wiley-logo-sm.gif
> wiley.com

INTRUSION DETECTION: NETWORK SECURITY BEYOND THE FIREWALL

Terry Escamilla

Welcome

This is the companion Web site for a new, practical book about intrusion detection. Here you will find interesting links to intrusion detection information as well as updates to the material in the book. You can use this site to learn more about this exciting topic, keep up with rapidly changing information on IDSs, and get the latest news on intrusion detection systems (IDSs). If you're interested in gaining an understanding of what an IDS can do for you, jump to one of the following Web sites to order the book: Amazon, Computer Literacy, or John Wiley & Sons

Don't forget that a portion of the royalties for this book go to the National Children's Advocacy Center

Table of Contents

Part 1: Before Intrusion Detection: Traditional Computer Security

1. Intrusion Detection and the Classic Security Model; 2. The Role of Identification and Authentication in Your Environment; 3. The Role of Access Control in Your Environment; 4. Traditional Network Security Approaches

Part 2: Intrusion Detection: Beyond Traditional Security

5. Intrusion Detection and Why You Need It; 6. Detecting Intruders on Your System Is Fun and Easy; 7. Vulnerability Scanners; 8. UNIX System-Level IDSs; 9. Sniffing for Intruders; 10. Intrusion Detection for NT

Part 3: Maintaining a Safe Environment

11. You've Been Hit!; 12. Intrusion Detection: Not the Last Chapter When It Comes to Security; Appendix; References

Conferences

Computer Security Resource Clearinghouse A NIST site that contains comprehensive listings of upcoming computer security conferences and workshops.

Recent Advances in Intrusion Detection 98 Check out the Conference Program for more details.

Intrusion Detection Systems Mailing List

IDS mailing list archives.

Links to Companies and Products Mentioned in the Book

IBM Security Products
Security offerings by the world's largest hardware and software company. Provides top notch remote intrusion detection services which you can learn about at the Emergency Response Service site.

Network Associates
Offers Stalker, the award winning Unix system level IDS, the TIS Gauntlet Firewall, the network auditing IDS CyberCop (Ballista) , and other products in the Total Network Security family. Check out the vulnerability research lab.

Cross-Site for Security
A security product which includes an IDS component with some interesting features. Developed by Tivoli.

Internet Security Systems (ISS)
A leading provider of IDSs for Unix and NT systems. RealSecure is a real time network IDS for Unix and NT. Internet Scanner and System Security Scanner perform vulnerability checking of your systems. Visit the X-Force hacker research team pages. Sign up to join security mailing lists, too.

Centrax
Provides system level and scanner IDSs in its eNTrax. Also offers the complementary CAST tool for configuring audit policies across multiple NT systems. Centrax has a very talented team of intrusion detection experts.

Secure Networks, Inc.
Makers of Ballista and a great group of security detectives who uncover flaws in numerous products. Now part of Network Associates.

Security Dynamics, Inc.
Famous for identification and authentication token devices and servers, such as the ACE Server. Parent company of the leading crypto provider RSA, Inc. and Intrusion Detection, Inc.

Intrusion Detection, Inc.
Develops Kane Security Monitor, an audit trail analyzer for NT, and the Develops Kane Security Analyst, a scanner IDS for NT. Now part of Security Dynamics, Inc.

Memco Software, Inc.
Provides one of the best access control products to date - SeOS, along with several other interesting security tools. Soon to be acquired by Platinum.

Axent
Offers Intruder Alert (ITA), a real time IDS that runs across a wide range for platforms. Check out the security experts on their SWAT team.

Network Flight Recorder
Makers of (you guessed it) Network Flight Recorder. This is one heck of a product for network traffic analysis and monitoring. Available with popular IDS attack signature monitoring.

Abirnet
Developers of SessionWall, a quality network level IDS.

Cisco
A leading network solutions provider and the market leader in router products. Purchased the WheelGroup and now markets security solutions including NetRanger, a network IDS, and NetSonar, a vulnerability scanner. Both products were developed by a team with intense, real world experience in intrusion detection.

Checkpoint
The leading provider of firewalls in today's marketplace.

Cygnus
A respected provider of commerical Kerberos implementations.

Cybersafe
Another major provider of commerical Kerberos implementations.

Favorite Links

DEF CON - The annual hackers conference information page.
COAST Hotlist - START HERE!
The most thorough collection of security related links available. Don't bother to maintain your own list, just add this link to your bookmarks.
COAST Public Library
Comprehensive download site for papers and public domain tools.
NT BUGTRAQ
The site for information on NT security bugs and fixes.
The L0pht
Some of the best security problems discovered, documented, and proved in source code by some of the best programmers around.
Unix Host and Network Security Tools
Another site where you can download public domain tools and papers for intrusion detection and for computer security in general.
rootshell
Cracking tools and exploits to test the weaknesses of your systems.
Geek Girl
Lots of security info and host of the IDS mailing list archive.
rootshell
National Computer Security Association . You'll find papers, evaluated products, lots of hot links, and general security information.
SOCKS V5
A good site for those interested in understanding how SOCKS can be used to implement firewalls.
W3C Security
Plenty of papers to read about Web security standards and proposed standards.

Research

COAST
A leading research IDS program since before the Morris Worm. Several papers are available for downloading. This is where public domain tools such as COPS and TRIPWIRE originated.
UC Davis
Another leading IDS research program with dozens of papers available for download. Be sure to read the historical work on DIDS.
Common Intrusion Detection Framework (CIDF)
An active DARPA-funded research program trying to link together different types of IDSs. CIDF research is being carried out by many people at several different sites.
SRI
The site where much of the IDS work began. Here you will find many historical papers on early IDS research as well as newer information at the next two links.
NIDES
One of the SRI projects with roots in early IDS research. Go here to get the latest on a project that draws from some of the most experienced IDS knowledge around.
Emerald
One of the most impressive IDS projects in research today. Headed by Neumann, this project promises to clarify a number of IDS issues.
Information Warfare Links
A new Yahoo link that contains pointers to a wealth of knowledge about information warfare - an intriguing topic about a very real threat.

FTP Sites for More Background Papers on Computer Security

Kerberos
Get the source, compiled binaries for popular platforms, papers, and documentation for Kerberos V5. Check out the FAQ for a quick introduction.
AT&T
Download papers about network security from Morris, Bellovin, Cheswick, and others. Plenty of security software (and other research prototypes) to fill up your hard disk.
RFCs
Make sure you read the important RFCs on IPsec, TCP/IP, NFS, FTP, RADIUS, TACACS, digital signatures, and dozens of others. These RFCs describe important security information which hackers know to the last detail.

Incident Response Centers

Contact one of these sites if you think you have been hit or are being targeted for attacks.

CERT
Computer Emergency Response Team (in the US). Check out this site for other links for your geography. Be sure to sign up for regular notices and summaries.
FIRST
Forum of Incident Response Teams. Actually, its membership is composed of several independent response teams. Familiarize yourself with the FIRST links and processes so that you will know what to do when hit.
IBM Emergency Response Service
Visit this site to learn about outsourcing your security monitoring needs to the experts.
 
Cover

  ISBN 0-471-29000-9
368 pages
October 1998

Wiley Computer Publishing
Timely. Practical. Reliable.