Intrusion Prevention

An introduction to network attack mitigation with IPS http://www.dropshippers.co.za/

• Where did IPS come from? How has it evolved?
• How does IPS work? What components does it have?
• What security needs can IPS address?
• Does IPS work with other security products? What is the “big picture”?
• What are the best practices related to IPS?
• How is IPS deployed, and what should be considered prior to a deployment?
http://www.dropshippers.co.za/

Intrusion Prevention Fundamentals offers an introduction and in-depth overview of Intrusion Prevention Systems (IPS) technology. Using real-world scenarios and practical case studies, this book walks you through the lifecycle of an IPS project–from needs definition to deployment considerations. Implementation examples help you learn how IPS works, so you can make decisions about how and when to use the technology and understand what “flavors” of IPS are available. The book will answer questions like: http://www.dropshippers.co.za/

Whether you are evaluating IPS technologies or want to learn how to deploy and manage IPS in your network, this book is an invaluable resource for anyone who needs to know how IPS technology works, what problems it can or cannot solve, how it is deployed, and where it fits in the larger security marketplace. http://www.dropshippers.co.za/

• Understand the types, triggers, and actions of IPS signatures
• Deploy, configure, and monitor IPS activities and secure IPS communications
• Learn the capabilities, benefits, and limitations of host IPS
• Examine the inner workings of host IPS agents and management infrastructures
• Enhance your network security posture by deploying network IPS features
• Evaluate the various network IPS sensor types and management options
• Examine real-world host and network IPS deployment scenarios
http://www.dropshippers.co.za/

This book is part of the Cisco Press® Fundamentals Series. Books in this series introduce networking professionals to new networking technologies, covering network topologies, example deployment concepts, protocols, and management techniques. http://www.dropshippers.co.za/

Includes a FREE 45-Day Online Edition http://www.dropshippers.co.za/

Table of Contents

Part I Intrusion Prevention Overview

• Chapter 1 Intrusion Prevention Overview
• Evolution of Computer Security Threats
• Technology Adoption
• Target Value
• Attack Characteristics
• Attack Examples
• Evolution of Attack Mitigation
• Host
• Network
• IPS Capabilities
• Attack Prevention
• Regulatory Compliance
• Summary
• Technology Adoption
• Target Value
• Attack Characteristics
• Chapter 2 Signatures and Actions
• Signature Types
• Atomic Signatures
• Stateful Signatures
• Signature Triggers
• Pattern Detection
• Anomaly-Based Detection
• Behavior-Based Detection
• Signature Actions
• Alert Signature Action
• Drop Signature Action
• Log Signature Action
• Block Signature Action
• TCP Reset Signature Action
• Allow Signature Action
• Summary
• Chapter 3 Operational Tasks
• Deploying IPS Devices and Applications
• Deploying Host IPS
• Deploying Network IPS
• Configuring IPS Devices and Applications
• Signature Tuning
• Event Response
• Software Updates
• Configuration Updates
• Device Failure
• Monitoring IPS Activities
• Management Method
• Event Correlation
• Security Staff
• Incident Response Plan
• Securing IPS Communications
• Management Communication
• Device-to-Device Communication
• Summary
• Chapter 4 Security in Depth
• Defense-in-Depth Examples
• External Attack Against a Corporate Database
• Internal Attack Against a Management Server
• The Security Policy
• The Future of IPS
• Intrinsic IPS
• Collaboration Between Layers
• Summary
http://www.dropshippers.co.za/

Part II Host Intrusion Prevention

• Chapter 5 Host Intrusion Prevention Overview
• Host Intrusion Prevention Capabilities
• Blocking Malicious Code Activities
• Not Disrupting Normal Operations
• Distinguishing Between Attacks and Normal Events
• Stopping New and Unknown Attacks
• Protecting Against Flaws in Permitted Applications
• Host Intrusion Prevention Benefits
• Attack Prevention
• Patch Relief
• Internal Attack Propagation Prevention
• Policy Enforcement
• Acceptable Use Policy Enforcement
• Regulatory Requirements
• Host Intrusion Prevention Limitations
• Subject to End User Tampering
• Lack of Complete Coverage
• Attacks That Do Not Target Hosts
• Summary
• References in This Chapter
• Chapter 6 HIPS Components
• Endpoint Agents
• Identifying the Resource Being Accessed
• Gathering Data About the Operation
• Determining the State
• Consulting the Security Policy
• Taking Action
• Management Infrastructure
• Management Center
• Management Interface
• Summary
http://www.dropshippers.co.za/

