IDS/IPS/Honeypots/Netwrok Analysis/Log Analysis and Management

Virtual Honeypots: From Botnet Tracking to Intrusion Detection Author: Niels Provos, Thorsten Holz Publisher: Addison-Wesley Professional Year: 2007 Pages: 440 Amazon's book description: After reading this book, you will be able to: - Compare high-interaction honeypots that provide real systems and services and the low-interaction honeypots that emulate them - Install and configure Honeyd to simulate multiple operating systems, services, and network environments - Use virtual honeypots to capture worms, bots, and other malware - Create high-performance "hybrid" honeypots that draw on technologies from both low- and high-interaction honeypots - Implement client honeypots that actively seek out dangerous Internet locations - Understand how attackers identify and circumvent honeypots - Analyze the botnets your honeypot identifies, and the malware it captures - Preview the future evolution of both virtual and physical honeypots

Snort Intrusion Detection and Prevention Toolkit Author: Brian Caswell, Jay Beale, Andrew Baker Publisher: Syngress Publishing Year: 2007 Pages: 750 Amazon's book description: This all new book covering the brand new Snort version 2.6 from members of the Snort developers team. This fully integrated book, CD, and Web toolkit covers everything from packet inspection to optimizing Snort for speed to using the most advanced features of Snort to defend even the largest and most congested enterprise networks. Leading Snort experts Brian Caswell, Andrew Baker, and Jay Beale analyze traffic from real attacks to demonstrate the best practices for implementing the most powerful Snort features.

Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems Author: Chris Sanders Publisher: No Starch Press Year: 2007 Pages: 192 Amazon's book description: t's easy enough to install Wireshark and begin capturing packets off the wire--or from the air. But how do you interpret those packets once you've captured them? And how can those packets help you to better understand what's going on under the hood of your network? Practical Packet Analysis shows how to use Wireshark to capture and then analyze packets as you take an indepth look at real-world packet analysis and network troubleshooting.

Wireshark & Ethereal Network Protocol Analyzer Toolkit Author: Angela Orebaugh, Gilbert Ramirez, Jay Beale Publisher: Syngress Year: 2006 Pages: 552 Amazon's book description: This book provides complete information and step-by-step Instructions for analyzing protocols and network traffic on Windows, Unix or Mac OS X networks. First, readers will learn about the types of sniffers available today and see the benefits of using Ethereal. Readers will then learn to install Ethereal in multiple environments including Windows, Unix and Mac OS X as well as building Ethereal from source and will also be guided through Ethereals graphical user interface. The following sections will teach readers to use command-line options of Ethereal as well as using Tethereal to capture live packets from the wire or to read saved capture files. This section also details how to import and export files between Ethereal and WinDump, Snort, Snoop, Microsoft Network Monitor, and EtherPeek.

Security Log Management: Identifying Patterns in the Chaos Author: Jacob Babbin, Dave Kleiman, Everett F. Carter Jr., Jeremy Faircloth, Mark Burnett, Esteban Gutierrez Publisher: Syngress Year: 2006 Pages: 350 Amazon's book description: This book teaches IT professionals how to analyze, manage, and automate their security log files to generate useful, repeatable information that can be use to make their networks more efficient and secure using primarily open source tools. The book begins by discussing the Top 10 security logs that every IT professional should be regularly analyzing. These 10 logs cover everything from the top workstations sending/receiving data through a firewall to the top targets of IDS alerts.

Intrusion Prevention Fundamentals Author: Earl Carter, Jonathan Hogue Publisher: Cisco Press Year: 2006 Pages: 312 Amazon's book description: Intrusion Prevention Fundamentals offers an introduction and in-depth overview of Intrusion Prevention Systems (IPS) technology. Using real-world scenarios and practical case studies, this book walks you through the lifecycle of an IPS project–from needs definition to deployment considerations. Implementation examples help you learn how IPS works, so you can make decisions about how and when to use the technology and understand what “flavors” of IPS are available.

