وبلاگ بلیان

تشخیص خروجی: نظارت امنیتی برای نفوذهای داخلی

Extrusion detection : security monitoring for internal intrusions

معرفی کتاب «تشخیص خروجی: نظارت امنیتی برای نفوذهای داخلی» (با عنوان لاتین Extrusion detection : security monitoring for internal intrusions) نوشتهٔ Bejtlich, Richard، منتشرشده توسط نشر Addison-Wesley Professional در سال 2005. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

Cover......Page 1 Contents......Page 8 Foreword......Page 14 Preface......Page 22 PART I: DETECTING AND CONTROLLING INTRUSIONS......Page 30 Chapter 1 Network Security Monitoring Revisited......Page 32 Why Extrusion Detection?......Page 33 Defining the Security Process......Page 35 Security Principles......Page 37 Network Security Monitoring Theory......Page 39 Network Security Monitoring Techniques......Page 42 Network Security Monitoring Tools......Page 47 Conclusion......Page 53 Chapter 2 Defensible Network Architecture......Page 54 Monitoring the Defensible Network......Page 56 Controlling the Defensible Network......Page 62 Minimizing the Defensible Network......Page 95 Keeping the Defensible Network Current......Page 104 Conclusion......Page 105 Chapter 3 Extrusion Detection Illustrated......Page 108 Intrusion Detection Defined......Page 109 Extrusion Detection Defined......Page 112 History of Extrusion Detection......Page 113 Extrusion Detection Through NSM......Page 117 Conclusion......Page 133 Common Packet Capture Methods......Page 134 PCI Tap......Page 136 Dual Port Aggregator Tap......Page 143 2X1 10/100 Regeneration Tap......Page 145 2X1 10/100 SPAN Regeneration Tap......Page 148 Matrix Switch......Page 152 Link Aggregator Tap......Page 154 Distributed Traffic Collection with Pf Dup-To......Page 155 Squid SSL Termination Reverse Proxy......Page 159 Conclusion......Page 164 Internal Network Design......Page 166 Internet Service Provider Sink Holes......Page 170 Enterprise Sink Holes......Page 173 Using Sink Holes to Identify Internal Intrusions......Page 182 Internal Intrusion Containment......Page 185 Notes on Enterprise Sink Holes in the Field......Page 198 Conclusion......Page 200 PART II: NETWORK SECURITY OPERATIONS......Page 202 Why Traffic Threat Assessment?......Page 204 Assumptions......Page 208 First Cuts......Page 210 Looking for Odd Traffic......Page 216 Inspecting Individual Services: NTP......Page 225 Inspecting Individual Services: ISAKMP......Page 226 Inspecting Individual Services: Secure Shell......Page 227 Inspecting Individual Services: Whois......Page 228 Inspecting Individual Services: LDAP......Page 229 Inspecting Individual Services: Ports 3003 to 9126 TCP......Page 230 Inspecting Individual Services: Ports 44444 and 49993 TCP......Page 238 Inspecting Individual Services: DNS......Page 242 Inspecting Individual Services: Wrap-Up......Page 245 Conclusion......Page 246 Chapter 7 Network Incident Response......Page 248 Preparation for Network Incident Response......Page 249 Secure CSIRT Communications......Page 257 Intruder Profiles......Page 260 Incident Detection Methods......Page 261 Network First Response......Page 263 Network-Centric General Response and Remediation......Page 269 Conclusion......Page 273 Chapter 8 Network Forensics......Page 274 What Is Network Forensics?......Page 275 Collecting Network Traffic as Evidence......Page 277 Protecting and Preserving Network-Based Evidence......Page 288 Analyzing Network-Based Evidence......Page 295 Presenting and Defending Conclusions......Page 303 Conclusion......Page 304 PART III: INTERNAL INTRUSIONS......Page 306 Initial Discovery......Page 308 Making Sense of Argus Output......Page 311 Argus Meets Awk......Page 315 Examining Port 445 TCP Traffic......Page 317 Were the Targets Compromised?......Page 318 Tracking Down the Internal Victims......Page 322 Moving to Full Content Data......Page 325 Correlating Live Response Data with Network Evidence......Page 328 Conclusion......Page 334 Chapter 10 Malicious Bots......Page 336 Introduction to IRC Bots......Page 337 Communication and Identification......Page 339 Server and Control Channels......Page 340 Exploitation and Propagation......Page 343 Dialogue with a Bot Net Admin......Page 345 Conclusion......Page 348 Epilogue......Page 350 Appendix A: Collecting Session Data in an Emergency......Page 354 Appendix B: Minimal Snort Installation Guide......Page 362 Appendix C: Survey of Enumeration Methods......Page 372 Appendix D: Open Source Host Enumeration......Page 378 A......Page 400 C......Page 401 D......Page 402 E......Page 403 F......Page 404 I......Page 405 K......Page 406 M......Page 407 N......Page 408 P......Page 409 S......Page 410 T......Page 412 Z......Page 414

Overcome Your Fastest-Growing Security Problem: Internal, Client-Based Attacks

Today's most devastating security attacks are launched from within the company, by intruders who have compromised your users' Web browsers, e-mail and chat clients, and other Internet-connected software. Hardening your network perimeter won't solve this problem. You must systematically protect client software and monitor the traffic it generates.

