| 000 | 04645nam a2200241 a 4500 | ||
|---|---|---|---|
| 003 | AR-LpUFIB | ||
| 005 | 20250311170439.0 | ||
| 008 | 230201s2005 xxua r 000 0 eng d | ||
| 020 | _a0321246772 | ||
| 024 | 8 |
_aDIF-M7310 _b7526 _zDIF006670 |
|
| 040 |
_aAR-LpUFIB _bspa _cAR-LpUFIB |
||
| 100 | 1 | _aBejtlich, Richard | |
| 245 | 1 | 0 |
_aThe tao of network security monitoring : _bbeyond intrusion detection |
| 250 | _a1st ed. | ||
| 260 |
_aBoston : _b Addison-Wesley, _c2005 |
||
| 300 |
_a798 p. : _bil. |
||
| 500 | _aContiene Ãndice | ||
| 505 | 0 | _a Part I Introduction to network security monitoring -- Chapter 1 The security process -- What is security? -- What is risk? -- A case study on risk -- Security principles: characteristics of the intruder -- Security principles: phases of compromise -- Security principles: defensibe networks -- Conclusion -- Chapter 2 What is network scurity monitoring -- Indications and warnings -- Collection, analysis, and escalation -- Detecting and responding to intrusions -- Why do IDS deployments often fail? -- Outsiders principles: what is NSM'sfocus? -- Security principles: detection -- Security principles: limitations -- What NSM is not -- NSM in action -- Conclusion -- Chapter 3 Deployment considerations -- Threat models and monitoring zones -- Accesing traffic in each zone -- Wireless monitoring -- Sensor management -- Conclusion -- Part II Network security monitoring products -- Chapter 4 The reference intrusion model -- The scenario -- The attack -- Conclusion -- Chapter 5 Full content data -- A note on software -- Libpcap -- Tcpdump -- Tethereal -- Snort as packet logger -- Finding specific parts of packets with tcpdump, tethereal, and snort -- Ethereal -- A note on commercial fill content colection options -- Conclusion -- Chapter 6 Additional data analysis -- Editcap and mergecap -- Tcpslice -- Tcpreplay -- Tcpflow -- Ngrep -- Ipsumdump -- Etherape -- Netdude -- P0f -- Conclusion -- Chapter 7 Session data -- Form of session data -- Cisco's netflow -- Fprobe -- Ng_tools -- sFlow and sFlow Toolkit -- Argus -- Tcptrace -- Conclusion -- Chapter 8 Statistical data -- What is statistical data? -- Cosco accounting -- Ipcad -- Ifstat -- Bmon -- Trafshow -- Ttt -- Tcpdstat -- MRTG -- Ntop -- Conclusion -- Chapter 9 Alert data: bro and prelude -- Bro -- Prelude -- Conclusion -- Chapter 10 Alert data: NSM using sguil -- Why sguil? -- So what is sguil? -- The basic sguil interfece -- Sguil's answer to "now what?" -- Making desicions with sguil -- Sguil versus the reference intrusion model -- Conclusion -- Part III Network security monitoring processes -- Chapter 11 Best practices -- Assessment -- Protection -- Detection -- Response -- Back to assessment -- Conclusion -- Chapter 12 Case studies for managers -- Introduction to hawke helicopter supplies -- Case study 1: emergency network security monitoring -- Case study 2: Evaluating managed security monitoring providers -- Case study 3: Deploying an in-house NSM solution -- Conclusion -- Part IV Network security monitoring people -- Chapter 13 Analyst training program -- Weapons and tactics -- Telecommunications -- System administration -- Scripting and programming -- Management and policy -- Training in action -- Periodicals and web sites -- Case study: staying current with tools -- Conclusion -- Chapter 14 Discovering DNS -- Normal port 53 traffic -- Suspicious port 53 traffic -- Malicious port 53 traffic -- Conclusion -- Chapter 15 Harnessing the power of session data -- The session scenario -- Session data from the wireless segment -- Session data from the DMZ segment -- Session data from the VLANs -- Session data from the external segment -- Conclusion -- Chapter 16 Packet monkey heaven -- Truncated TCO options -- SCAN FIN -- Chained covert channels -- Conclusion -- Part V The intruder versus network security monitoring -- Chapter 17 Tools for attacking network security monitoring -- Packit -- IP Sorcery -- Fragroute -- LFT -- Xprobe2 -- Cisco IOS denial of service -- Solaris sadmin exploitation attempt -- Microsoft RPC exploitation -- Conclusion -- Chapter 18 Tactics for attacking network security monitoring -- Promote anonymity -- Evade detection -- Appear normal -- Degrade or deny collection -- Self-inflicted problems in NSM -- Conclusion -- Epilogue The future of network security monitoring -- Remote packet capture and centralized analysis -- Integration of vulnerability assessment products -- Anomaly detection -- NSM beyond the gateway -- Conclusion | |
| 650 | 4 | _aSEGURIDAD EN REDES | |
| 650 | 4 | _aSEGURIDAD Y PROTECCIÓN | |
| 653 | _apropiedades de red | ||
| 942 | _cBK | ||
| 999 |
_c56447 _d56447 |
||