Intrusion Prevention Fundamentals

Intrusion Prevention Fundamentals

4.33 (3 ratings by Goodreads)
By (author)  , By (author) 

Free delivery worldwide

Available. Dispatched from the UK in 11 business days
When will my order arrive?

Description

An introduction to network attack mitigation with IPS Where did IPS come from? How has it evolved? How does IPS work? What components does it have? What security needs can IPS address? Does IPS work with other security products? What is the "big picture"? What are the best practices related to IPS? How is IPS deployed, and what should be considered prior to a deployment? Intrusion Prevention Fundamentals offers an introduction and in-depth overview of Intrusion Prevention Systems (IPS) technology. Using real-world scenarios and practical case studies, this book walks you through the lifecycle of an IPS project-from needs definition to deployment considerations. Implementation examples help you learn how IPS works, so you can make decisions about how and when to use the technology and understand what "flavors" of IPS are available. The book will answer questions like: Whether you are evaluating IPS technologies or want to learn how to deploy and manage IPS in your network, this book is an invaluable resource for anyone who needs to know how IPS technology works, what problems it can or cannot solve, how it is deployed, and where it fits in the larger security marketplace. Understand the types, triggers, and actions of IPS signatures Deploy, configure, and monitor IPS activities and secure IPS communications Learn the capabilities, benefits, and limitations of host IPS Examine the inner workings of host IPS agents and management infrastructures Enhance your network security posture by deploying network IPS features Evaluate the various network IPS sensor types and management options Examine real-world host and network IPS deployment scenarios This book is part of the Cisco Press (R) Fundamentals Series. Books in this series introduce networking professionals to new networking technologies, covering network topologies, example deployment concepts, protocols, and management techniques. Includes a FREE 45-Day Online Edition
show more

Product details

  • Paperback | 312 pages
  • 185.4 x 231.1 x 17.8mm | 476.28g
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587052393
  • 9781587052392
  • 2,560,238

About Jonathan Hogue

Earl Carter is a consulting engineer and member of the Security Technologies Assessment Team (STAT) for Cisco Systems (R). He performs security evaluations on numerous Cisco (R) products, including everything from the PIX (R) Firewall and VPN solutions to Cisco CallManager and other VoIP products. Earl started with Cisco doing research for Cisco Secure Intrusion Detection System (formerly NetRanger) and Cisco Secure Scanner (formerly NetSonar). Jonathan Hogue, CISSP, is a technical marketing engineer in the Cisco security business unit where his primary focus is the Cisco Security Agent. He has been involved with host-based security products since 1999 when he joined Trend Micro. In 2001, he began working with one of the first host intrusion prevention products, StormWatch by Okena, Inc. Okena was subsequently acquired by Cisco Systems.
show more

Back cover copy

An introduction to network attack mitigation with IPS Where did IPS come from? How has it evolved?How does IPS work? What components does it have?What security needs can IPS address?Does IPS work with other security products? What is the "big picture"?What are the best practices related to IPS?How is IPS deployed, and what should be considered prior to a deployment? "Intrusion Prevention Fundamentals" offers an introduction and in-depth overview of Intrusion Prevention Systems (IPS) technology. Using real-world scenarios and practical case studies, this book walks you through the lifecycle of an IPS project-from needs definition to deployment considerations. Implementation examples help you learn how IPS works, so you can make decisions about how and when to use the technology and understand what "flavors" of IPS are available. The book will answer questions like: Whether you are evaluating IPS technologies or want to learn how to deploy and manage IPS in your network, this book is an invaluable resource for anyone who needs to know how IPS technology works, what problems it can or cannot solve, how it is deployed, and where it fits in the larger security marketplace. Understand the types, triggers, and actions of IPS signaturesDeploy, configure, and monitor IPS activities and secure IPS communicationsLearn the capabilities, benefits, and limitations of host IPSExamine the inner workings of host IPS agents and management infrastructuresEnhance your network security posture by deploying network IPS featuresEvaluate the various network IPS sensor types and management optionsExamine real-world host and network IPS deployment scenarios This book is part of the Cisco Press(R) Fundamentals Series. Books in this series introduce networking professionals to new networking technologies, covering network topologies, example deployment concepts, protocols, and management techniques. Includes a FREE 45-Day Online Edition
show more

