

17. Cisco IOS Firewall Intrusion Detection System.
Cisco IOS Firewall IDS and Intrusion Detection. Supported Router Platforms. Deployment Issues. Signatures. Configuration Tasks.

VII. CISCO SECURE IDS UPCOMING RELEASES.

18. Planned Cisco Secure IDS Enhancements.
Version 3.0. Version 4.0. Sensor Enhancements. Cisco Secure IDS-User-Defined Signatures.

VIII. APPENDIXES.

Appendix A: Deploying Intrusion Detection: Case Studies.
Using Cisco IOS Firewall IDS. Sending SYSLOG Data to a Cisco Secure IDS Sensor. Managing a Router with a Cisco Secure IDS Sensor. Cisco Secure IDS Tiered Director Hierarchy. Setting Up Multiple IDSM Blades in the Same Chassis.

Appendix B: Cisco Secure IDS Architecture.
Cisco Secure IDS Software Architecture. Cisco Secure IDS Communications. Cisco Secure IDS Commands. Cisco Secure IDS Directory Structure. Cisco Secure IDS Configuration Files. Communications.

Appendix C: Cisco Secure ID Director Basic Troubleshooting.
Director Problems. Sensor Problems. Oracle Problems. Data Management Package Problems. nrConfigure Problems. Online Help and NSDB.

Appendix D: Cisco Secure IDS Log Files.
Levels of Logging. Log File Naming Conventions. Log File Locations. Closing Active Files. Archived Log Files. Event Record Fields.

Appendix E: Advanced Tips 749.
Correcting a Sensor That Does Not Sniff. Using the Sensor COM Port for Console Access. Excluding False-Positive Alarms.

Appendix F: Cisco Secure IDS Signature Structures and Implementations.
Appendix G: Cisco Secure IDS Signatures and Recommended Alarm Levels.
General Signatures. Connection Signatures. String Signatures. ACL Signatures.

Appendix H: Cisco IOS Firewall IDS Signature List.
Information Signatures. Attack Signatures.

Appendix I: Cisco Secure Communications Deployment Worksheet.
Appendix J: Glossary.
Appendix K: Answers to Review Questions.

商品描述(中文翻譯)

實施網路監控系統以提供24小時安全保障,搭配官方的《CSIDS 課程手冊》。

- 唯一專注於實施 Cisco Secure Intrusion Detection Systems 的書籍。
- 充滿配置技術和安全管理細節。
- 基於 Cisco Systems 官方開發的課程材料。

《Cisco Secure Intrusion Detection Systems (CSIDS)》清楚解釋了為什麼在當今融合的網路環境中,網路安全至關重要,CSIDS 如何改善網路安全,以及如何安裝和配置 CSIDS。Cisco Secure Intrusion Detection System (CSIDS) 是一種即時的、基於網路的入侵檢測系統,旨在檢測、報告和終止網路中的未經授權活動。作為業界首個且目前市場領先的入侵檢測系統,CSIDS 是 Cisco 端到端安全產品線的動態安全組件。

Earl Carter 是 Cisco Systems, Inc. 的安全研究工程師及安全技術評估小組 (STAT) 成員,他對多種 Cisco 產品進行安全評估,涵蓋從 PIX 防火牆到 Atliga 和其他 VPN 解決方案,再到 Cisco CallManager。STAT 團隊開發了最初的原型,這個原型已演變為當前的 Gigabit IDS 解決方案。Earl 在 Cisco 開始時進行 Cisco Secure IDS(前稱 NetRanger)和 Cisco Secure Scanner(前稱 NetSonar)的研究。Earl 在空軍資訊戰中心學習計算機安全,主要負責保護空軍網路免受攻擊。Earl 擁有德克薩斯州聖安東尼奧大學的理學士學位,目前正在努力獲得 CCNP 認證。

目錄

I. 網路安全介紹。
1. 網路安全的必要性。
安全威脅。安全概念。攻擊的階段。攻擊方法論。網路攻擊點。駭客工具和技術。
2. Cisco 安全輪。
保護網路。監控網路安全。測試網路安全。改善網路安全。

II. 入侵檢測與 CSIDS 環境。
3. 入侵檢測系統。
IDS 觸發器。IDS 監控位置。混合特性。
4. Cisco Secure IDS 概述。
系統功能和特性。感測器平台和模組。指揮平台。Cisco Secure IDS 和郵件協議。

