Mein Konto
Login Anmeldung
Alles
Warenkorb
Neuesten Trends
Belletristik
Sachbücher
Kinderbücher
Seltene Bücher
Musik
DVD & Blu-Ray
Kategorie
Wunschlisten
Warenkorb
Alles
Kostenloser Versand
Trustpilot
Unsere Operationen sind klimaneutral

Extrusion Detection Richard Bejtlich

Extrusion Detection von Richard Bejtlich

Extrusion Detection Richard Bejtlich

€6.19
Zustand - Sehr Gut
Nur noch 2
Sehr Gut

Zusammenfassung

Helps you overcome your fastest-growing security problem: internal, client-based attacks. This is a comprehensive guide to preventing, detecting, and mitigating security breaches from the inside out.It offers clear explanations of client-based threats and effective, step-by-step solutions, demonstrated against real traffic and data.

Extrusion Detection Zusammenfassung

Extrusion Detection: Security Monitoring for Internal Intrusions Richard Bejtlich

Overcome Your Fastest-Growing Security Problem: Internal, Client-Based Attacks Today's most devastating security attacks are launched from within the company, by intruders who have compromised your users' Web browsers, e-mail and chat clients, and other Internet-connected software. Hardening your network perimeter won't solve this problem. You must systematically protect client software and monitor the traffic it generates. Extrusion Detection is a comprehensive guide to preventing, detecting, and mitigating security breaches from the inside out. Top security consultant Richard Bejtlich offers clear, easy-to-understand explanations of today's client-based threats and effective, step-by-step solutions, demonstrated against real traffic and data. You will learn how to assess threats from internal clients, instrument networks to detect anomalies in outgoing traffic, architect networks to resist internal attacks, and respond effectively when attacks occur. Bejtlich's The Tao of Network Security Monitoring earned acclaim as the definitive guide to overcoming external threats. Now, in Extrusion Detection, he brings the same level of insight to defending against today's rapidly emerging internal threats. Whether you're an architect, analyst, engineer, administrator, or IT manager, you face a new generation of security risks. Get this book and protect yourself. Coverage includes Architecting defensible networks with pervasive awareness: theory, techniques, and tools Defending against malicious sites, Internet Explorer exploitations, bots, Trojans, worms, and more Dissecting session and full-content data to reveal unauthorized activity Implementing effective Layer 3 network access control Responding to internal attacks, including step-by-step network forensics Assessing your network's current ability to resist internal attacks Setting reasonable corporate access policies Detailed case studies, including the discovery of internal and IRC-based bot nets Advanced extrusion detection: from data collection to host and vulnerability enumeration About the Web Site Get book updates and network security news at Richard Bejtlich's popular blog, taosecurity.blogspot.com, and his Web site, www.bejtlich.net.

Über Richard Bejtlich

Richard Bejtlich is founder of TaoSecurity, a company that helps clients detect, contain, and remediate intrusions using Network Security Monitoring (NSM) principles. He was formerly a principal consultant at Foundstone--performing incident response, emergency NSM, and security research and training--and created NSM operations for ManTech International Corporation and Ball Aerospace & Technologies Corporation. For three years, Bejtlich defended U.S. information assets as a captain in the Air Force Computer Emergency Response Team (AFCERT). Formally trained as an intelligence officer, he is a graduate of Harvard University and of the U.S. Air Force Academy. He has authored or coauthored several security books, including The Tao of Network Security Monitoring (Addison-Wesley, 2004).

Inhaltsverzeichnis

Foreword. Preface. I. DETECTING AND CONTROLLING INTRUSIONS. 1. Network Security Monitoring Revisited. Why Extrusion Detection? Defining The Security Process Security Principles Network Security Monitoring Theory Network Security Monitoring Techniques Network Security Monitoring Tools Conclusion 2. Defensible Network Architecture. Monitoring the Defensible Network Controlling the Defensible Network Minimizing the Defensible Network Keeping the Defensible Network Current Conclusion 3. Extrusion Detection Illustrated. Intrusion Detection Defined Extrusion Detection Defined History of Extrusion Detection Extrusion Detection Through NSM Conclusion 4. Enterprise Network Instrumentation. Common Packet Capture Methods PCI Tap Dual Port Aggregator Tap 2X1 10/100 Regeneration Tap 2X1 10/100 SPAN Regeneration Tap Matrix Switch Link Aggregator Tap Distributed Traffic Collection with Pf Dup-To Squid SSL Termination Reverse Proxy Conclusion 5. Layer 3 Network Access Control. Internal Network Design Internet Service Provider Sink Holes Enterprise Sink Holes Using Sink Holes to Identify Internal Intrusions Internal Intrusion Containment Notes on Enterprise Sink Holes in the Field Conclusion II. NETWORK SECURITY OPERATIONS. 6. Traffic Threat Assessment. Why Traffic Threat Assessment? Assumptions First Cuts Looking for Odd Traffic Inspecting Individual Services: NTP Inspecting Individual Services: ISAKMP Inspecting Individual Services: ICMP Inspecting Individual Services: Secure Shell Inspecting Individual Services: Whois Inspecting Individual Services: LDAP Inspecting Individual Services: Ports 3003 to 9126 TCP Inspecting Individual Services: Ports 44444 and 49993 TCP Inspecting Individual Services: DNS Inspecting Individual Services: SMTP Inspecting Individual Services: Wrap-Up Conclusion 7. Network Incident Response. Preparation for Network Incident Response Secure CSIRT Communications Intruder Profiles Incident Detection Methods Network First Response Network-Centric General Response and Remediation Conclusion 8. Network Forensics. What Is Network Forensics? Collecting Network Traffic as Evidence Protecting and Preserving Network-Based Evidence Analyzing Network-Based Evidence Presenting and Defending Conclusions Conclusion III. INTERNAL INTRUSIONS. 9. Traffic Threat Assessment Case Study. Initial Discovery Making Sense of Argus Output Argus Meets Awk Examining Port 445 TCP Traffic Were the Targets Compromised? Tracking Down the Internal Victims Moving to Full Content Data Correlating Live Response Data with Network Evidence Conclusion 10. Malicious Bots. Introduction to IRC Bots Communication and Identification Server and Control Channels Exploitation and Propagation Final Thoughts on Bots Dialogue with a Bot Net Admin Conclusion Epilogue Appendix A: Collecting Session Data in an Emergency. Appendix B: Minimal Snort Installation Guide. Appendix C: Survey of Enumeraiton Methods. Appendix D: Open Source Host Enumeration. Index.

Zusätzliche Informationen

GOR003051383
9780321349965
0321349962
Extrusion Detection: Security Monitoring for Internal Intrusions Richard Bejtlich
Richard Bejtlich
Gebraucht - Sehr Gut
Broschiert
Pearson Education (US)
20051117
424
N/A
Die Abbildung des Buches dient nur Illustrationszwecken, die tatsächliche Bindung, das Cover und die Auflage können sich davon unterscheiden.
Dies ist ein gebrauchtes Buch. Es wurde schon einmal gelesen und weist von der früheren Nutzung Gebrauchsspuren auf. Wir gehen davon aus, dass es im Großen und Ganzen in einem sehr guten Zustand ist. Sollten Sie jedoch nicht vollständig zufrieden sein, setzen Sie sich bitte mit uns in Verbindung.