In today’s converged networking environment, cyber crime is on the rise and getting more sophisticated every day. Malicious hackers lurk in dark corners, scanning for vulnerable systems and launching debilitating attacks. Intrusion Detection & Prevention shows you, step-by-step, how to mount a comprehensive defense, perform real-time security monitoring, and implement a proactive incident response plan. Major examples of IDS software are covered, including TCPDump, RealSecure, Cisco Secure IDS, Network Flight Recorder, and Snort 2.0. You’ll learn how to properly place and configure network sensors, analyze packets and TCP streams, correlate data, and counter attempted break-ins. Plus, you’ll get vital coverage of legal standards, business guidelines, and the future of intrusion prevention.
Inside, learn to:
- Identify and eliminate abnormal network traffic patterns and application-level abuses
- Capture, store, and analyze network transactions with TCPDump
- Deploy sensors, agents, and manager components in single-tiered, multi-tiered, and peer-to-peer architectures
- Grab, filter, decode, and process data packets and TCP streams
- Manage RealSecure Network Sensors, alerts, encryption keys, and reports
- Implement ISS’s new central management system, SiteProtector 2.0
- Administer Cisco Secure IDS, Cisco Threat Response, and the Cisco Security Agent
- Distribute CSIDS 4200 Series Sensors and Catalyst 6000 IDS modules
- Use Snort 2.0 rules, outputs, and plug-ins to detect unauthorized activity
- Monitor transactions with the Snort 2.0 Protocol Flow Analyzer
- Perform packet inspection and protocol anomaly detection with Network Flight Recorder
- Assess threat levels using data correlation, fusion, and vulnerability scanning