Intrusion Prevention Fundamentals

Intrusion Prevention Fundamentals

4.33 (3 ratings by Goodreads)
By (author)  , By (author) 

Free delivery worldwide

Available. Dispatched from the UK in 10 business days
When will my order arrive?

Description

An introduction to network attack mitigation with IPS * Where did IPS come from? How has it evolved? * How does IPS work? What components does it have? * What security needs can IPS address? * Does IPS work with other security products? What is the "big picture"? * What are the best practices related to IPS? * How is IPS deployed, and what should be considered prior to a deployment? Intrusion Prevention Fundamentals offers an introduction and in-depth overview of Intrusion Prevention Systems (IPS) technology. Using real-world scenarios and practical case studies, this book walks you through the lifecycle of an IPS project-from needs definition to deployment considerations. Implementation examples help you learn how IPS works, so you can make decisions about how and when to use the technology and understand what "flavors" of IPS are available.The book will answer questions like: Whether you are evaluating IPS technologies or want to learn how to deploy and manage IPS in your network, this book is an invaluable resource for anyone who needs to know how IPS technology works, what problems it can or cannot solve, how it is deployed, and where it fits in the larger security marketplace. * Understand the types, triggers, and actions of IPS signatures * Deploy, configure, and monitor IPS activities and secure IPS communications * Learn the capabilities, benefits, and limitations of host IPS * Examine the inner workings of host IPS agents and management infrastructures * Enhance your network security posture by deploying network IPS features * Evaluate the various network IPS sensor types and management options * Examine real-world host and network IPS deployment scenarios This book is part of the Cisco Press(R) Fundamentals Series. Books in this series introduce networking professionals to new networking technologies, covering network topologies, example deployment concepts, protocols, and management techniques. Includes a FREE 45-Day Online Editionshow more

Product details

  • Paperback | 312 pages
  • 185.4 x 231.1 x 17.8mm | 476.28g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587052393
  • 9781587052392
  • 2,393,269

About Jonathan Hogue

Earl Carter is a consulting engineer and member of the Security Technologies Assessment Team (STAT) for Cisco Systems(R). He performs security evaluations on numerous Cisco(R) products, including everything from the PIX(R) Firewall and VPN solutions to Cisco CallManager and other VoIP products. Earl started with Cisco doing research for Cisco Secure Intrusion Detection System (formerly NetRanger) and Cisco Secure Scanner (formerly NetSonar). Jonathan Hogue, CISSP, is a technical marketing engineer in the Cisco security business unit where his primary focus is the Cisco Security Agent. He has been involved with host-based security products since 1999 when he joined Trend Micro. In 2001, he began working with one of the first host intrusion prevention products, StormWatch by Okena, Inc. Okena was subsequently acquired by Cisco Systems.show more

Back cover copy

An introduction to network attack mitigation with IPS Where did IPS come from? How has it evolved?How does IPS work? What components does it have?What security needs can IPS address?Does IPS work with other security products? What is the "big picture"?What are the best practices related to IPS?How is IPS deployed, and what should be considered prior to a deployment? "Intrusion Prevention Fundamentals" offers an introduction and in-depth overview of Intrusion Prevention Systems (IPS) technology. Using real-world scenarios and practical case studies, this book walks you through the lifecycle of an IPS project-from needs definition to deployment considerations. Implementation examples help you learn how IPS works, so you can make decisions about how and when to use the technology and understand what "flavors" of IPS are available. The book will answer questions like: Whether you are evaluating IPS technologies or want to learn how to deploy and manage IPS in your network, this book is an invaluable resource for anyone who needs to know how IPS technology works, what problems it can or cannot solve, how it is deployed, and where it fits in the larger security marketplace. Understand the types, triggers, and actions of IPS signaturesDeploy, configure, and monitor IPS activities and secure IPS communicationsLearn the capabilities, benefits, and limitations of host IPSExamine the inner workings of host IPS agents and management infrastructuresEnhance your network security posture by deploying network IPS featuresEvaluate the various network IPS sensor types and management optionsExamine real-world host and network IPS deployment scenarios This book is part of the Cisco Press(R) Fundamentals Series. Books in this series introduce networking professionals to new networking technologies, covering network topologies, example deployment concepts, protocols, and management techniques. Includes a FREE 45-Day Online Editionshow more