III. CSIDS 安裝。
5. Cisco Secure IDS 感測器部署。
部署準備:分析您的網路拓撲。執行部署:感測器安裝考量。
6. Cisco Secure Policy Manager 安裝。
CSPM 概述。CSPM 安裝要求。CSPM 安裝設置和選項。啟動 CSPM。
7. 在 CSPM 中安裝 4200 系列感測器。
理解感測器設備。配置感測器啟動。將感測器添加到 CSPM 指揮官。

IV. 警報管理與入侵檢測簽名。
8. 在 CSPM 中處理 Cisco Secure IDS 警報。
管理警報。自定義事件檢視器。偏好設置。連接狀態面板。
9. 理解 Cisco Secure IDS 簽名。
簽名定義。簽名類別。簽名類型。簽名嚴重性。
10. 簽名系列。
IP 簽名(1000 系列)。ICMP 簽名(2000 系列)。TCP 簽名(3000 系列)。UDP 簽名(4000 系列)。Web/HTTP 簽名(5000 系列)。跨協議簽名(6000 系列)。字串匹配簽名(8000 系列)。政策違規簽名(10000 系列)。

V. CSIDS 配置。
11. 在 CSPM 中的感測器配置。
CSPM 感測器配置螢幕。基本配置變更。日誌文件配置。進階配置變更。將新配置推送到您的感測器。
12. 簽名和入侵檢測配置。
基本簽名配置。簽名模板。簽名過濾。進階簽名配置。創建 ACL 簽名。
13. IP 阻擋配置。
理解 ACL。ACL 放置考量。配置感測器以進行 IP 阻擋。
14. Catalyst 6000 IDS 模組配置。
理解 Catalyst 6000 IDS 模組。IDSM 端口和流量流動。捕獲流量。配置任務。更新 IDSM 組件。故障排除。

VI. Cisco Secure Intrusion Detection Director (CSIDD)。
15. Cisco Secure ID Director 安裝。
指揮官軟體安裝。啟動指揮官。感測器配置。
16. 配置文件管理工具 (nrConfigure)。
使用 nrConfigure。添加主機嚮導的主機類型。連接到先前配置的感測器。驗證感測器已添加到 nrConfigure。驗證感測器已添加到 Cisco Secure IDS 子地圖。刪除感測器。移除感測器圖示。使用配置庫。
17. Cisco IOS 防火牆入侵檢測系統。
Cisco IOS 防火牆 IDS 和入侵檢測。支持的路由器平台。部署問題。簽名。配置任務。

VII. Cisco Secure IDS 即將發布的版本。
18. 計劃中的 Cisco Secure IDS 增強功能。
版本 3.0。版本 4.0。感測器增強。Cisco Secure IDS 用戶定義簽名。

VIII. 附錄。
附錄 A:部署入侵檢測:案例研究。
使用 Cisco IOS 防火牆 IDS。將 SYSLOG 數據發送到 Cisco Secure IDS 感測器。管理帶有 Cisco Secure IDS 感測器的路由器。Cisco Secure IDS 分層指揮官層級。在同一機箱中設置多個 IDSM 刀片。
附錄 B:Cisco Secure IDS 架構。
Cisco Secure IDS 軟體架構。Cisco Secure IDS 通訊。Cisco Secure IDS 命令。Cisco Secure IDS 目錄結構。Cisco Secure IDS 配置文件。通訊。
附錄 C:Cisco Secure ID Director 基本故障排除。
指揮官問題。感測器問題。Oracle 問題。數據管理包問題。nrConfigure 問題。線上幫助和 NSDB。
附錄 D:Cisco Secure IDS 日誌文件。
日誌記錄級別。日誌文件命名慣例。日誌文件位置。關閉活動文件。存檔日誌文件。事件記錄字段。
附錄 E:進階提示 749。
修正無法嗅探的感測器。使用感測器 COM 端口進行控制台訪問。排除假陽性警報。
附錄 F:Cisco Secure IDS 簽名結構和實現。
附錄 G:Cisco Secure IDS 簽名和建議的警報級別。
一般簽名。連接簽名。字串簽名。ACL 簽名。
附錄 H:Cisco IOS 防火牆 IDS 簽名列表。
資訊簽名。攻擊簽名。
附錄 I:Cisco Secure 通訊部署工作表。
附錄 J:術語表。
附錄 K:回顧問題的答案。

類似商品