?? ewtoc.html
字號:
<font face="arial, helvetica" size=2><b>Search this book:</b></font><br>
<INPUT NAME="queryText" size=50 VALUE=""> <input type="submit" name="submitbutton" value="Go!">
<INPUT type=hidden NAME="section_on" VALUE="on">
<INPUT type=hidden NAME="section" VALUE="http://www.itknowledge.com/reference/standard/0471290009/">
</form>
<!-- Empty Reference Subhead -->
<!--ISBN=0471290009//-->
<!--TITLE=Intrusion Detection: Network Security Beyond the Firewall//-->
<!--AUTHOR=Terry Escamilla//-->
<!--PUBLISHER=John Wiley & Sons, Inc.//-->
<!--IMPRINT=Wiley Computer Publishing//-->
<!--CHAPTER=0//-->
<!--PAGES=0//-->
<!--UNASSIGNED1//-->
<!--UNASSIGNED2//-->
<DL>
<FONT SIZE="4"><B>
<DD><A HREF="index.html">Introduction</A>
<DD><A HREF="about.html">Preface</A>
<DD><A HREF="about_author.html">Acknowledgments</A>
</B></FONT>
<BR>
<BR><DD><A HREF="ch01/001-005.html"><FONT SIZE="4"><B>PART 1—Before Intrusion Detection: Traditional Computer Security</B></FONT></A>
<DL>
<DD><A HREF="ch01/001-005.html#Heading1"><FONT SIZE="4"><B>Chapter 1—Intrusion Detection and the Classic Security Model</B></FONT></A>
<FONT SIZE="3"><B>
<DL>
<DD><A HREF="ch01/001-005.html#Heading2">Back to Basics: The Classic Security Model</A>
<DD><A HREF="ch01/001-005.html#Heading3">Goals of Computer Security</A>
<DD><A HREF="ch01/005-007.html#Heading4">Learn to Ask Tough Questions</A>
<DD><A HREF="ch01/007-009.html#Heading5">A Basic Computer Security Model</A>
<DL>
<DD><A HREF="ch01/010-012.html#Heading6">The Reference Monitor</A>
<DD><A HREF="ch01/012-015.html#Heading7">What Makes a Good Reference Monitor</A>
</DL>
<DD><A HREF="ch01/012-015.html#Heading8">Enhancing the Security Model Further</A>
<DL>
<DD><A HREF="ch01/012-015.html#Heading9">Identification and Authentication (I&A)</A>
<DD><A HREF="ch01/017-019.html#Heading10">Access Control</A>
<DD><A HREF="ch01/019-022.html#Heading11">Auditing</A>
</DL>
<DD><A HREF="ch01/019-022.html#Heading12">Classifying Security Products with a Nod to Intrusion Detection</A>
<DL>
<DD><A HREF="ch01/019-022.html#Heading13">Identification and Authentication</A>
<DD><A HREF="ch01/019-022.html#Heading14">Access Control</A>
<DD><A HREF="ch01/022-025.html#Heading15">Scanners</A>
<DD><A HREF="ch01/022-025.html#Heading16">Intrusion Detection and Monitoring</A>
<DD><A HREF="ch01/022-025.html#Heading17">Additional Product Differences</A>
</DL>
<DD><A HREF="ch01/025-028.html#Heading18">Prevention, Detection, and Response with Intrusion Detection</A>
<DD><A HREF="ch01/025-028.html#Heading19">Where to Go from Here</A>
</DL>
</B></FONT>
<DD><A HREF="ch02/029-031.html#Heading1"><FONT SIZE="4"><B>Chapter 2—The Role of Identification and Authentication in Your Environment</B></FONT></A>
<FONT SIZE="3"><B>
<DL>
<DD><A HREF="ch02/029-031.html#Heading2">Identification and Authentication in UNIX</A>
<DL>
<DD><A HREF="ch02/029-031.html#Heading3">Users and Groups</A>
<DD><A HREF="ch02/031-034.html#Heading4">Superuser</A>
<DD><A HREF="ch02/031-034.html#Heading5">What Are the Subjects in UNIX?</A>
<DD><A HREF="ch02/031-034.html#Heading6">UNIX Login</A>
