Always Learning

Advanced Search

Intrusion Prevention Fundamentals

Intrusion Prevention Fundamentals

Earl Carter, Jonathan Hogue

Jan 2006, Paperback, 312 pages
ISBN13: 9781587052392
ISBN10: 1587052393
This title is ordered on demand which may result in extended delivery times.
  • Print pagePrint page
  • Email this pageEmail page
  • Write a reviewWrite a review
  • Share

An introduction to network attack mitigation with IPS

  • Where did IPS come from? How has it evolved?
  • How does IPS work? What components does it have?
  • What security needs can IPS address?
  • Does IPS work with other security products? What is the “big picture”?
  • What are the best practices related to IPS?
  • How is IPS deployed, and what should be considered prior to a deployment?

Intrusion Prevention Fundamentals offers an introduction and in-depth overview of Intrusion Prevention Systems (IPS) technology. Using real-world scenarios and practical case studies, this book walks you through the lifecycle of an IPS project–from needs definition to deployment considerations. Implementation examples help you learn how IPS works, so you can make decisions about how and when to use the technology and understand what “flavors” of IPS are available. The book will answer questions like:

Whether you are evaluating IPS technologies or want to learn how to deploy and manage IPS in your network, this book is an invaluable resource for anyone who needs to know how IPS technology works, what problems it can or cannot solve, how it is deployed, and where it fits in the larger security marketplace.

  • Understand the types, triggers, and actions of IPS signatures
  • Deploy, configure, and monitor IPS activities and secure IPS communications
  • Learn the capabilities, benefits, and limitations of host IPS
  • Examine the inner workings of host IPS agents and management infrastructures
  • Enhance your network security posture by deploying network IPS features
  • Evaluate the various network IPS sensor types and management options
  • Examine real-world host and network IPS deployment scenarios

This book is part of the Cisco Press® Fundamentals Series. Books in this series introduce networking professionals to new networking technologies, covering network topologies, example deployment concepts, protocols, and management techniques.

Includes a FREE 45-Day Online Edition

An introduction to network attack mitigation with IPS

  • Where did IPS come from? How has it evolved?
  • How does IPS work? What components does it have?
  • What security needs can IPS address?
  • Does IPS work with other security products? What is the “big picture”?
  • What are the best practices related to IPS?
  • How is IPS deployed, and what should be considered prior to a deployment?

Intrusion Prevention Fundamentals offers an introduction and in-depth overview of Intrusion Prevention Systems (IPS) technology. Using real-world scenarios and practical case studies, this book walks you through the lifecycle of an IPS project–from needs definition to deployment considerations. Implementation examples help you learn how IPS works, so you can make decisions about how and when to use the technology and understand what “flavors” of IPS are available. The book will answer questions like:

Whether you are evaluating IPS technologies or want to learn how to deploy and manage IPS in your network, this book is an invaluable resource for anyone who needs to know how IPS technology works, what problems it can or cannot solve, how it is deployed, and where it fits in the larger security marketplace.

  • Understand the types, triggers, and actions of IPS signatures
  • Deploy, configure, and monitor IPS activities and secure IPS communications
  • Learn the capabilities, benefits, and limitations of host IPS
  • Examine the inner workings of host IPS agents and management infrastructures
  • Enhance your network security posture by deploying network IPS features
  • Evaluate the various network IPS sensor types and management options
  • Examine real-world host and network IPS deployment scenarios

This book is part of the Cisco Press® Fundamentals Series. Books in this series introduce networking professionals to new networking technologies, covering network topologies, example deployment concepts, protocols, and management techniques.

