Intrusion Signatures and Analysis (Paperback)

The book typically introduces an attack strategy with a real-life trace--usually attributed to a real administrator--from TCPdump, Snort or some sort of firewall (the trace's source is always indicated). The trace indicates what is happening (i.e. what weakness the attacker is trying to exploit) and the severity of the attack (using a standard metric that takes into account the value of the target, the attack's potential to do damage, and the defences arrayed against the attack). The attack documentation concludes with recommendations on how defences could have been made stronger. These pages are great opportunities to learn how to read traces and take steps to strengthen your systems' defences.

The book admirably argues that security administrators should take some responsibility for the greater good of the Internet by, for example, using egress filtering to prevent people inside your networks from spoofing their source address (thus defending other networks from your own users' malice). The authors (and the community of white-hat security specialists that they represent) have done and continue to do a valuable service to all Internet users. Supplement this book with Northcutt's excellent Network Intrusion Detection, which takes a more general approach to log analysis, less focused on specific attack signatures. --David Wall

Topics covered:

• external attacks on networks and hosts, as they appear to administrators and detection systems monitoring log files
• how to read log files generally
• how to report attacks and interact with the global community of good-guy security specialists
• the most commonplace critical security weaknesses
• traces that document reconnaissance probes
• denial-of-service attacks
• trojans
• overflow attacks
• ther black-hat strategies

Intrusion Signatures and Analysis opens with an introduction into the format of some of the more common sensors and then begins a tutorial into the unique format of the signatures and analyses used in the book. After a challenging four-chapter review, the reader finds page after page of signatures, in order by categories. Then the content digs right into reaction and responses covering how sometimes what you see isn¿t always what is happening. The book also covers how analysts can spend time chasing after false positives. Also included is a section on how attacks have shut down the networks and web sites of Yahoo, and E-bay and what those attacks looked like. Readers will also find review questions with answers throughout the book, to be sure they comprehend the traces and material that has been covered.

• Books > Computing & Internet > Digital Lifestyle > Online Shopping > Amazon
• Books > Computing & Internet > Networking & Security > Network Topics
• Books > Computing & Internet > Networking & Security > Security > Cryptography & Encryption
• Books > Computing & Internet > Networking & Security > Security > Network Security
• Books > Computing & Internet > Software & Graphics

• Would you like to update product info or give feedback on images?
• I am the Author, and I want to comment on my book.
• I am the Publisher, and I want to comment on this book.