Extrusion Detection is a comprehensive guide to preventing, detecting, and mitigating security breaches from the inside out. Top security consultant Richard Bejtlich offers clear, easy-to-understand explanations of today's client-based threats and effective, step-by-step solutions, demonstrated against real traffic and data. You will learn how to assess threats from internal clients, instrument networks to detect anomalies in outgoing traffic, architect networks to resist internal attacks, and respond effectively when attacks occur.

Bejtlich's The Tao of Network Security Monitoring earned acclaim as the definitive guide to overcoming external threats. Now, in Extrusion Detection , he brings the same level of insight to defending against today's rapidly emerging internal threats. Whether you're an architect, analyst, engineer, administrator, or IT manager, you face a new generation of security risks. Get this book and protect yourself.

Coverage includes

  • Architecting defensible networks with pervasive awareness: theory, techniques, and tools
  • Defending against malicious sites, Internet Explorer exploitations, bots, Trojans, worms, and more
  • Dissecting session and full-content data to reveal unauthorized activity
  • Implementing effective Layer 3 network access control
  • Responding to internal attacks, including step-by-step network forensics
  • Assessing your network's current ability to resist internal attacks
  • Setting reasonable corporate access policies
  • Detailed case studies, including the discovery of internal and IRC-based bot nets
  • Advanced extrusion detection: from data collection to host and vulnerability enumeration
About the Web Site

Get book updates and network security news at Richard Bejtlich's popular blog, taosecurity.blogspot.com, and his Web site, www.bejtlich.net.

Overcome Your Fastest-Growing Security Problem: Internal, Client-Based Attacks Today's most devastating security attacks are launched from within the company, by intruders who have compromised your users' Web browsers, e-mail and chat clients, and other Internet-connected software. Hardening your network perimeter won't solve this problem. You must systematically protect client software and monitor the traffic it generates. Extrusion Detection is a comprehensive guide to preventing, detecting, and mitigating security breaches from the inside out. Top security consultant Richard Bejtlich offers clear, easy-to-understand explanations of today's client-based threats and effective, step-by-step solutions, demonstrated against real traffic and data. You will learn how to assess threats from internal clients, instrument networks to detect anomalies in outgoing traffic, architect networks to resist internal attacks, and respond effectively when attacks occur. Bejtlich's The Tao of Network Security Monitoring earned acclaim as the definitive guide to overcoming external threats. Now, in Extrusion Detection , he brings the same level of insight to defending against today's rapidly emerging internal threats. Whether you're an architect, analyst, engineer, administrator, or IT manager, you face a new generation of security risks. Get this book and protect yourself. Coverage includes Architecting defensible networks with pervasive awareness: theory, techniques, and tools Defending against malicious sites, Internet Explorer exploitations, bots, Trojans, worms, and more Dissecting session and full-content data to reveal unauthorized activity Implementing effective Layer 3 network access control Responding to internal attacks, including step-by-step network forensics Assessing your network's current ability to resist internal attacks Setting reasonable corporate access policies Detailed case studies, including the discovery of internal and IRC-based bot nets Advanced extrusion detection: from data collection to host and vulnerability enumeration About the Web Site Get book updates and network security news at Richard Bejtlich's popular blog, taosecurity.blogspot.com, and his Web site,(http://www.bejtlich.net) www.bejtlich.net . **Overcome Your Fastest-Growing Security Problem: Internal, Client-Based Attacks**Today's most devastating security attacks are launched from within the company, by intruders who have compromised your users' Web browsers, e-mail and chat clients, and other Internet-connected software. Hardening your network perimeter won't solve this problem. You must systematically protect client software and monitor the traffic it generates.__**Extrusion Detection**__Bejtlich'searned acclaim as the definitive guide to overcoming external threats. Now, in, he brings the same level of insight to defending against today's rapidly emerging internal threats. Whether you're an architect, analyst, engineer, administrator, or IT manager, you face a new generation of security risks. Get this book and protect yourself.Coverage includesArchitecting defensible networks with pervasive awareness: theory, techniques, and tools Defending against malicious sites, Internet Explorer exploitations, bots, Trojans, worms, and more Dissecting session and full-content data to reveal unauthorized activity Implementing effective Layer 3 network access control Responding to internal attacks, including step-by-step network forensics Assessing your network's current ability to resist internal attacks Setting reasonable corporate access policies Detailed case studies, including the discovery of internal and IRC-based bot nets Advanced extrusion detection: from data collection to host and vulnerability enumerationGet book updates and network security news at Richard Bejtlich's popular blog, taosecurity.blogspot.com, and his Web site,. Detecting and controlling intrusions Network security monitoring revisited Defensible network architecture Extrusion detection illustrated Enterprise network instrumentation Layer 3 network access control Network security operations Traffic threat assessment Network incident response Network forensics Internal intrusions Traffic threat assessment case study Malicious bots. Helps you overcome your fastest-growing security problem: internal, client-based attacks. This is a comprehensive guide to preventing, detecting, and mitigating security breaches from the inside out.It offers clear explanations of client-based threats and effective, step-by-step solutions, demonstrated against real traffic and data.
دانلود کتاب تشخیص خروجی: نظارت امنیتی برای نفوذهای داخلی