INTRUSION DETECTION: NETWORK
SECURITY BEYOND THE FIREWALL
Terry Escamilla
Welcome
This is the companion Web site
for a new, practical book about intrusion detection. Here you will find
interesting links to intrusion detection information as well as updates
to the material in the book. You can use this site to learn more about
this exciting topic, keep up with rapidly changing information on IDSs,
and get the latest news on intrusion detection systems (IDSs). If you're
interested in gaining an understanding of what an IDS can do for you,
jump to one of the following Web sites to order the book: Amazon,
Computer Literacy, or John
Wiley & Sons
Don't forget that a portion of
the royalties for this book go to the National
Children's Advocacy Center
Table of Contents
Part 1: Before Intrusion Detection:
Traditional Computer Security
1. Intrusion Detection and the
Classic Security Model; 2. The Role of Identification and Authentication
in Your Environment; 3. The Role of Access Control in Your Environment;
4. Traditional Network Security Approaches
Part 2: Intrusion Detection:
Beyond Traditional Security
5. Intrusion Detection and Why
You Need It; 6. Detecting Intruders on Your System Is Fun and Easy; 7.
Vulnerability Scanners; 8. UNIX System-Level IDSs; 9. Sniffing for Intruders;
10. Intrusion Detection for NT
Part 3: Maintaining a Safe
Environment
11. You've Been Hit!; 12. Intrusion
Detection: Not the Last Chapter When It Comes to Security; Appendix; References
Conferences
Computer
Security Resource Clearinghouse A NIST site that contains comprehensive
listings of upcoming computer security conferences and workshops.
Recent
Advances in Intrusion Detection 98 Check out the Conference Program
for more details.
Intrusion Detection Systems Mailing
List
IDS mailing list archives.
Links to Companies and Products
Mentioned in the Book
- IBM
Security Products
- Security offerings by the world's
largest hardware and software company. Provides top notch remote intrusion
detection services which you can learn about at the Emergency
Response Service site.
- Network
Associates
- Offers
Stalker, the award winning Unix system level IDS, the TIS
Gauntlet Firewall, the network auditing IDS CyberCop
(Ballista) , and other products in the
Total Network Security family. Check out the
vulnerability research lab.
- Cross-Site
for Security
- A security product which includes
an IDS component with some interesting features. Developed by Tivoli.
- Internet
Security Systems (ISS)
- A leading provider of IDSs
for Unix and NT systems. RealSecure
is a real time network IDS for Unix and NT. Internet
Scanner and System Security
Scanner perform vulnerability checking of your systems. Visit the
X-Force hacker research team
pages. Sign up to join security mailing
lists, too.
- Centrax
- Provides system level and scanner
IDSs in its eNTrax.
Also offers the complementary CAST
tool for configuring audit policies across multiple NT systems. Centrax
has a very talented team of intrusion detection experts.
- Secure
Networks, Inc.
- Makers of Ballista and a great
group of security detectives who uncover flaws in numerous products.
Now part of Network Associates.
- Security
Dynamics, Inc.
- Famous for identification and
authentication token devices and servers, such as the ACE Server. Parent
company of the leading crypto provider RSA,
Inc. and Intrusion Detection, Inc.
- Intrusion
Detection, Inc.
- Develops
Kane Security Monitor, an audit trail analyzer for NT, and the Develops
Kane Security
Analyst, a scanner IDS for NT. Now part of Security
Dynamics, Inc.
- Memco
Software, Inc.
- Provides one of the best access
control products to date - SeOS,
along with several other interesting security tools. Soon to be acquired
by Platinum.
- Axent
- Offers Intruder
Alert (ITA), a real time IDS that runs across a wide range for platforms.
Check out the security experts on their SWAT
team.
- Network
Flight Recorder
- Makers of (you guessed it)
Network Flight
Recorder. This is one heck of a product for network traffic analysis
and monitoring. Available with popular IDS attack signature monitoring.