Table of contents

Part I Intrusion Prevention Overview Chapter 1 Intrusion Prevention Overview Evolution of Computer Security Threats Technology Adoption Target Value Attack Characteristics Attack Examples Evolution of Attack Mitigation Host Network IPS Capabilities Attack Prevention Regulatory Compliance Summary Technology Adoption Target Value Attack Characteristics Chapter 2 Signatures and Actions Signature Types Atomic Signatures Stateful Signatures Signature Triggers Pattern Detection Anomaly-Based Detection Behavior-Based Detection Signature Actions Alert Signature Action Drop Signature Action Log Signature Action Block Signature Action TCP Reset Signature Action Allow Signature Action Summary Chapter 3 Operational Tasks Deploying IPS Devices and Applications Deploying Host IPS Deploying Network IPS Configuring IPS Devices and Applications Signature Tuning Event Response Software Updates Configuration Updates Device Failure Monitoring IPS Activities Management Method Event Correlation Security Staff Incident Response Plan Securing IPS Communications Management Communication Device-to-Device Communication Summary Chapter 4 Security in Depth Defense-in-Depth Examples External Attack Against a Corporate Database Internal Attack Against a Management Server The Security Policy The Future of IPS Intrinsic IPS Collaboration Between Layers Summary Part II Host Intrusion Prevention Chapter 5 Host Intrusion Prevention Overview Host Intrusion Prevention Capabilities Blocking Malicious Code Activities Not Disrupting Normal Operations Distinguishing Between Attacks and Normal Events Stopping New and Unknown Attacks Protecting Against Flaws in Permitted Applications Host Intrusion Prevention Benefits Attack Prevention Patch Relief Internal Attack Propagation Prevention Policy Enforcement Acceptable Use Policy Enforcement Regulatory Requirements Host Intrusion Prevention Limitations Subject to End User Tampering Lack of Complete Coverage Attacks That Do Not Target Hosts Summary References in This Chapter Chapter 6 HIPS Components Endpoint Agents Identifying the Resource Being Accessed Gathering Data About the Operation Determining the State Consulting the Security Policy Taking Action Management Infrastructure ManagementCenter Management Interface Summary Part III Network Intrusion Prevention Chapter 7 Network Intrusion Prevention Overview Network Intrusion Prevention Capabilities Dropping a Single Packet Dropping All Packets for a Connection Dropping All Traffic from a Source IP Network Intrusion Prevention Benefits Traffic Normalization Security Policy Enforcement Network Intrusion Prevention Limitations Hybrid IPS/IDS Systems Shared IDS/IPS Capabilities Generating Alerts Initiating IP Logging Resetting TCP Connections Initiating IP Blocking Summary Chapter 8 NIPS Components Sensor Capabilities Sensor Processing Capacity Sensor Interfaces Sensor Form Factor Capturing Network Traffic Capturing Traffic for In-line Mode Capturing Traffic for Promiscuous Mode Analyzing Network Traffic Atomic Operations Stateful Operations Protocol Decode Operations Anomaly Operations Normalizing Operations Responding to Network Traffic Alerting Actions Logging Actions Blocking Actions Dropping Actions Sensor Management and Monitoring Small Sensor Deployments Large Sensor Deployments Summary Part IV Deployment Solutions Chapter 9 Cisco Security Agent Deployment Step1: Understand the Product Components Capabilities Step 2: Predeployment Planning Review the Security Policy Define Project Goals Select and Classify Target Hosts Plan for Ongoing Management Choose the Appropriate Management Architecture Step 3: Implement Management Install and Secure the CSA MC Understand the MC Configure Groups Configure Policies Step 4: Pilot Scope Objectives Step 5: Tuning Step 6: Full Deployment Step 7: Finalize the Project Summary Understand the Product Predeployment Planning Implement Management Pilot Tuning Full Deployment Finalize the Project Chapter 10 Deploying Cisco Network IPS Step 1: Understand the Product Sensors Available In-line Support Management and Monitoring Options NIPS Capabilities Signature Database and Update Schedule Step 2: Predeployment Planning Review the Security Policy Define Deployment Goals Select and Classify Sensor Deployment Locations Plan for Ongoing Management Choose the Appropriate Management Architecture Step 3: Sensor Deployment Understand Sensor CLI and IDM Install Sensors Install and Secure the IPS MC and Understand the Management Center Step 4: Tuning Identify False Positives Configure Signature Filters Configure Signature Actions Step 5: Finalize the Project Summary Understand the Product Predeployment Planning Sensor Deployment Tuning Finalize the Project Chapter 11 Deployment Scenarios Large Enterprise Limiting Factors Security Policy Goals HIPS Implementation NIPS Implementation Branch Office Limiting Factors Security Policy Goals HIPS Implementation NIPS Implementation Medium Financial Enterprise Limiting Factors Security Policy Goals HIPS Implementation NIPS Implementation Medium Educational Institution Limiting Factors Security Policy Goals HIPS Implementation NIPS Implementation Small Office Limiting Factors Security Policy Goals HIPS Implementation NIPS Implementation Home Office Limiting Factors Security Policy Goals HIPS Implementation NIPS Implementation Summary Large Enterprise Branch Office Medium Financial Enterprise Medium Educational Institution Small Office Home Office Part V Appendix Appendix A Glossary 1587052393TOC121905show more

Rating details

3 ratings
4.33 out of 5 stars
5 33% (1)
4 67% (2)
3 0% (0)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X