By Michael Rash, Angela Orebaugh, Graham Clark, Becky Pinkard, Jake Babbin, Fyodor (Technical Reviewer)
HIGHLIGHT
Corporate spending for Intrusion Prevention systems increased dramatically by 11% in the last quarter of 2004 alone, and astronomical growth is predicted over the next 3 years. Intrusion Prevention and Active Response is the first book specifically covering this topic which, in the opinion of many, represents the future of the information security industry. (*Source: Infonetics Research's market share and forecast report) |
The first book to cover Intrusion Prevention (IP) systems
Date: Feb 2005
Pages: 416 (est.)
User level: All |
DESCRIPTION
This book provides an introduction to the field of Intrusion Prevention and provides detailed information on various IPS methods and technologies. Specific methods are covered in depth, including both network and host IPS and response technologies such as port deactivation, firewall/router network layer ACL modification, session sniping, outright application layer data modification, system call interception, and application shims.
KEY
SELLING POINTS
- Corporate spending for Intrusion Prevention systems increased dramatically by 11% in the last quarter of 2004 alone.
- Lead author, Michael Rash, is well respected in the IPS Community, having authored FWSnort, which greatly enhances the intrusion prevention capabilities of the market-leading Snort IDS.
- Syngress published the best-selling books for IDS (Snort Intrusion Detection, and Snort 2.1 Intrusion Detection), and Attack Response and Intrusion Prevention will be the first book published for an IT Community primed for the transition from intrusion detection to intrusion prevention.
MARKET
INFORMATION
According to Infonetics Research Worldwide intrusion detection and prevention system (IDS/IPS) product revenue resumed growth in 3Q03, increasing 11% to $116 million from 2Q03, and it will grow 25% to $145 million by 3Q04. By 2006, annual revenue is expected to hit $924 million.
ABOUT
THE AUTHOR
Michael Rash has a master's degree in applied mathematics with a concentration in computer security from the University of Maryland, and has over seven years industry experience developing and administering security software for DIGEX, USinternetworking, and Enterasys Networks. He is a frequent contributor to open source security projects such as Bastille Linux and the Netfilter Project, and has written security articles for Sys Admin Magazine, Information Security Magazine, and the Linux Journal. Michael co-authored the book Snort-2.1 Intrusion Detection (Syngress Publishing, ISBN: 1931836043) and is the creator of FWSnort and PSAD; two open source security applications that are designed to tear down the boundaries between Netfilter and the Snort Intrusion Detection System.
Angela Orebaugh is a Senior Scientist in the Advanced Technology Research Center of Sytex, Inc. where she works with a specialized team to advance the state of the art in information systems security. She has over 10 years experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. She has a Masters in Computer Science, and is currently pursuing her Ph.D. with a concentration in Information Security at George Mason University. Angela is the author of the Syngress best seller Ethereal Packet Sniffing (ISBN: 1932266828). She has also contributed to Network Perimeter Security: The Definitive Guide to Firewalls, VPNs, Routers, and Network Intrusion Detection and the IT Ethics Handbook. Angela is a researcher, writer, and speaker for SANS Institute, where she has helped to develop and revise SANS course material and also serves as the Senior Coach for the SANS Local Mentor Program and SANS@Home. She holds several professional
certifications including CISSP, GCIA, GCFW, GCIH, GSEC, CCNA.
Graham Clark is a Software Engineer working for Enterasys Networks, Inc. as a member of the Dragon team. Dragon is a well-known and well-established network intrusion detection system. Graham's main interests and responsibilities are host-based intrusion detection and prevention. He is the author of the web-server intrusion prevention capability that Dragon Host Sensor offers in its 7.0 release. Previously, Graham focused on abstract performance modeling of computers and networks, and holds a PhD in Computer Science from the University of Edinburgh, Scotland. He lives in Maryland with his wife, Leah.
Becky Pinkard (CCSA, CCNA, GCIA) has worked in the information technology industry for over 10 years. She is currently a senior security analyst with a financial services company where she is fortunate enough to work with security technology on a daily basis. Becky's main areas of interest are intrusion detection, pen testing, vulnerability assessments, risk management, and forensics. She is a SANS Certified Instructor and has taught for the SANS Institute since 2001. She participated on the Strategic Advisory Council for the Center for Internet Security where she edited the first draft of the CIS Windows NT benchmark. Becky holds a bachelor's degree from Texas A&M University and is a member of the North Texas chapter of InfraGard.
TECHNOLOGY
BACKGROUND
There are several technologies that provide active response or Intrusion Prevention capabilities, and many of them are free and released as open source implementations. Examples include FWSnort, Snort_inline, Apache mod_security, LIDS, and the NSA SElinux (which is not an IPS in the classical signature matching sense, but provides an implementation of Mandatory Access Control enforced by at the kernel level, and hence prevents intrusions much more effectively than many security technologies including those provided by IPS). With the exploding interest in intrusion prevention this book provides a targeted introduction specifically for these technologies and will give security administrators some much needed guidance. The topic of false positives is also covered and why the problems associated with false positives can be greatly magnified by deploying and IPS. |
