CHAPTER 27

INTRUSION DETECTION AND INTRUSION PREVENTION DEVICES

Rebecca Gurley Bace

27.1 SECURITY BEHIND THE FIREWALL

27.1.1 What Is Intrusion Detection?

27.1.2 What Is Intrusion Prevention?

27.1.3 Where Do Intrusion Detection and Intrusion Prevention Fit in Security Management?

27.1.4 Brief History of Intrusion Detection

27.2 MAIN CONCEPTS

27.2.1 Process Structure

27.2.2 Monitoring Approach

27.2.3 Intrusion Detection Architecture

27.2.4 Monitoring Frequency

27.2.5 Analysis Strategy

27.3 INTRUSION PREVENTION

27.3.1 Intrusion Prevention System Architecture

27.3.2 Intrusion Prevention Analysis Strategy

27.4 INFORMATION SOURCES

27.4.1 Network Monitoring

27.4.2 Operating System Monitoring

27.4.3 Application Monitoring

27.4.4 Other Types of Monitoring

27.4.5 Issues in Information Sources

27.5 ANALYSIS SCHEMES

27.5.1 Misuse Detection

27.5.2 Anomaly Detection

27.5.3 Hybrid Approaches

27.5.4 Issues in Analysis

27.6 RESPONSE

27.6.1 Passive Responses

27.6.2 Active Responses: Man-in-the-Loop and Autonomous

27.6.3 Automated Response Goals

27.6.4 Investigative Support

27.6.5 Issues in Responses

27.7 NEEDS ASSESSMENT AND PRODUCT SELECTION

27.7.1 Matching Needs to Features

27.7.2 Specific Scenarios

27.7.3 Integrating IDS Products with Your Security Infrastructure

27.7.4 Deployment of IDS Products

27.8 CONCLUSION

27.9 FURTHER READING

27.10 NOTES

27.1 SECURITY BEHIND THE FIREWALL.

Even today, when asked how they would go about securing a computer or computer network, most people mention firewalls, ...