Cisco Secure Intrusion Detection System (Hardcover)

Earl Carter

Cisco Secure Intrusion Detection System (Hardcover)
  • 出版商: Cisco Press
  • 出版日期: 2001-10-01
  • 定價: $1,500
  • 售價: 5.0$750
  • 語言: 英文
  • 頁數: 871
  • 裝訂: Hardcover
  • ISBN: 158705034X
  • ISBN-13: 9781587050343
  • 相關分類: Cisco

    • 立即出貨(限量) (庫存=8)

買這商品的人也買了...

相關主題

商品描述

 

Implement network surveillance system for 24-hour security with the official CSIDS Coursebook.

  • The only book that concentrates solely on implementation of Cisco Secure Intrusion Detection Systems.
  • Full of configuration techniques and security management details.
  • Based on officially developed course materials from Cisco Systems.
Cisco Secure Intrusion Detection Systems provides a clear explanation of why network security is crucial in today's converged networking environment, how CSIDS improves the security on a network, and how to install and configure CSIDS. The Cisco Secure Intrusion Detection System (CSIDS) is a real-time, network-based IDS designed to detect, report, and terminate unauthorized activity throughout a network. The industry's first and now the market-leading IDS, the CSIDS is the dynamic security component of Cisco's end-to-end security product line.

Earl Carter is a Security Research Engineer and member of the Security Technologies Assessment Team (STAT) for Cisco Systems, Inc. where he performs security evaluations on numerous Cisco products including everything from the PIX Firewall to Atliga and other VPN solutions to Cisco CallManager. The STAT team developed the initial prototype that has evolved into the current Gigabit IDS solution. Earl started with Cisco doing research for Cisco Secure IDS (formerly NetRanger) and Cisco Secure Scanner (formerly NetSonar). Earl began learning about computer security at the Air Force Information Warfare Center, where his primary responsibility was the securing of Air Force networks against attacks. Earl has a Bachelor of Science from the University of Texas at San Antonio, and he is currently working on attaining his CCNP certification.

Table of Contents

I. INTRODUCTION TO NETWORK SECURITY.

1. Need for Network Security.
Security Threats. Security Concepts. The Phases of an Attack. Attack Methodologies. Network Attack Points. Hacking Tools and Techniques.

2. Cisco Security Wheel.
Securing the Network. Monitoring Network Security. Testing Network Security. Improving Network Security.

II. INTRUSION DETECTION AND THE CSIDS ENVIRONMENT.

3. Intrusion Detection Systems.
IDS Triggers. IDS Monitoring Locations. Hybrid Characteristics.

4. Cisco Secure IDS Overview.
System Function and Features. Sensor Platforms and Modules. Director Platforms. Cisco Secure IDS and the PostOffice Protocol.

III. CSIDS INSTALLATION.

5. Cisco Secure IDS Sensor Deployment.
Preparing for Deployment: Analyzing Your Network Topology. Executing the Deployment: Sensor Installation Considerations.

6. Cisco Secure Policy Manager Installation.
CSPM Overview. CSPM Installation Requirements. CSPM Installation Settings and Options. Starting CSPM.

7. 4200 Series Sensor Installation Within CSPM.
Understanding the Sensor Appliance. Configuring the Sensor Bootstrap. Adding a Sensor to a CSPM Director.

IV. ALARM MANAGEMENT AND INTRUSION DETECTION SIGNATURES.

8. Working with Cisco Secure IDS Alarms in CSPM.
Managing Alarms. Customizing the Event Viewer. Preference Settings. Connection Status Pane.

9. Understanding Cisco Secure IDS Signatures.
Signature Definition. Signature Classes. Signature Types. Signature Severity.

10. Signature Series.
IP Signatures (1000 Series). ICMP Signatures (2000 Series). TCP Signatures (3000 Series). UDP Signatures (4000 Series). Web/HTTP Signatures (5000 Series). Cross-Protocol Signatures (6000 Series). String-Matching Signatures (8000 Series). Policy-Violation Signatures (10000 Series).

V. CSIDS CONFIGURATION.

11. Sensor Configuration Within CSPM.
CSPM Sensor Configuration Screens. Basic Configuration Changes. Log File Configuration. Advanced Configuration Changes. Pushing a New Configuration to Your Sensor.

12. Signature and Intrusion Detection Configuration.
Basic Signature Configuration. Signature Templates. Signature Filtering. Advanced Signature Configuration. Creating ACL Signatures.

13. IP Blocking Configurations.
Understanding ACLs. ACL Placement Considerations. Configuring the Sensor for IP Blocking.

14. Catalyst 6000 IDS Module Configuration.
Understanding the Catalyst 6000 IDS Module. IDSM Ports and Traffic Flow. Capturing Traffic. Configuration Tasks. Updating IDSM Components. Troubleshooting.