Honeypots for Windows Author: Roger A. Grimes Publisher: Apress Year: 2005 Pages: 424 Amazon's book description: The Book will cover installing, configuring, and maintaining security Honeypots on Windows platforms. The Book will specifically cover the popular open source Honeypot product called honeyd, and summarize other commercial Honeypot solutions. There are no computer security books covering Honeypots (or IDSs) as they run on Windows platforms.

Snort Cookbook Author: Angela Orebaugh, Simon Biles, Jacob Babbin Publisher: O'Reilly Media Year: 2005 Pages: 400 Amazon's book description: If you are a network administrator, you're under a lot of pressure to ensure that mission-critical systems are completely safe from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is an essential--but often overwhelming--challenge. Snort, the defacto open source standard of intrusion detection tools, is capable of performing real-time traffic analysis and packet logging on IP network. It can perform protocol analysis, content searching, and matching. Snort can save countless headaches; the new Snort Cookbook will save countless hours of sifting through dubious online advice or wordy tutorials in order to leverage the full power of SNORT.

Nessus, Snort, & Ethereal Power Tools: Customizing Open Source Security Applications Author: Neil Archibald, Gilbert Ramirez, Noam Rathaus, Josh Burke, Brian Caswell, Renaud Deraison Publisher: Syngress Year: 2005 Pages: 445 Amazon's book description: This book will cover customizing Snort to perform intrusion detection and prevention; Nessus to analyze the network layer for vulnerabilities; and Ethereal to sniff their network for malicious or unusual traffic. The book will also contain an appendix detailing the best of the rest open source security tools.

Intrusion Prevention and Active Response: Deploying Network and Host IPS Author: Michael Rash, Angela D. Orebaugh, Graham Clark, Becky Pinkard, Jake Babbin Publisher: Syngress Year: 2005 Pages: 424 Amazon's book description: This book provides an introduction to the field of Intrusion Prevention and provides detailed information on various IPS methods and technologies. Specific methods are covered in depth, including both network and host IPS and response technologies such as port deactivation, firewall/router network layer ACL modification, session sniping, outright application layer data modification, system call interception, and application shims.

Host Integrity Monitoring Using Osiris and Samhain Author: Brian Wotring, Bruce Potter, Marcus Ranum Publisher: Syngress Year: 2005 Pages: 450 Amazon's book description: This book will walk the reader through the process of preparing and deploying open source host integrity monitoring software, specifically, Osiris and Samhain. From the configuration and installation to maintenance, testing, and fine-tuning, this book will cover everything needed to correctly deploy a centralized host integrity monitoring solution. The domain includes home networks on up to large-scale enterprise environments.

Microsoft Log Parser Toolkit Author: Gabriele Giuseppini, Mark Burnett, Jeremy Faircloth, Dave Kleiman Publisher: Syngress Year: 2005 Pages: 350 Amazon's book description: Written by Microsoft's Log Parser developer, this is the first book available on Microsoft's popular yet undocumented log parser tool. The book and accompanying Web site contain hundreds of customized, working scripts and templates that system administrators will find invaluable for analyzing the log files from Windows Server, Snort IDS, ISA Server, IIS Server, Exchange Server, and other products.

Managing Security with Snort and IDS Tools Author: Christopher Gerg, Kerry J. Cox Publisher: O'Reilly Media Year: 2004 Pages: 304 Amazon's book description: Intrusion detection is not for the faint at heart. But, if you are a network administrator chances are you're under increasing pressure to ensure that mission-critical systems are safe--in fact impenetrable--from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is a vital but daunting challenge. Because of this, a plethora of complex, sophisticated, and pricy software solutions are now available. In terms of raw power and features, SNORT, the most commonly used Open Source Intrusion Detection System, (IDS) has begun to eclipse many expensive proprietary IDSes.

The Tao of Network Security Monitoring: Beyond Intrusion Detection Author: Richard Bejtlich Publisher: Addison-Wesley Professional Year: 2004 Pages: 832 Amazon's book description: The book you are about to read will arm you with the knowledge you need to defend your network from attackers—both the obvious and the not so obvious....If you are new to network security, don't put this book back on the shelf! This is a great book for beginners and I wish I had access to it many years ago. If you've learned the basics of TCP/IP protocols and run an open source or commercial IDS, you may be asking 'What's next?' If so, this book is for you.