<DD><A HREF="ch02/034-036.html#Heading7">UNIX Password Mechanism</A>
<DD><A HREF="ch02/036-038.html#Heading8">Storing Passwords in a Central Server</A>
</DL>
<DD><A HREF="ch02/038-041.html#Heading9">Identification and Authentication in NT</A>
<DL>
<DD><A HREF="ch02/038-041.html#Heading10">Users and Groups in NT</A>
<DD><A HREF="ch02/038-041.html#Heading11">Subjects in NT</A>
<DD><A HREF="ch02/038-041.html#Heading12">NT Login Security</A>
<DD><A HREF="ch02/041-044.html#Heading13">NT Authentication Using a Domain Controller</A>
</DL>
<DD><A HREF="ch02/041-044.html#Heading14">How Hackers Exploit Weaknesses in Password Security</A>
<DL>
<DD><A HREF="ch02/041-044.html#Heading15">Easily Guessed Passwords</A>
<DD><A HREF="ch02/044-046.html#Heading16">Brute Force Attacks</A>
<DD><A HREF="ch02/046-049.html#Heading17">Social Engineering</A>
<DD><A HREF="ch02/049-051.html#Heading18">Trojan Horses</A>
<DD><A HREF="ch02/049-051.html#Heading19">Network Sniffing</A>
<DD><A HREF="ch02/049-051.html#Heading20">Electromagnetic Emissions Monitoring</A>
<DD><A HREF="ch02/049-051.html#Heading21">Software Bugs</A>
</DL>
<DD><A HREF="ch02/051-052.html#Heading22">Improving upon I&A with Authentication Servers</A>
<DL>
<DD><A HREF="ch02/051-052.html#Heading23">Third-Party Authentication</A>
<DD><A HREF="ch02/053-055.html#Heading24">A Cryptography Primer</A>
</DL>
<DD><A HREF="ch02/069-072.html#Heading25">Ideas for Improving I&A Security</A>
<DL>
<DD><A HREF="ch02/072-074.html#Heading26">One-Time Passwords</A>
<DD><A HREF="ch02/072-074.html#Heading27">Strong Authentication</A>
<DD><A HREF="ch02/072-074.html#Heading28">One-Time Passwords and One-Time Pads</A>
<DD><A HREF="ch02/072-074.html#Heading29">Two-Factor Authentication</A>
<DD><A HREF="ch02/077-080.html#Heading30">Challenge-Response Authentication</A>
</DL>
<DD><A HREF="ch02/077-080.html#Heading31">The Need for Intrusion Detection</A>
<DL>
<DD><A HREF="ch02/077-080.html#Heading32">Biometrics</A>
</DL>
</DL>
</B></FONT>
<DD><A HREF="ch03/081-083.html#Heading1"><FONT SIZE="4"><B>Chapter 3—The Role of Access Control in Your Environment</B></FONT></A>
<FONT SIZE="3"><B>
<DL>
<DD><A HREF="ch03/081-083.html#Heading2">Configuration Problems</A>
<DD><A HREF="ch03/081-083.html#Heading3">Program Bugs</A>
<DD><A HREF="ch03/083-086.html#Heading4">What Is Access Control?</A>
<DL>
<DD><A HREF="ch03/083-086.html#Heading5">How Are Access Control Decisions Made?</A>
<DD><A HREF="ch03/086-088.html#Heading6">Access Control Lists</A>
<DD><A HREF="ch03/086-088.html#Heading7">Who Are You?</A>
</DL>
<DD><A HREF="ch03/086-088.html#Heading8">Access Control in UNIX</A>
<DL>
<DD><A HREF="ch03/086-088.html#Heading9">Who Are You in the UNIX Environment?</A>
<DD><A HREF="ch03/088-092.html#Heading10">UNIX File and Directory Permissions</A>
<DD><A HREF="ch03/092-093.html#Heading11">Are You Remembering to Ask Tough Questions?</A>
<DD><A HREF="ch03/092-093.html#Heading12">Link Counts, Hard Links, and Symbolic Links</A>
<DD><A HREF="ch03/093-095.html#Heading13">Increasing Your Privileges or Capabilities</A>
