Network Intrusion Detection An Analyst's Handbook

Name: Network Intrusion Detection An Analyst's Handbook
Price: 9.59 USD
Availability: InStock
ISBN: 9780735710085

ISBN-10: 0735710082

ISBN-13: 9780735710085

Edition: 2nd 2000

Authors: Stephen Northcutt, Donald McLachlan, Judy Novak

List price: $45.00

30 day, 100% satisfaction guarantee!

Marketplace

2 new & used from $9.59

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

For courses in Network Security. Intrusion detection is one of the hottest growing areas of network security. As the number of corporate, government, and educational networks grow and as they become more and more interconnected through the Internet, there is a correlating increase in the types and numbers of attacks to penetrate those networks. Network Intrusion Detection: An Analyst's Handbook, Second Edition is a training aid and reference for intrusion detection analysts and networking students. This book is meant to be practical. The authors are literally the most recognized names in this specialized field, with unparalleled experience in defending our country's government and military…

Book details

List price: $45.00
Edition: 2nd
Copyright year: 2000
Publisher: New Riders Publishing
Publication date: 9/19/2000
Binding: Paperback
Pages: 480
Size: 7.01" wide x 8.98" long x 0.98" tall
Weight: 1.650
Language: English



Introduction



IP Concepts


The TCP/IP Internet Model


Packaging (Beyond Paper or Plastic)


Addresses


Service Ports


IP Protocols


Domain Name System


Routing: How You Get There From Here


Summary



Introduction to TCP dump and Transmission Control Protocol (TCP)


TCP dump


Introduction to TCP


TCP Gone Awry


Summary



Fragmentation


Theory of Fragmentation


Malicious Fragmentation


Summary



ICMP


ICMP Theory


Mapping Techniques


Normal ICMP Activity


Malicious ICMP Activity


To Block or Not To Block


Summary


Hardware-Based ID


Defense in Depth


Program-Based ID


Smart Auditors


Summary



Exploits and Scans to Apply Exploits


False Positives


IMAP Exploits


Scans to Apply Exploits


Single Exploit, Portmap


Summary



Denial of Service


Brute-Force Denial-of-Service Traces


Elegant Kills


nmap 2.53


Distributed Denial-of-Service Attacks


Summary



Detection of Intelligence Gathering


Network and Host Mapping


NetBIOS-Specific Traces


Stealth Attacks


Measuring Response Time


Viruses as Information Gatherers


Summary



The Trouble with RPCs


portmapper


dump Is a Core Component of rpcinfo


Attacks That Directly Access an RPC Service


The Big Three


Analysis Under Fire


Oh nmap!


Summary



Filters to Detect, Filters to Protect


The Mechanics of Writing TCPdump Filters


Bit Masking


TCPdump IP Filters


TCPdump UDP Filters


TCPdump TCP Filters


Summary



System Compromise


Christmas Eve 1998


Where Attackers Shop


Communications Network


Anonymity


Summary



The Hunt for Timex


The Traces


The Hunt Begins


Y2K


Sources Found


Miscellaneous Findings


Summary Checklist


Epilogue and Purpose


Summary



Organizational Issues


Organizational Security Model


Defining Risk


Risk


Defining the Threat


Risk Management Is Dollar Driven


How Risky Is a Risk?


Summary



Automated and Manual Response


Automated Response


Honeypot


Manual Response


Summary



Business Case for Intrusion Detection



Management Issues



Threats and Vulnerabilities



Tradeoffs and Recommended Solution


Repeat the Executive Summary


Summary


Index