Intrusion Signatures and Analysis
©2001 |Sams Publishing |
©2001 |Sams Publishing |
For advanced courses in network security.
Intrusion Signatures and Analysis is ideal for courses looking to teach students about the concepts of intrusion detection and network security. The book opens with an introduction into the format of some of the more common detection sensors and then begins a tutorial into the unique format of the signatures and analyses used in the book. After a challenging four-chapter review, the student finds page after page of signatures, in order by categories. Then the content digs right into reaction and responses covering how sometimes what you see isn't always what is happening. The book also covers how students and analysts can spend time chasing after false positives. Also included is a section on how attacks have shut down the networks and web sites of Yahoo, and E-bay and what those attacks looked like. Students will also find review questions with answers throughout the book, to be sure they comprehend the traces and material that has been covered.
This product is part of the following series. Click on a series title to see the full list of products in the series.
Used by the SANS Institute to train their intrusion analysts, this book is ideal for self-study, containing end of chapter review questions that cover the traces and signatures. Ex.___
Companion Website component of trace and signature updates keeps the life of the book long, truly a resource students can use after the course. Ex.___
Stephen Northcutt has served as the leader of the Department of Defenses Shadow Intrusion Detection Team for two years and was the Chief for Information Warfare at the Ballistic Missile Defense Organization. Ex.___
1. Reading Log Formats.
2. Introduction to the Practicals.
3. The Ten Most Critical Internet Security Threats, Part 1.
4. The Ten Most Critical Internet Security Threats, Part 2.
5. Reactions and Responses.
6. Perimeter Logs.
7. Non-Malicious Traffic.
8. Network Mapping.
9. Scans that Probe Systems for Information.
10. Denial Of Service (DoS)—Resource Starvation.
11. Denial Of Service (DoS)—Bandwidth Consumption.
14. Buffer Overflows with Content.
16. False Positives.
17. Out of Spec Packets.
Pearson offers special pricing when you package your text with other student resources. If you're interested in creating a cost-saving package for your students, contact your Pearson rep.
Stephen Northcutt is the author of several books including: Incident Handling Step-by-Step, Intrusion Detection: Shadow Style (both by the SANS Institute) and Network Intrusion Detection: An Analyst's Handbook (New Riders) as well as a contributing editor for Securing NT Step-by-Step (The SANS Institute.) He was the original developer of the Shadow intrusion detection system and served as the leader of the Department of Defenses Shadow Intrusion Detection Team for two years. Mr. Northcutt was the Chief for Information Warfare at the Ballistic Missile Defense Organization and currently serves as the Director for GIAC Training and Certification for the SANS Institute. Mark Cooper graduated from UMIST in 1991 with a BS in Microelectronic Systems Engineering. Currently working as a security consultant, he reached his current position after spending many years as a software engineer and then as a UNIX Systems Administrator. He is now a SANS GIAC Certified Intrusion Analyst. Matt Fearnow is a Network/ Security Administrator for Macmillan USA. Before working at Macmillan, he served in the US Navy as a Sonar Technician aboard submarines. In his current duties he constantly utilizes his SANS GIAC certification and is a frequent contributor to the SANS GIAC website. Matt was the first to establish categories for the traces from completed GIAC practicals. Karen Frederick is an Infosec Engineer for Sun Tzu Security in Milwaukee, Wisconsin. She earned her bachelor's degree in computer science from the University of Wisconsin-Parkside, and she is currently completing her master's degree thesis in intrusion detection from the University of Idaho's Engineering Outreach program. Karen holds several certifications, including Microsoft Certified Systems Engineer + Internet, Check Point Certified Security Administrator and GIAC Certified Intrusion Analyst.
We're sorry! We don't recognize your username or password. Please try again.
The work is protected by local and international copyright laws and is provided solely for the use of instructors in teaching their courses and assessing student learning.
You have successfully signed out and will be required to sign back in should you need to download more resources.