Part III Network Intrusion Prevention

• Chapter 7 Network Intrusion Prevention Overview
• Network Intrusion Prevention Capabilities
• Dropping a Single Packet
• Dropping All Packets for a Connection
• Dropping All Traffic from a Source IP
• Network Intrusion Prevention Benefits
• Traffic Normalization
• Security Policy Enforcement
• Network Intrusion Prevention Limitations
• Hybrid IPS/IDS Systems
• Shared IDS/IPS Capabilities
• Generating Alerts
• Initiating IP Logging
• Resetting TCP Connections
• Initiating IP Blocking
• Summary
• Chapter 8 NIPS Components
• Sensor Capabilities
• Sensor Processing Capacity
• Sensor Interfaces
• Sensor Form Factor
• Capturing Network Traffic
• Capturing Traffic for In-line Mode
• Capturing Traffic for Promiscuous Mode
• Analyzing Network Traffic
• Atomic Operations
• Stateful Operations
• Protocol Decode Operations
• Anomaly Operations
• Normalizing Operations
• Responding to Network Traffic
• Alerting Actions
• Logging Actions
• Blocking Actions
• Dropping Actions
• Sensor Management and Monitoring
• Small Sensor Deployments
• Large Sensor Deployments
• Summary
http://www.dropshippers.co.za/

Part IV Deployment Solutions

• Chapter 9 Cisco Security Agent Deployment
• Step1: Understand the Product
• Components
• Capabilities
• Step 2: Predeployment Planning
• Review the Security Policy
• Define Project Goals
• Select and Classify Target Hosts
• Plan for Ongoing Management
• Choose the Appropriate Management Architecture
• Step 3: Implement Management
• Install and Secure the CSA MC
• Understand the MC
• Configure Groups
• Configure Policies
• Step 4: Pilot
• Scope
• Objectives
• Step 5: Tuning
• Step 6: Full Deployment
• Step 7: Finalize the Project
• Summary
• Understand the Product
• Predeployment Planning
• Implement Management
• Pilot
• Tuning
• Full Deployment
• Finalize the Project
• Chapter 10 Deploying Cisco Network IPS
• Step 1: Understand the Product
• Sensors Available
• In-line Support
• Management and Monitoring Options
• NIPS Capabilities
• Signature Database and Update Schedule
• Step 2: Predeployment Planning
• Review the Security Policy
• Define Deployment Goals
• Select and Classify Sensor Deployment Locations
• Plan for Ongoing Management
• Choose the Appropriate Management Architecture
• Step 3: Sensor Deployment
• Understand Sensor CLI and IDM
• Install Sensors
• Install and Secure the IPS MC and Understand the Management Center
• Step 4: Tuning
• Identify False Positives
• Configure Signature Filters
• Configure Signature Actions
• Step 5: Finalize the Project
• Summary
• Understand the Product
• Predeployment Planning
• Sensor Deployment
• Tuning
• Finalize the Project
• Chapter 11 Deployment Scenarios
• Large Enterprise
• Limiting Factors
• Security Policy Goals
• HIPS Implementation
• NIPS Implementation
• Branch Office
• Limiting Factors
• Security Policy Goals
• HIPS Implementation
• NIPS Implementation
• Medium Financial Enterprise
• Limiting Factors
• Security Policy Goals
• HIPS Implementation
• NIPS Implementation
• Medium Educational Institution
• Limiting Factors
• Security Policy Goals
• HIPS Implementation
• NIPS Implementation
• Small Office
• Limiting Factors
• Security Policy Goals
• HIPS Implementation
• NIPS Implementation
• Home Office
• Limiting Factors
• Security Policy Goals
• HIPS Implementation
• NIPS Implementation
• Summary
• Large Enterprise
• Branch Office
• Medium Financial Enterprise
• Medium Educational Institution
• Small Office
• Home Office
http://www.dropshippers.co.za/

Part V Appendix

• Appendix A
• Glossary
• 1587052393TOC121905
http://www.dropshippers.co.za/