IDS/IPS/Honeypots/Netwrok Analysis/Log Analysis and Management |
|
Virtual Honeypots: From Botnet Tracking to Intrusion Detection |
Author: Niels Provos, Thorsten Holz |
Publisher: Addison-Wesley Professional |
Year: 2007 |
Pages: 440 |
Amazon's book description: After reading this book, you will be able to: - Compare high-interaction honeypots that provide real systems and services and the low-interaction honeypots that emulate them - Install and configure Honeyd to simulate multiple operating systems, services, and network environments - Use virtual honeypots to capture worms, bots, and other malware - Create high-performance "hybrid" honeypots that draw on technologies from both low- and high-interaction honeypots - Implement client honeypots that actively seek out dangerous Internet locations - Understand how attackers identify and circumvent honeypots - Analyze the botnets your honeypot identifies, and the malware it captures - Preview the future evolution of both virtual and physical honeypots |
|
|
|
Snort Intrusion Detection and Prevention Toolkit |
Author: Brian Caswell, Jay Beale, Andrew Baker |
Publisher: Syngress Publishing |
Year: 2007 |
Pages: 750 |
Amazon's book description: This all new book covering the brand new Snort version 2.6 from members of the Snort developers team. This fully integrated book, CD, and Web toolkit covers everything from packet inspection to optimizing Snort for speed to using the most advanced features of Snort to defend even the largest and most congested enterprise networks. Leading Snort experts Brian Caswell, Andrew Baker, and Jay Beale analyze traffic from real attacks to demonstrate the best practices for implementing the most powerful Snort features. |
|
|
|
Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems |
Author: Chris Sanders |
Publisher: No Starch Press |
Year: 2007 |
Pages: 192 |
Amazon's book description: t's easy enough to install Wireshark and begin capturing packets off the wire--or from the air. But how do you interpret those packets once you've captured them? And how can those packets help you to better understand what's going on under the hood of your network? Practical Packet Analysis shows how to use Wireshark to capture and then analyze packets as you take an indepth look at real-world packet analysis and network troubleshooting. |
|
|
|
Wireshark & Ethereal Network Protocol Analyzer Toolkit |
Author: Angela Orebaugh, Gilbert Ramirez, Jay Beale |
Publisher: Syngress |
Year: 2006 |
Pages: 552 |
Amazon's book description: This book provides complete information and step-by-step Instructions for analyzing protocols and network traffic on Windows, Unix or Mac OS X networks. First, readers will learn about the types of sniffers available today and see the benefits of using Ethereal. Readers will then learn to install Ethereal in multiple environments including Windows, Unix and Mac OS X as well as building Ethereal from source and will also be guided through Ethereals graphical user interface. The following sections will teach readers to use command-line options of Ethereal as well as using Tethereal to capture live packets from the wire or to read saved capture files. This section also details how to import and export files between Ethereal and WinDump, Snort, Snoop, Microsoft Network Monitor, and EtherPeek. |
|
|
|
Security Log Management: Identifying Patterns in the Chaos |
Author: Jacob Babbin, Dave Kleiman, Everett F. Carter Jr., Jeremy Faircloth, Mark Burnett, Esteban Gutierrez |
Publisher: Syngress |
Year: 2006 |
Pages: 350 |
Amazon's book description: This book teaches IT professionals how to analyze, manage, and automate their security log files to generate useful, repeatable information that can be use to make their networks more efficient and secure using primarily open source tools. The book begins by discussing the Top 10 security logs that every IT professional should be regularly analyzing. These 10 logs cover everything from the top workstations sending/receiving data through a firewall to the top targets of IDS alerts. |
|
|
|
Intrusion Prevention Fundamentals |
Author: Earl Carter, Jonathan Hogue |
Publisher: Cisco Press |
Year: 2006 |
Pages: 312 |
Amazon's book description: Intrusion Prevention Fundamentals offers an introduction and in-depth overview of Intrusion Prevention Systems (IPS) technology. Using real-world scenarios and practical case studies, this book walks you through the lifecycle of an IPS project–from needs definition to deployment considerations. Implementation examples help you learn how IPS works, so you can make decisions about how and when to use the technology and understand what “flavors” of IPS are available. |
|
|
|
Honeypots for Windows |
Author: Roger A. Grimes |
Publisher: Apress |
Year: 2005 |
Pages: 424 |