VI. CISCO SECURE INTRUSION DETECTION DIRECTOR (CSIDD).

15. Cisco Secure ID Director Installation.
Director Software Installation. Starting the Director. Sensor Configuration.

16. The Configuration File Management Utility (nrConfigure).
Working with nrConfigure. Host Types for Add Host Wizard. Connecting to a Previously Configured Sensor. Verifying That the Sensor Is Added to nrConfigure. Verifying That the Sensor Is Added to the Cisco Secure IDS Submap. Deleting a Sensor. Removing the Sensor Icon. Working with the Configuration Library.

17. Cisco IOS Firewall Intrusion Detection System.
Cisco IOS Firewall IDS and Intrusion Detection. Supported Router Platforms. Deployment Issues. Signatures. Configuration Tasks.

VII. CISCO SECURE IDS UPCOMING RELEASES.

18. Planned Cisco Secure IDS Enhancements.
Version 3.0. Version 4.0. Sensor Enhancements. Cisco Secure IDS-User-Defined Signatures.

VIII. APPENDIXES.

Appendix A: Deploying Intrusion Detection: Case Studies.
Using Cisco IOS Firewall IDS. Sending SYSLOG Data to a Cisco Secure IDS Sensor. Managing a Router with a Cisco Secure IDS Sensor. Cisco Secure IDS Tiered Director Hierarchy. Setting Up Multiple IDSM Blades in the Same Chassis.

Appendix B: Cisco Secure IDS Architecture.
Cisco Secure IDS Software Architecture. Cisco Secure IDS Communications. Cisco Secure IDS Commands. Cisco Secure IDS Directory Structure. Cisco Secure IDS Configuration Files. Communications.

Appendix C: Cisco Secure ID Director Basic Troubleshooting.
Director Problems. Sensor Problems. Oracle Problems. Data Management Package Problems. nrConfigure Problems. Online Help and NSDB.

Appendix D: Cisco Secure IDS Log Files.
Levels of Logging. Log File Naming Conventions. Log File Locations. Closing Active Files. Archived Log Files. Event Record Fields.

Appendix E: Advanced Tips 749.
Correcting a Sensor That Does Not Sniff. Using the Sensor COM Port for Console Access. Excluding False-Positive Alarms.

Appendix F: Cisco Secure IDS Signature Structures and Implementations.
Appendix G: Cisco Secure IDS Signatures and Recommended Alarm Levels.
General Signatures. Connection Signatures. String Signatures. ACL Signatures.

Appendix H: Cisco IOS Firewall IDS Signature List.
Information Signatures. Attack Signatures.

Appendix I: Cisco Secure Communications Deployment Worksheet.
Appendix J: Glossary.
Appendix K: Answers to Review Questions.

商品描述(中文翻譯)

使用官方的CSIDS課程手冊,實施24小時安全監控的網路監控系統。

這是唯一一本專注於實施思科安全入侵檢測系統的書籍。

充滿了配置技巧和安全管理細節。

基於思科系統的官方開發課程材料。

《思科安全入侵檢測系統》清楚解釋了為什麼網路安全在當今融合網路環境中至關重要,CSIDS如何提高網路安全,以及如何安裝和配置CSIDS。思科安全入侵檢測系統(CSIDS)是一個實時的基於網路的入侵檢測系統,旨在檢測、報告和終止網路中的未經授權活動。作為行業首個並且現在是市場領先的入侵檢測系統,CSIDS是思科端到端安全產品線的動態安全組件。

Earl Carter是思科系統的安全研究工程師,也是安全技術評估團隊(STAT)的成員,他在該團隊上對許多思科產品進行安全評估,包括從PIX防火牆到Atliga和其他VPN解決方案到思科CallManager的所有產品。STAT團隊開發了最初的原型,這個原型已經演變成了目前的Gigabit IDS解決方案。Earl在思科開始進行思科安全IDS(以前是NetRanger)和思科安全掃描器(以前是NetSonar)的研究。Earl在空軍信息戰中心開始學習計算機安全,他的主要職責是保護空軍網路免受攻擊。Earl擁有德克薩斯州聖安東尼奧大學的理學學士學位,目前正在努力獲得CCNP認證。

目錄

I. 網路安全介紹
1. 網路安全的需求
2. 思科安全輪

II. 入侵檢測和CSIDS環境
3. 入侵檢測系統
4. 思科安全IDS概述

III. CSIDS安裝
5. 思科安全IDS感應器部署
6. 思科安全策略管理器安裝
7. 4200系列感應器在CSPM中的安裝

IV. 告警管理和入侵檢測簽名
8. 在CSPM中使用思科安全IDS告警
9.

類似商品