Includes a FREE 45-Day Online Edition

Part I Intrusion Prevention Overview

Chapter 1 Intrusion Prevention Overview

Evolution of Computer Security Threats

Technology Adoption

Target Value

Attack Characteristics

Attack Examples

Evolution of Attack Mitigation

Host

Network

IPS Capabilities

Attack Prevention

Regulatory Compliance

Summary

Technology Adoption

Target Value

Attack Characteristics

Chapter 2 Signatures and Actions

Signature Types

Atomic Signatures

Stateful Signatures

Signature Triggers

Pattern Detection

Anomaly-Based Detection

Behavior-Based Detection

Signature Actions

Alert Signature Action

Drop Signature Action

Log Signature Action

Block Signature Action

TCP Reset Signature Action

Allow Signature Action

Summary

Chapter 3 Operational Tasks

Deploying IPS Devices and Applications

Deploying Host IPS

Deploying Network IPS

Configuring IPS Devices and Applications

Signature Tuning

Event Response

Software Updates

Configuration Updates

Device Failure

Monitoring IPS Activities

Management Method

Event Correlation

Security Staff

Incident Response Plan

Securing IPS Communications

Management Communication

Device-to-Device Communication

Summary

Chapter 4 Security in Depth

Defense-in-Depth Examples

External Attack Against a Corporate Database

Internal Attack Against a Management Server

The Security Policy

The Future of IPS

Intrinsic IPS

Collaboration Between Layers

Summary

Part II Host Intrusion Prevention

Chapter 5 Host Intrusion Prevention Overview

Host Intrusion Prevention Capabilities

Blocking Malicious Code Activities

Not Disrupting Normal Operations

Distinguishing Between Attacks and Normal Events

Stopping New and Unknown Attacks

Protecting Against Flaws in Permitted Applications

Host Intrusion Prevention Benefits

Attack Prevention

Patch Relief

Internal Attack Propagation Prevention

Policy Enforcement

Acceptable Use Policy Enforcement

Regulatory Requirements

Host Intrusion Prevention Limitations

Subject to End User Tampering

Lack of Complete Coverage

Attacks That Do Not Target Hosts

Summary

References in This Chapter

Chapter 6 HIPS Components

Endpoint Agents

Identifying the Resource Being Accessed

Gathering Data About the Operation

Determining the State

Consulting the Security Policy

Taking Action

Management Infrastructure

ManagementCenter

Management Interface

Summary

Part III Network Intrusion Prevention

Chapter 7 Network Intrusion Prevention Overview

Network Intrusion Prevention Capabilities

Dropping a Single Packet

Dropping All Packets for a Connection

Dropping All Traffic from a Source IP

Network Intrusion Prevention Benefits

Traffic Normalization

Security Policy Enforcement

Network Intrusion Prevention Limitations

Hybrid IPS/IDS Systems

Shared IDS/IPS Capabilities

Generating Alerts

Initiating IP Logging

Resetting TCP Connections

Initiating IP Blocking

Summary

Chapter 8 NIPS Components

Sensor Capabilities

Sensor Processing Capacity

Sensor Interfaces

Sensor Form Factor

Capturing Network Traffic

Capturing Traffic for In-line Mode

Capturing Traffic for Promiscuous Mode

Analyzing Network Traffic

Atomic Operations

Stateful Operations

Protocol Decode Operations

Anomaly Operations

Normalizing Operations

Responding to Network Traffic

Alerting Actions

Logging Actions

Blocking Actions

Dropping Actions

Sensor Management and Monitoring

Small Sensor Deployments

Large Sensor Deployments

Summary

Part IV Deployment Solutions

Chapter 9 Cisco Security Agent Deployment

Step1: Understand the Product

Components

Capabilities

Step 2: Predeployment Planning

Review the Security Policy

Define Project Goals

Select and Classify Target Hosts

Plan for Ongoing Management

Choose the Appropriate Management Architecture

Step 3: Implement Management

Install and Secure the CSA MC

Understand the MC

Configure Groups

Configure Policies

Step 4: Pilot

Scope

Objectives

Step 5: Tuning

Step 6: Full Deployment

Step 7: Finalize the Project

Summary

Understand the Product

Predeployment Planning

Implement Management

Pilot

Tuning

Full Deployment

Finalize the Project

Chapter 10 Deploying Cisco Network IPS

Step 1: Understand the Product

Sensors Available

In-line Support

Management and Monitoring Options

NIPS Capabilities

Signature Database and Update Schedule

Step 2: Predeployment Planning

Review the Security Policy

Define Deployment Goals

Select and Classify Sensor Deployment Locations

Plan for Ongoing Management

Choose the Appropriate Management Architecture

Step 3: Sensor Deployment

Understand Sensor CLI and IDM

Install Sensors

Install and Secure the IPS MC and Understand the Management Center

Step 4: Tuning

Identify False Positives

Configure Signature Filters

Configure Signature Actions

Step 5: Finalize the Project

Summary

Understand the Product

Predeployment Planning

Sensor Deployment

Tuning

Finalize the Project

Chapter 11 Deployment Scenarios

Large Enterprise

Limiting Factors

Security Policy Goals

HIPS Implementation

NIPS Implementation

Branch Office

Limiting Factors

Security Policy Goals

HIPS Implementation

NIPS Implementation

Medium Financial Enterprise

Limiting Factors

Security Policy Goals

HIPS Implementation

NIPS Implementation

Medium Educational Institution

Limiting Factors

Security Policy Goals

HIPS Implementation

NIPS Implementation

Small Office

Limiting Factors

Security Policy Goals

HIPS Implementation

NIPS Implementation

Home Office

Limiting Factors

Security Policy Goals

HIPS Implementation

NIPS Implementation

Summary

Large Enterprise

Branch Office

Medium Financial Enterprise

Medium Educational Institution

Small Office

Home Office

Part V Appendix

Appendix A

Glossary

1587052393TOC121905

Earl Carter is a consulting engineer and member of the Security Technologies Assessment Team (STAT) for Cisco Systems®. He performs security evaluations on numerous Cisco® products, including everything from the PIX® Firewall and VPN solutions to Cisco CallManager and other VoIP products. Earl started with Cisco doing research for Cisco Secure Intrusion Detection System (formerly NetRanger) and Cisco Secure Scanner (formerly NetSonar).

Jonathan Hogue, CISSP, is a technical marketing engineer in the Cisco security business unit where his primary focus is the Cisco Security Agent. He has been involved with host-based security products since 1999 when he joined Trend Micro. In 2001, he began working with one of the first host intrusion prevention products, StormWatch by Okena, Inc. Okena was subsequently acquired by Cisco Systems.

Your opinions count

Be the first to review this product. Write your review now.