Amazon's book description: The Book will cover installing, configuring, and maintaining security Honeypots on Windows platforms. The Book will specifically cover the popular open source Honeypot product called honeyd, and summarize other commercial Honeypot solutions. There are no computer security books covering Honeypots (or IDSs) as they run on Windows platforms. |
|
|
|
Snort Cookbook |
Author: Angela Orebaugh, Simon Biles, Jacob Babbin |
Publisher: O'Reilly Media |
Year: 2005 |
Pages: 400 |
Amazon's book description: If you are a network administrator, you're under a lot of pressure to ensure that mission-critical systems are completely safe from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is an essential--but often overwhelming--challenge. Snort, the defacto open source standard of intrusion detection tools, is capable of performing real-time traffic analysis and packet logging on IP network. It can perform protocol analysis, content searching, and matching. Snort can save countless headaches; the new Snort Cookbook will save countless hours of sifting through dubious online advice or wordy tutorials in order to leverage the full power of SNORT. |
|
|
|
Nessus, Snort, & Ethereal Power Tools: Customizing Open Source Security Applications |
Author: Neil Archibald, Gilbert Ramirez, Noam Rathaus, Josh Burke, Brian Caswell, Renaud Deraison |
Publisher: Syngress |
Year: 2005 |
Pages: 445 |
Amazon's book description: This book will cover customizing Snort to perform intrusion detection and prevention; Nessus to analyze the network layer for vulnerabilities; and Ethereal to sniff their network for malicious or unusual traffic. The book will also contain an appendix detailing the best of the rest open source security tools. |
|
|
|
Intrusion Prevention and Active Response: Deploying Network and Host IPS |
Author: Michael Rash, Angela D. Orebaugh, Graham Clark, Becky Pinkard, Jake Babbin |
Publisher: Syngress |
Year: 2005 |
Pages: 424 |
Amazon's book description: This book provides an introduction to the field of Intrusion Prevention and provides detailed information on various IPS methods and technologies. Specific methods are covered in depth, including both network and host IPS and response technologies such as port deactivation, firewall/router network layer ACL modification, session sniping, outright application layer data modification, system call interception, and application shims. |
|
|
|
Host Integrity Monitoring Using Osiris and Samhain |
Author: Brian Wotring, Bruce Potter, Marcus Ranum |
Publisher: Syngress |
Year: 2005 |
Pages: 450 |
Amazon's book description: This book will walk the reader through the process of preparing and deploying open source host integrity monitoring software, specifically, Osiris and Samhain. From the configuration and installation to maintenance, testing, and fine-tuning, this book will cover everything needed to correctly deploy a centralized host integrity monitoring solution. The domain includes home networks on up to large-scale enterprise environments. |
|
|
|
Microsoft Log Parser Toolkit |
Author: Gabriele Giuseppini, Mark Burnett, Jeremy Faircloth, Dave Kleiman |
Publisher: Syngress |
Year: 2005 |
Pages: 350 |
Amazon's book description: Written by Microsoft's Log Parser developer, this is the first book available on Microsoft's popular yet undocumented log parser tool. The book and accompanying Web site contain hundreds of customized, working scripts and templates that system administrators will find invaluable for analyzing the log files from Windows Server, Snort IDS, ISA Server, IIS Server, Exchange Server, and other products. |
|
|
|
Managing Security with Snort and IDS Tools |
Author: Christopher Gerg, Kerry J. Cox |
Publisher: O'Reilly Media |
Year: 2004 |
Pages: 304 |
Amazon's book description: Intrusion detection is not for the faint at heart. But, if you are a network administrator chances are you're under increasing pressure to ensure that mission-critical systems are safe--in fact impenetrable--from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is a vital but daunting challenge. Because of this, a plethora of complex, sophisticated, and pricy software solutions are now available. In terms of raw power and features, SNORT, the most commonly used Open Source Intrusion Detection System, (IDS) has begun to eclipse many expensive proprietary IDSes. |
|
|
|
The Tao of Network Security Monitoring: Beyond Intrusion Detection |
Author: Richard Bejtlich |
Publisher: Addison-Wesley Professional |
Year: 2004 |
Pages: 832 |
Amazon's book description: The book you are about to read will arm you with the knowledge you need to defend your network from attackers—both the obvious and the not so obvious....If you are new to network security, don't put this book back on the shelf! This is a great book for beginners and I wish I had access to it many years ago. If you've learned the basics of TCP/IP protocols and run an open source or commercial IDS, you may be asking 'What's next?' If so, this book is for you. |
|
|