Network intrusion detection : an analyst's handbook

Written to be both a training aid and a technical reference for intrusion detection analysts, Northcutt's book contains unparalleled, practical experience that can't be found anywhere else. With detailed explanations and illustrative examples from his own career, Northcutt covers the topic completely, from detect evaluation, analysis, and situation handling, through the theories involved in understanding hackers, intelligence gathering, and coordinated attacks, to an arsenal of preventive and aggressive security measures. Ideal for the serious security analyst, Network Intrusion Detection: An Analyst's Handbook is the tool that puts you in full control of your network's security.

1. Mitnick Attack. Exploiting TCP. Detecting the Mitnick Attack. Preventing the Mitnick Attack. Summary. 2. Introduction to Filters and Signatures. Filtering Policy. Signatures. Filter Examples. Policy Issues Related to Targeting Filters. Summary. 3. Architectural Issues. Events of Interest. Limits to Observation. Low-Hanging Fruit Paradigm. Human Factors Limit Detects. Severity. Countermeasures. Sensor Placement. Outside Firewall. Push/Pull. Analyst Console. Host- or Network- Based Intrusion Detection. Summary. 4. Interoperability and Correlation. Multiple Solutions Working Together. Commercial IDS Interoperability Solutions. Correlation. SQL Databases. Summary. 5. Network-Based Intrusion Detection Solutions. Commercial Tools. MS Windows-Capable Systems. UNIX-Based Systems. GOTS. Evaluating Intrusion Detection Systems. Lincoln Labs Approach. Summary. 6. Detection of Exploits. False Positives. IMAP Exploits. Exploit Ports with SYN/FIN Set. Scans to Apply Exploits. Single Exploit, portmap. Summary. 7. Denial of Service. Commonly Detected Denial-of-Service Traces. Rarely Seen Well- Known Programs. Summary. 8. Intelligence Gathering Techniques. Network and Host Mapping. NetBIOS Specific Traces. Stealth Attacks. Summary. 9. Introduction to Hacking. Christmas Eve 1998. Where Attackers Shop. Communications Network. Anonymity. Summary. 10. Coordinated Attacks. Coordinated Traceroutes. NetBIOS Deception. RESETs and More RESETs. SFRP Scans. Target-Based Analysis. Summary. 11. Additional Tools. eNTrax. CMDS 4.0. tripwire. nmap. Summary. 12. Risk Management and Intrusion Detection. Intrusion Detection in a Security Model. Defining Risk. Risk. Defining the Threat. Risk Management Is Dollar Driven. How Risky Is a Risk? Summary. 13. Automated and Manual Response. Automated Response. Honeypot. Manual Response. Summary. 14. Business Case for Intrusion Detection. Part One: Management Issues. Part Two: Threats and Vulnerabilities. Part Three: Tradeoffs and Recommended Solutions. Summary. 15. Future Directions. Increasing Threat. Cyber Terrorism and Y2K. Trusted Insider. Improved Response. The Virus Industry Revisited. Hardware-Based ID. Defense in Depth. Program-Based ID. PDD63. Smart Auditors.