SKIP THE SHIPPING
Use code NOSHIP during checkout to save 40% on eligible eBooks, now through January 5. Shop now.
Register your product to gain access to bonus material or receive a coupon.
This PDF will be accessible from your Account page after purchase and requires PDF reading software, such as Acrobat® Reader®.
The eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
An introduction to network attack mitigation with IPS
Intrusion Prevention Fundamentals offers an introduction and in-depth overview of Intrusion Prevention Systems (IPS) technology. Using real-world scenarios and practical case studies, this book walks you through the lifecycle of an IPS project–from needs definition to deployment considerations. Implementation examples help you learn how IPS works, so you can make decisions about how and when to use the technology and understand what “flavors” of IPS are available. The book will answer questions like:
Whether you are evaluating IPS technologies or want to learn how to deploy and manage IPS in your network, this book is an invaluable resource for anyone who needs to know how IPS technology works, what problems it can or cannot solve, how it is deployed, and where it fits in the larger security marketplace.
This book is part of the Cisco Press® Fundamentals Series. Books in this series introduce networking professionals to new networking technologies, covering network topologies, example deployment concepts, protocols, and management techniques.
Includes a FREE 45-Day Online Edition
Part I Intrusion Prevention Overview
Chapter 1 Intrusion Prevention Overview
Evolution of Computer Security Threats
Technology Adoption
Target Value
Attack Characteristics
Attack Examples
Evolution of Attack Mitigation
Host
Network
IPS Capabilities
Attack Prevention
Regulatory Compliance
Summary
Technology Adoption
Target Value
Attack Characteristics
Chapter 2 Signatures and Actions
Signature Types
Atomic Signatures
Stateful Signatures
Signature Triggers
Pattern Detection
Anomaly-Based Detection
Behavior-Based Detection
Signature Actions
Alert Signature Action
Drop Signature Action
Log Signature Action
Block Signature Action
TCP Reset Signature Action
Allow Signature Action
Summary
Chapter 3 Operational Tasks
Deploying IPS Devices and Applications
Deploying Host IPS
Deploying Network IPS
Configuring IPS Devices and Applications
Signature Tuning
Event Response
Software Updates
Configuration Updates
Device Failure
Monitoring IPS Activities
Management Method
Event Correlation
Security Staff
Incident Response Plan
Securing IPS Communications
Management Communication
Device-to-Device Communication
Summary
Chapter 4 Security in Depth
Defense-in-Depth Examples
External Attack Against a Corporate Database
Internal Attack Against a Management Server
The Security Policy
The Future of IPS
Intrinsic IPS
Collaboration Between Layers
Summary
Part II Host Intrusion Prevention
Chapter 5 Host Intrusion Prevention Overview
Host Intrusion Prevention Capabilities
Blocking Malicious Code Activities
Not Disrupting Normal Operations
Distinguishing Between Attacks and Normal Events
Stopping New and Unknown Attacks
Protecting Against Flaws in Permitted Applications
Host Intrusion Prevention Benefits
Attack Prevention
Patch Relief
Internal Attack Propagation Prevention
Policy Enforcement
Acceptable Use Policy Enforcement
Regulatory Requirements
Host Intrusion Prevention Limitations
Subject to End User Tampering
Lack of Complete Coverage
Attacks That Do Not Target Hosts
Summary
References in This Chapter
Chapter 6 HIPS Components
Endpoint Agents
Identifying the Resource Being Accessed
Gathering Data About the Operation
Determining the State
Consulting the Security Policy
Taking Action
Management Infrastructure
Management Center
Management Interface
Summary
Part III Network Intrusion Prevention
Chapter 7 Network Intrusion Prevention Overview
Network Intrusion Prevention Capabilities
Dropping a Single Packet
Dropping All Packets for a Connection
Dropping All Traffic from a Source IP
Network Intrusion Prevention Benefits
Traffic Normalization
Security Policy Enforcement
Network Intrusion Prevention Limitations
Hybrid IPS/IDS Systems
Shared IDS/IPS Capabilities
Generating Alerts
Initiating IP Logging
Resetting TCP Connections
Initiating IP Blocking
Summary
Chapter 8 NIPS Components
Sensor Capabilities
Sensor Processing Capacity
Sensor Interfaces
Sensor Form Factor
Capturing Network Traffic
Capturing Traffic for In-line Mode
Capturing Traffic for Promiscuous Mode
Analyzing Network Traffic
Atomic Operations
Stateful Operations
Protocol Decode Operations
Anomaly Operations
Normalizing Operations
Responding to Network Traffic
Alerting Actions
Logging Actions
Blocking Actions
Dropping Actions
Sensor Management and Monitoring
Small Sensor Deployments
Large Sensor Deployments
Summary
Part IV Deployment Solutions
Chapter 9 Cisco Security Agent Deployment
Step1: Understand the Product
Components
Capabilities
Step 2: Predeployment Planning
Review the Security Policy
Define Project Goals
Select and Classify Target Hosts
Plan for Ongoing Management
Choose the Appropriate Management Architecture
Step 3: Implement Management
Install and Secure the CSA MC
Understand the MC
Configure Groups
Configure Policies
Step 4: Pilot
Scope
Objectives
Step 5: Tuning
Step 6: Full Deployment
Step 7: Finalize the Project
Summary
Understand the Product
Predeployment Planning
Implement Management
Pilot
Tuning
Full Deployment
Finalize the Project
Chapter 10 Deploying Cisco Network IPS
Step 1: Understand the Product
Sensors Available
In-line Support
Management and Monitoring Options
NIPS Capabilities
Signature Database and Update Schedule
Step 2: Predeployment Planning
Review the Security Policy
Define Deployment Goals
Select and Classify Sensor Deployment Locations
Plan for Ongoing Management
Choose the Appropriate Management Architecture
Step 3: Sensor Deployment
Understand Sensor CLI and IDM
Install Sensors
Install and Secure the IPS MC and Understand the Management Center
Step 4: Tuning
Identify False Positives
Configure Signature Filters
Configure Signature Actions
Step 5: Finalize the Project
Summary
Understand the Product
Predeployment Planning
Sensor Deployment
Tuning
Finalize the Project
Chapter 11 Deployment Scenarios
Large Enterprise
Limiting Factors
Security Policy Goals
HIPS Implementation
NIPS Implementation
Branch Office
Limiting Factors
Security Policy Goals
HIPS Implementation
NIPS Implementation
Medium Financial Enterprise
Limiting Factors
Security Policy Goals
HIPS Implementation
NIPS Implementation
Medium Educational Institution
Limiting Factors
Security Policy Goals
HIPS Implementation
NIPS Implementation
Small Office
Limiting Factors
Security Policy Goals
HIPS Implementation
NIPS Implementation
Home Office
Limiting Factors
Security Policy Goals
HIPS Implementation
NIPS Implementation
Summary
Large Enterprise
Branch Office
Medium Financial Enterprise
Medium Educational Institution
Small Office
Home Office
Part V Appendix
Appendix A
Glossary
1587052393TOC121905