Free Shipping in Australia on over 5 million books in stock
Network Intrusion Detection By Judy Novak

Network Intrusion Detection

Used Price
inc. GST
Free Shipping in Australia
Intrusion detection is a growing area of network security which has been highly documented in the media. This handbook is for the network intrusion detection specialist or security analyst. It contains advice and technical content.

Only 3 left

Network Intrusion Detection Summary

Network Intrusion Detection: An Analyst's Handbook by Judy Novak

Intrusion detection is one of the hottest growing areas of network security. As the number of corporate, government, and educational networks grow and as they become more and more interconnected through the Internet, there is a correlating increase in the types and numbers of attacks to penetrate those networks. Intrusion Detection, Second Edition is a training aid and reference for intrusion detection analysts. This book is meant to be practical. The authors are literally the most recognized names in this specialized field, with unparalleled experience in defending our country?s government and military computer networks. People travel from all over the world to hear them speak, and this book will be a distillation of that experience. The book's approach is to introduce and ground topics through actual traffic patterns. The authors have been through the trenches and give you access to unusual and unique data.

Customer Reviews - Network Intrusion Detection

Why buy from World of Books

Our excellent value books literally don't cost the earth
Free delivery in Australia
Read more here
Every used book bought is one saved from landfill

About Judy Novak

Judy Novak is a Senior Security Analyst for the Army Research Laboratory. She is one of the founding members of the three year old Computer and Security Incident Response Team which is highly regarded among the military. She has assisted in deploying intrusion detection tools and monitoring at many different military and government sites. She is an author and speaker for the SANS Institute on TCP/IP and using the Shadow intrusion detection tool for network analysis.

Table of Contents


1. IP Concepts.

The TCP/IP Internet Model. Packaging (Beyond Paper or Plastic). Addresses. Service Ports. IP Protocols. Domain Name System. Routing: How You Get There From Here.

2. Introduction to TCPdump and Transmission Control Protocol (TCP).

TCPdump. Introduction to TCP. TCP Gone Awry.

3. Fragmentation.

Theory of Fragmentation. Malicious Fragmentation.

4. ICMP.

ICMP Theory. Mapping Techniques. Normal ICMP Activity. Malicious ICMP Activity. To Block or Not To Block.

5. Stimulus and Response.

The Expected. Protocol Benders. Summary of Expected Behavior and Protocol Benders. Abnormal Stimuli. Unconventional Stimulus, Operating System Identifying Response.

6. DNS.

Back to Basics: DNS Theory. Reverse Lookups. Using DNS for Reconnaissance. Tainting DNS Responses.

7. Mitnick Attack.

Exploiting TCP. Detecting the Mitnick Attack. Network-Based Intrusion-Detection Systems. Host-Based Intrusion-Detection Systems. Preventing the Mitnick Attack.

8. Introduction to Filters and Signatures.

Filtering Policy. Signatures. Filters Used to Detect Events of Interest. Example Filters. Snort Filter Example. Policy Issues Related to Targeting Filters.

9. Architectural Issues.

Events of Interest. Limits to Observation. Low-Hanging Fruit Paradigm. Human Factors Limit Detects. Severity. Countermeasures. Calculating Severity. Sensor Placement. Push/Pull. Analyst Console. Host- or Network-Based Intrusion Detection.

10. Interoperability and Correlation.

Multiple Solutions Working Together. Commercial IDS Interoperability Solutions. Correlation. SQL Databases.

11. Network-Based Intrusion-Detection Solutions.

Snort. Commercial Tools. UNIX-Based Systems. GOTS. Evaluating Intrusion-Detection Systems.

12. Future Directions.

Increasing Threat. Improved Tools. Improved Targeting. Mobile Code. Trap Doors. Sharing-The Legacy of Y2K. Trusted Insider. Improved Response. Virus Industry Revisited. Hardware-Based ID. Defense in Depth. Program-Based ID. Smart Auditors.

13. Exploits and Scans to Apply Exploits.

False Positives. IMAP Exploits. Scans to Apply Exploits. Single Exploit, Portmap.

14. Denial of Service.

Brute-Force Denial-of-Service Traces. Elegant Kills. nmap 2.53. Distributed Denial-of-Service Attacks.

15. Detection of Intelligence Gathering.

Network and Host Mapping. NetBIOS-Specific Traces. Stealth Attacks. Measuring Response Time. Viruses as Information Gatherers.

16. The Trouble with RPCs.

portmapper. dump Is a Core Component of rpcinfo. Attacks That Directly Access an RPC Service. The Big Three. Analysis Under Fire. Oh nmap!

17. Filters to Detect, Filters to Protect.

The Mechanics of Writing TCPdump Filters. Bit Masking. TCPdump IP Filters. TCPdump UDP Filters. TCPdump TCP Filters.

18. System Compromise.

Christmas Eve 1998. Where Attackers Shop. Communications Network. Anonymity.

19. The Hunt for Timex.

The Traces. The Hunt Begins. Y2K. Sources Found. Miscellaneous Findings. Summary Checklist. Epilogue and Purpose.

20. Organizational Issues.

Organizational Security Model. Defining Risk. Risk. Defining the Threat. Risk Management Is Dollar Driven. How Risky Is a Risk?.

21. Automated and Manual Response.

Automated Response. Honeypot. Manual Response.

22. Business Case for Intrusion Detection.

Part One: Management Issues. Part Two: Threats and Vulnerabilities. Part Three: Tradeoffs and Recommended Solution. Repeat the Executive Summary.


Additional information

Network Intrusion Detection: An Analyst's Handbook by Judy Novak
Judy Novak
Used - Very Good
Pearson Education (US)
Book picture is for illustrative purposes only, actual binding, cover or edition may vary.
This is a used book - there is no escaping the fact it has been read by someone else and it will show signs of wear and previous use. Overall we expect it to be in very good condition, but if you are not entirely satisfied please get in touch with us.