Table of contents

Part I Intrusion Prevention OverviewChapter 1 Intrusion Prevention Overview Evolution of Computer Security Threats Technology Adoption Target ValueAttack CharacteristicsAttack ExamplesEvolution of Attack MitigationHostNetworkIPS CapabilitiesAttack PreventionRegulatory ComplianceSummaryTechnology AdoptionTarget ValueAttack CharacteristicsChapter 2 Signatures and ActionsSignature TypesAtomic SignaturesStateful SignaturesSignature TriggersPattern DetectionAnomaly-Based DetectionBehavior-Based DetectionSignature ActionsAlert Signature ActionDrop Signature ActionLog Signature ActionBlock Signature ActionTCP Reset Signature ActionAllow Signature ActionSummaryChapter 3 Operational TasksDeploying IPS Devices and ApplicationsDeploying Host IPSDeploying Network IPSConfiguring IPS Devices and ApplicationsSignature TuningEvent ResponseSoftware UpdatesConfiguration UpdatesDevice FailureMonitoring IPS ActivitiesManagement MethodEvent CorrelationSecurity StaffIncident Response PlanSecuring IPS CommunicationsManagement CommunicationDevice-to-Device CommunicationSummaryChapter 4 Security in DepthDefense-in-Depth ExamplesExternal Attack Against a Corporate DatabaseInternal Attack Against a Management ServerThe Security PolicyThe Future of IPSIntrinsic IPSCollaboration Between LayersSummaryPart II Host Intrusion PreventionChapter 5 Host Intrusion Prevention OverviewHost Intrusion Prevention CapabilitiesBlocking Malicious Code ActivitiesNot Disrupting Normal OperationsDistinguishing Between Attacks and Normal EventsStopping New and Unknown AttacksProtecting Against Flaws in Permitted ApplicationsHost Intrusion Prevention BenefitsAttack PreventionPatch ReliefInternal Attack Propagation PreventionPolicy EnforcementAcceptable Use Policy EnforcementRegulatory RequirementsHost Intrusion Prevention LimitationsSubject to End User TamperingLack of Complete CoverageAttacks That Do Not Target HostsSummaryReferences in This ChapterChapter 6 HIPS ComponentsEndpoint AgentsIdentifying the Resource Being AccessedGathering Data About the OperationDetermining the StateConsulting the Security PolicyTaking ActionManagement InfrastructureManagementCenterManagement InterfaceSummaryPart III Network Intrusion PreventionChapter 7 Network Intrusion Prevention OverviewNetwork Intrusion Prevention CapabilitiesDropping a Single PacketDropping All Packets for a ConnectionDropping All Traffic from a Source IPNetwork Intrusion Prevention BenefitsTraffic NormalizationSecurity Policy EnforcementNetwork Intrusion Prevention LimitationsHybrid IPS/IDS SystemsShared IDS/IPS CapabilitiesGenerating AlertsInitiating IP LoggingResetting TCP ConnectionsInitiating IP BlockingSummaryChapter 8 NIPS ComponentsSensor CapabilitiesSensor Processing CapacitySensor InterfacesSensor Form FactorCapturing Network TrafficCapturing Traffic for In-line ModeCapturing Traffic for Promiscuous ModeAnalyzing Network TrafficAtomic OperationsStateful OperationsProtocol Decode OperationsAnomaly OperationsNormalizing OperationsResponding to Network TrafficAlerting ActionsLogging ActionsBlocking ActionsDropping ActionsSensor Management and MonitoringSmall Sensor DeploymentsLarge Sensor DeploymentsSummaryPart IV Deployment SolutionsChapter 9 Cisco Security Agent DeploymentStep1: Understand the ProductComponentsCapabilitiesStep 2: Predeployment PlanningReview the Security PolicyDefine Project GoalsSelect and Classify Target HostsPlan for Ongoing ManagementChoose the Appropriate Management ArchitectureStep 3: Implement ManagementInstall and Secure the CSA MCUnderstand the MCConfigure GroupsConfigure PoliciesStep 4: PilotScopeObjectivesStep 5: TuningStep 6: Full DeploymentStep 7: Finalize the ProjectSummaryUnderstand the ProductPredeployment PlanningImplement ManagementPilotTuningFull DeploymentFinalize the ProjectChapter 10 Deploying Cisco Network IPSStep 1: Understand the ProductSensors AvailableIn-line SupportManagement and Monitoring OptionsNIPS CapabilitiesSignature Database and Update ScheduleStep 2: Predeployment PlanningReview the Security PolicyDefine Deployment GoalsSelect and Classify Sensor Deployment LocationsPlan for Ongoing ManagementChoose the Appropriate Management ArchitectureStep 3: Sensor DeploymentUnderstand Sensor CLI and IDMInstall SensorsInstall and Secure the IPS MC and Understand the Management CenterStep 4: TuningIdentify False PositivesConfigure Signature FiltersConfigure Signature ActionsStep 5: Finalize the ProjectSummaryUnderstand the ProductPredeployment PlanningSensor DeploymentTuningFinalize the ProjectChapter 11 Deployment ScenariosLarge EnterpriseLimiting FactorsSecurity Policy GoalsHIPS ImplementationNIPS ImplementationBranch OfficeLimiting FactorsSecurity Policy GoalsHIPS ImplementationNIPS ImplementationMedium Financial EnterpriseLimiting FactorsSecurity Policy GoalsHIPS ImplementationNIPS ImplementationMedium Educational InstitutionLimiting FactorsSecurity Policy GoalsHIPS ImplementationNIPS ImplementationSmall OfficeLimiting FactorsSecurity Policy GoalsHIPS ImplementationNIPS ImplementationHome OfficeLimiting FactorsSecurity Policy GoalsHIPS ImplementationNIPS ImplementationSummaryLarge EnterpriseBranch OfficeMedium Financial EnterpriseMedium Educational InstitutionSmall OfficeHome OfficePart V AppendixAppendix AGlossary1587052393TOC121905
show more

Rating details

3 ratings
4.33 out of 5 stars
5 33% (1)
4 67% (2)
3 0% (0)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X