View Larger Image	Michael Rash, Angela Orebaugh, Graham Clark, Becky Pinkard Syngress, Paperback, Published April 2005, 402 pages, ISBN 193226647X
	List Price: $49.95 Our Price: $27.50 You Save: $22.45 (45% Off)
	Availability: Out-Of-Stock

People who purchase this book frequently purchase:

• Nessus, Snort, and Ethereal Power Tools: Customizing Open Source Security Applications; Gilbert Ramirez, et al, $28.50, 29% Off!
• Buffer Overflow Attacks; James C. Foster, et al, $25.50, 27% Off!
• Aggressive Network Self-Defense; Neil R. Wyler, $35.50, 29% Off!
• Penetration Tester's Open Source Toolkit; Johnny Long, et al, $41.95, 30% Off!

• Enterprise Computing : Security

• Syngress

"...Within a year of the infamous "Intrusion Detection is Dead" report by Gartner, we started seeing Intrusion Prevention System (IPS) products that actually worked in the real world. Security professionals are going to be approaching management for funding in the next year or two to procure intrusion prevention devices, especially Intelligent switches from 3Com (TippingPoint), as well as host-based intrusion prevention solutions like Cisco Security Agent, Platform Logic, Ozone or CrossTec. Both managers and security technologists face a pressing need to get up to speed, and fast, on the commercial and open source intrusion prevention solutions. This is the first book-length work that specifically concentrates on the concept, implementation, and implications of intrusion prevention and active response. The term IPS has been thrown around with reckless abandon by the security community. Here, the author team works to establish a common understanding and terminology, as well as compare the approaches to intrusion prevention..."

From the Foreword by Stephen Northcutt, Director of Training and Certification, The SANS Institute

There are many books that exhaust the topic of Intrusion Detection, but there are few that cover with any depth the concept of Intrusion Prevention. This book will serve as a reference that concentrates specifically next generation IDS technology that provides active response and Intrusion Prevention functions both at the network and host level. The term "Intrusion Prevention" has recently generated a huge amount of interest in the security community, but an deploying Intrusion Prevention Systems have always given security administrators their share of sleepless nights. This book will provide a solid introduction to the field of Intrusion Prevention and give security administrators the background necessary to make informed decisions about the benefits of and drawbacks to deploying an IPS within their IT kingdoms.

• Transition from Intrusion Detection to Intrusion Prevention
  Unlike IDS, IPS can modify application-layer data or perform system call interception.

• Develop an Effective Packet Inspection Toolbox
  Use products such as the Metasploit Framework as a source of test attacks.

• Travel Inside the SANS Internet Storm Center
  Review packet captures of actual attacks, like the “Witty” worm, directly from the handler’s diary.

• Protect Against False Positives
  Remember that, unlike an IDS, an IPS will REACT to an intrusion.

• Integrate Multiple Layers of IPS
  Create a multivendor defense at the Data Link, Network, Transport, and Application layers.

• Deploy Host Attack Prevention Mechanisms
  Includes stack hardening, system call interception, and application shimming.

• Implement Inline Packet Payload Alteration
  Use Snort Inline or a Linux kernel patch to the Netfilter string match extension.

• Covers all Major Intrusion Prevention and Active Response Systems

  Includes Snort Inline, SnortSAM, PaX, StackGuard, LIDS, FWSnort, PSAD, Enterasys Web IPS, and mod_securit.

• Deploy IPS on Web Servers at the Applications Layer
  The loading of an application-level IPS in process by the Web server will protect the server and inspect encrypted traffic.

Table of Contents

Foreword by Stephen Northcutt

Chapter 1: Introduction to Intrusion Prevention

Chapter 2: False Positives and Real Damage

Chapter 3: Data Link IPS

Chapter 4: Network IPS

Chapter 5: Transport IPS

Chapter 6: Application Layer Responses

Chapter 7: Host IPS Actions

Chapter 8: Hybrid IPS Actions

Chapter 9: Network Inline Data Modification

About the Authors

Michael Rash works as a Security Research Engineer in Columbia, MD for Enterasys Networks, Inc. He is a frequent contributor to open source endeavors such as Bastille-Linux and the Netfilter Project, and has written security articles for publications such as Sys Admin Magazine, the Linux Journal, and USENIX ;login: magazine. Michael is the author of Fwsnort and PSAD; two open source security tools designed to blur the boundaries between Netfilter firewalls and the Snort Intrusion Detection System. He is co-author of Snort 2.1 Intrusion Detection (Syngress Publishing, ISBN: 1931836043).

Angela Orebaugh is a Senior Scientist in the Advanced Technology Research Center of Sytex, Inc. where she works with a specialized team to advance the state of the art in information systems security. She has over 10 years experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. She has a master’s degree in computer science, and is currently pursuing her Ph.D. with a concentration in information security at George Mason University. Angela is the author of the Syngress best seller Ethereal Packet Sniffing (ISBN: 1-932266-82-8). She has also contributed to Network Perimeter Security: The Definitive Guide to Firewalls, VPNs, Routers, and Network Intrusion Detection, and the IT Ethics Handbook: Right and Wrong for IT Professionals (Syngress, ISBN: 1-931836-14-0). Angela is a researcher, writer, and speaker for SANS Institute.

Becky Pinkard (CCSA, CCNA, GCIA) has worked in the information technology industry for over 10 years. She is currently a senior security architect with a Fortune 50 company where she is fortunate enough to work with security technology on a daily basis. Becky's main areas of interest are intrusion detection, pen testing, vulnerability assessments, risk management, and forensics. She is a SANS Certified Instructor and has taught for the SANS Institute since 2001. She participated on the Strategic Advisory Council for the Center for Internet Security where she edited the first draft of the CIS Windows NT benchmark. Becky holds a bachelor's degree from Texas A&M University and is a member of the North Texas chapter of InfraGard.

Graham Clark is a Software Engineer working for Enterasys Networks, Inc. in Columbia, MD. Graham is a member of the Dragon team - a renowned and well-established network intrusion detection system where his main interests and responsibilities are host-based intrusion detection and prevention. He is the author of the web-server intrusion prevention capability that Dragon Host Sensor offers in its 7.0 release. Previously, Graham focused on abstract performance modeling of computers and networks, and holds a PhD in computer science from the University of Edinburgh, Scotland. He lives in Maryland with his wife, Leah.

Jake Babbin works as a contractor with a government agency filling the role of Intrusion Detection Team Lead. He has worked in both private industry as a security professional and in government space in a variety of IT security roles. He is a speaker at several IT security conferences and is a frequent assistant in SANS Security Essentials Bootcamp, Incident Handling and Forensics courses. Jake lives in Virginia.

Forgot your password? FAQs Shipping Options Returns Your Orders Your Account