Title:
Intrusion prevention fundamentals
Personal Author:
Publication Information:
Indianapolis, IN : Cisco Press, 2006
ISBN:
9781587052392
Added Author:
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000010104996 | TK5105.59 C377 2006 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
An introduction to network attack mitigation with IPS
nbsp; Where did IPS come from? How has it evolved? How does IPS work? What components does it have? What security needs can IPS address? Does IPS work with other security products? What is the "big picture"? What are the best practices related to IPS? How is IPS deployed, and what should be considered prior to a deployment? nbsp; Intrusion Prevention Fundamentals offers an introduction and in-depth overview of Intrusion Prevention Systems (IPS) technology. Using real-world scenarios and practical case studies, this book walks you through the lifecycle of an IPS project-from needs definition to deployment considerations. Implementation examples help you learn how IPS works, so you can make decisions about how and when to use the technology and understand what "flavors" of IPS are available. The book will answer questions like: nbsp; Whether you are evaluating IPS technologies or want to learn how to deploy and manage IPS in your network, this book is an invaluable resource for anyone who needs to know how IPS technology works, what problems it can or cannot solve, how it is deployed, and where it fits in the larger security marketplace. nbsp; Understand the types, triggers, and actions of IPS signatures Deploy, configure, and monitor IPS activities and secure IPS communications Learn the capabilities, benefits, and limitations of host IPS Examine the inner workings of host IPS agents and management infrastructures Enhance your network security posture by deploying network IPS features Evaluate the various network IPS sensor types and management options Examine real-world host and network IPS deployment scenarios nbsp; This book is part of the Cisco PressĀ® Fundamentals Series. Books in this series introduce networking professionals to new networking technologies, covering network topologies, example deployment concepts, protocols, and management techniques. nbsp; Includes a FREE 45-Day Online Edition nbsp;Author Notes
Earl Carter is a consulting engineer and member of the Security Technologies Assessment Team (STAT) for Cisco Systems
Jonathan Hogue, CISSP, is a technical marketing engineer in the Cisco security business unit where his primary focus is the Cisco Security Agent
Table of Contents
Introduction | p. xxi |
Part I Intrusion Prevention Overview | p. 3 |
Chapter 1 Intrusion Prevention Overview | p. 5 |
Evolution of Computer Security Threats | p. 5 |
Evolution of Attack Mitigation | p. 22 |
IPS Capabilities | p. 27 |
Summary | p. 28 |
Chapter 2 Signatures and Actions | p. 33 |
Signature Types | p. 34 |
Signature Triggers | p. 37 |
Signature Actions | p. 45 |
Summary | p. 48 |
Chapter 3 Operational Tasks | p. 53 |
Deploying IPS Devices and Applications | p. 53 |
Configuring IPS Devices and Applications | p. 59 |
Monitoring IPS Activities | p. 64 |
Securing IPS Communications | p. 66 |
Summary | p. 68 |
Chapter 4 Security in Depth | p. 71 |
Defense-in-Depth Examples | p. 72 |
The Security Policy | p. 79 |
The Future of IPS | p. 80 |
Summary | p. 83 |
Part II Host Intrusion Prevention | p. 87 |
Chapter 5 Host Intrusion Prevention Overview | p. 89 |
Host Intrusion Prevention Capabilities | p. 90 |
Host Intrusion Prevention Benefits | p. 92 |
Host Intrusion Prevention Limitations | p. 96 |
Summary | p. 97 |
References in This Chapter | p. 98 |
Chapter 6 HIPS Components | p. 101 |
Endpoint Agents | p. 101 |
Management Infrastructure | p. 125 |
Summary | p. 130 |
Part III Network Intrusion Prevention | p. 133 |
Chapter 7 Network Intrusion Prevention Overview | p. 135 |
Network Intrusion Prevention Capabilities | p. 135 |
Network Intrusion Prevention Benefits | p. 137 |
Network Intrusion Prevention Limitations | p. 138 |
Hybrid IPS/IDS Systems | p. 140 |
Shared IDS/IPS Capabilities | p. 141 |
Summary | p. 145 |
Chapter 8 NIPS Components | p. 149 |
Sensor Capabilities | p. 150 |
Capturing Network Traffic | p. 154 |
Analyzing Network Traffic | p. 164 |
Responding to Network Traffic | p. 166 |
Sensor Management and Monitoring | p. 168 |
Summary | p. 170 |
Part IV Deployment Solutions | p. 175 |
Chapter 9 Cisco Security Agent Deployment | p. 177 |
Step 1 Understand the Product | p. 178 |
Step 2 Predeployment Planning | p. 180 |
Step 3 Implement Management | p. 189 |
Step 4 Pilot | p. 194 |
Step 5 Tuning | p. 196 |
Step 6 Full Deployment | p. 197 |
Step 7 Finalize the Project | p. 198 |
Summary | p. 199 |
Implement Management | p. 200 |
Chapter 10 Deploying Cisco Network IPS | p. 203 |
Step 1 Understand the Product | p. 205 |
Step 2 Predeployment Planning | p. 212 |
Step 3 Sensor Deployment | p. 221 |
Step 4 Tuning | p. 222 |
Step 5 Finalize the Project | p. 225 |
Summary | p. 225 |
Chapter 11 Deployment Scenarios | p. 229 |
Large Enterprise | p. 229 |
Branch Office | p. 236 |
Medium Financial Enterprise | p. 240 |
Medium Educational Institution | p. 243 |
Small Office | p. 247 |
Home Office | p. 250 |
Summary | p. 252 |
Part V Appendix | p. 259 |
Appendix A | p. 261 |
Glossary | p. 271 |
Index | p. 278 |