- Abirnet
- Developers of SessionWall,
a quality network level IDS.
- Cisco
- A leading network solutions
provider and the market leader in router products. Purchased the WheelGroup
and now markets security
solutions including NetRanger, a network IDS, and NetSonar, a vulnerability
scanner. Both products were developed by a team with intense, real world
experience in intrusion detection.
- Checkpoint
- The leading provider of firewalls
in today's marketplace.
- Cygnus
- A respected provider of commerical
Kerberos implementations.
- Cybersafe
- Another major provider of commerical
Kerberos implementations.
Favorite Links
- DEF
CON - The annual hackers conference information page.
- COAST
Hotlist - START HERE!
- The most thorough collection
of security related links available. Don't bother to maintain your own
list, just add this link to your bookmarks.
- COAST
Public Library
- Comprehensive download site
for papers and public domain tools.
- NT
BUGTRAQ
- The site for information
on NT security bugs and fixes.
- The
L0pht
- Some of the best security problems
discovered, documented, and proved in source code by some of the best
programmers around.
- Unix
Host and Network Security Tools
- Another site where you can
download public domain tools and papers for intrusion detection and
for computer security in general.
- rootshell
- Cracking tools and exploits
to test the weaknesses of your systems.
- Geek
Girl
- Lots of security info and host
of the IDS mailing list archive.
- rootshell
- National Computer Security
Association . You'll find papers, evaluated products, lots of hot links,
and general security information.
- SOCKS
V5
- A good site for those interested
in understanding how SOCKS can be used to implement firewalls.
- W3C
Security
- Plenty of papers to read about
Web security standards and proposed standards.
Research
- COAST
- A leading research IDS program
since before the Morris Worm. Several papers are available for downloading.
This is where public domain tools such as COPS and TRIPWIRE originated.
- UC
Davis
- Another leading IDS research
program with dozens of papers available for download. Be sure to read
the historical work on DIDS.
- Common
Intrusion Detection Framework (CIDF)
- An active DARPA-funded research
program trying to link together different types of IDSs. CIDF research
is being carried out by many people at several different sites.
- SRI
- The site where much of the
IDS work began. Here you will find many historical papers on early IDS
research as well as newer information at the next two links.
- NIDES
- One of the SRI projects with
roots in early IDS research. Go here to get the latest on a project
that draws from some of the most experienced IDS knowledge around.
- Emerald
- One of the most impressive
IDS projects in research today. Headed by Neumann, this project promises
to clarify a number of IDS issues.
- Information
Warfare Links
- A new Yahoo link that contains
pointers to a wealth of knowledge about information warfare - an intriguing
topic about a very real threat.
FTP Sites for More Background
Papers on Computer Security
- Kerberos
- Get the source, compiled binaries
for popular platforms, papers, and documentation for Kerberos V5. Check
out the FAQ for a quick introduction.
- AT&T
- Download papers about network
security from Morris, Bellovin, Cheswick, and others. Plenty of security
software (and other research prototypes) to fill up your hard disk.
- RFCs
- Make sure you read the important
RFCs on IPsec, TCP/IP, NFS, FTP, RADIUS, TACACS, digital signatures,
and dozens of others. These RFCs describe important security information
which hackers know to the last detail.
Incident Response Centers
Contact one of these sites if
you think you have been hit or are being targeted for attacks.
- CERT
- Computer Emergency Response
Team (in the US). Check out this site for other links for your geography.
Be sure to sign up for regular notices and summaries.
- FIRST
- Forum of Incident Response
Teams. Actually, its membership is composed of several independent response
teams. Familiarize yourself with the FIRST links and processes so that
you will know what to do when hit.
- IBM
Emergency Response Service
- Visit this site to learn about
outsourcing your security monitoring needs to the experts.
|
|
ISBN 0-471-29000-9
368 pages
October 1998
Wiley
Computer Publishing
Timely. Practical. Reliable.
|