Cover image for Intrusion prevention fundamentals
Title:
Intrusion prevention fundamentals
Personal Author:
Publication Information:
Indianapolis, IN : Cisco Press, 2006
ISBN:
9781587052392
Added Author:

Available:*

Library
Item Barcode
Call Number
Material Type
Status
Searching...
30000010104996 TK5105.59 C377 2006 Open Access Book
Searching...

On Order

Summary

Summary

An introduction to network attack mitigation with IPS

nbsp;

Where did IPS come from? How has it evolved? How does IPS work? What components does it have? What security needs can IPS address? Does IPS work with other security products? What is the "big picture"? What are the best practices related to IPS? How is IPS deployed, and what should be considered prior to a deployment? nbsp;

Intrusion Prevention Fundamentals offers an introduction and in-depth overview of Intrusion Prevention Systems (IPS) technology. Using real-world scenarios and practical case studies, this book walks you through the lifecycle of an IPS project-from needs definition to deployment considerations. Implementation examples help you learn how IPS works, so you can make decisions about how and when to use the technology and understand what "flavors" of IPS are available. The book will answer questions like:

nbsp;

Whether you are evaluating IPS technologies or want to learn how to deploy and manage IPS in your network, this book is an invaluable resource for anyone who needs to know how IPS technology works, what problems it can or cannot solve, how it is deployed, and where it fits in the larger security marketplace.

nbsp;

Understand the types, triggers, and actions of IPS signatures Deploy, configure, and monitor IPS activities and secure IPS communications Learn the capabilities, benefits, and limitations of host IPS Examine the inner workings of host IPS agents and management infrastructures Enhance your network security posture by deploying network IPS features Evaluate the various network IPS sensor types and management options Examine real-world host and network IPS deployment scenarios nbsp;

This book is part of the Cisco PressĀ® Fundamentals Series. Books in this series introduce networking professionals to new networking technologies, covering network topologies, example deployment concepts, protocols, and management techniques.

nbsp;

Includes a FREE 45-Day Online Edition

nbsp;


Author Notes

Earl Carter is a consulting engineer and member of the Security Technologies Assessment Team (STAT) for Cisco Systems
Jonathan Hogue, CISSP, is a technical marketing engineer in the Cisco security business unit where his primary focus is the Cisco Security Agent


Table of Contents

Introductionp. xxi
Part I Intrusion Prevention Overviewp. 3
Chapter 1 Intrusion Prevention Overviewp. 5
Evolution of Computer Security Threatsp. 5
Evolution of Attack Mitigationp. 22
IPS Capabilitiesp. 27
Summaryp. 28
Chapter 2 Signatures and Actionsp. 33
Signature Typesp. 34
Signature Triggersp. 37
Signature Actionsp. 45
Summaryp. 48
Chapter 3 Operational Tasksp. 53
Deploying IPS Devices and Applicationsp. 53
Configuring IPS Devices and Applicationsp. 59
Monitoring IPS Activitiesp. 64
Securing IPS Communicationsp. 66
Summaryp. 68
Chapter 4 Security in Depthp. 71
Defense-in-Depth Examplesp. 72
The Security Policyp. 79
The Future of IPSp. 80
Summaryp. 83
Part II Host Intrusion Preventionp. 87
Chapter 5 Host Intrusion Prevention Overviewp. 89
Host Intrusion Prevention Capabilitiesp. 90
Host Intrusion Prevention Benefitsp. 92
Host Intrusion Prevention Limitationsp. 96
Summaryp. 97
References in This Chapterp. 98
Chapter 6 HIPS Componentsp. 101
Endpoint Agentsp. 101
Management Infrastructurep. 125
Summaryp. 130
Part III Network Intrusion Preventionp. 133
Chapter 7 Network Intrusion Prevention Overviewp. 135
Network Intrusion Prevention Capabilitiesp. 135
Network Intrusion Prevention Benefitsp. 137
Network Intrusion Prevention Limitationsp. 138
Hybrid IPS/IDS Systemsp. 140
Shared IDS/IPS Capabilitiesp. 141
Summaryp. 145
Chapter 8 NIPS Componentsp. 149
Sensor Capabilitiesp. 150
Capturing Network Trafficp. 154
Analyzing Network Trafficp. 164
Responding to Network Trafficp. 166
Sensor Management and Monitoringp. 168
Summaryp. 170
Part IV Deployment Solutionsp. 175
Chapter 9 Cisco Security Agent Deploymentp. 177
Step 1 Understand the Productp. 178
Step 2 Predeployment Planningp. 180
Step 3 Implement Managementp. 189
Step 4 Pilotp. 194
Step 5 Tuningp. 196
Step 6 Full Deploymentp. 197
Step 7 Finalize the Projectp. 198
Summaryp. 199
Implement Managementp. 200
Chapter 10 Deploying Cisco Network IPSp. 203
Step 1 Understand the Productp. 205
Step 2 Predeployment Planningp. 212
Step 3 Sensor Deploymentp. 221
Step 4 Tuningp. 222
Step 5 Finalize the Projectp. 225
Summaryp. 225
Chapter 11 Deployment Scenariosp. 229
Large Enterprisep. 229
Branch Officep. 236
Medium Financial Enterprisep. 240
Medium Educational Institutionp. 243
Small Officep. 247
Home Officep. 250
Summaryp. 252
Part V Appendixp. 259
Appendix Ap. 261
Glossaryp. 271
Indexp. 278