<DD><A HREF="ch03/096-098.html#Heading14">Background Processes and Credentials</A>
</DL>
<DD><A HREF="ch03/096-098.html#Heading15">Access Control in NT</A>
<DL>
<DD><A HREF="ch03/096-098.html#Heading16">NT Rights and Privileges</A>
<DD><A HREF="ch03/096-098.html#Heading17">Who Are You in NT?</A>
<DD><A HREF="ch03/098-100.html#Heading18">Permissions for NT Files and Directories</A>
</DL>
<DD><A HREF="ch03/100-103.html#Heading19">How Hackers Get around Access Control</A>
<DD><A HREF="ch03/103-106.html#Heading20">How to Improve upon Access Control</A>
<DL>
<DD><A HREF="ch03/103-106.html#Heading21">Memco SeOS</A>
<DD><A HREF="ch03/106-108.html#Heading22">APIs</A>
<DD><A HREF="ch03/106-108.html#Heading23">Impact of SeOS on Base Operating System Security</A>
<DD><A HREF="ch03/106-108.html#Heading24">SeOS Auditing</A>
<DD><A HREF="ch03/108-111.html#Heading25">Other SeOS Features</A>
</DL>
<DD><A HREF="ch03/108-111.html#Heading26">Going beyond SeOS</A>
<DD><A HREF="ch03/108-111.html#Heading27">Why You Still Need Intrusion Detection</A>
</DL>
</B></FONT>
<DD><A HREF="ch04/113-116.html#Heading1"><FONT SIZE="4"><B>Chapter 4—Traditional Network Security Approaches</B></FONT></A>
<FONT SIZE="3"><B>
<DL>
<DD><A HREF="ch04/113-116.html#Heading2">Layers of Network Security</A>
<DL>
<DD><A HREF="ch04/116-119.html#Heading3">Security between Layers on a System</A>
<DD><A HREF="ch04/116-119.html#Heading4">Security between Peer Layers across Systems</A>
</DL>
<DD><A HREF="ch04/119-121.html#Heading5">I&A for Network Security Entities</A>
<DL>
<DD><A HREF="ch04/119-121.html#Heading6">How Hackers Exploit Protocols</A>
<DD><A HREF="ch04/119-121.html#Heading7">How Many Network Entities Are There?</A>
<DD><A HREF="ch04/121-124.html#Heading8">I&A for Users and Groups in a Network</A>
<DD><A HREF="ch04/121-124.html#Heading9">Security Models within Models</A>
<DD><A HREF="ch04/124-126.html#Heading10">Network Node I&A</A>
<DD><A HREF="ch04/124-126.html#Heading11">Software Can Be a Network Entity</A>
</DL>
<DD><A HREF="ch04/124-126.html#Heading12">Network Access Control</A>
<DL>
<DD><A HREF="ch04/124-126.html#Heading13">Network Application Access Controls</A>
<DD><A HREF="ch04/126-130.html#Heading14">The Importance of Naming</A>
</DL>
<DD><A HREF="ch04/126-130.html#Heading15">The Internet Protocol (IP)</A>
<DL>
<DD><A HREF="ch04/130-132.html#Heading16">Probing Network Paths</A>
<DD><A HREF="ch04/130-132.html#Heading17">Problems at the IP Layer</A>
<DD><A HREF="ch04/134-136.html#Heading18">Are Your Mission-Critical Applications Safe from Attacks?</A>
<DD><A HREF="ch04/136-139.html#Heading19">IPsec</A>
</DL>
<DD><A HREF="ch04/139-141.html#Heading20">Supporting Protocols for IP</A>
<DL>
<DD><A HREF="ch04/139-141.html#Heading21">Address Resolution Protocol (ARP)</A>
<DD><A HREF="ch04/139-141.html#Heading22">Domain Name System (DNS)</A>
<DD><A HREF="ch04/139-141.html#Heading23">Routing Interchange Protocol (RIP)</A>
</DL>
<DD><A HREF="ch04/141-143.html#Heading24">User Datagram Protocol (UDP)</A>
<DL>
<DD><A HREF="ch04/141-143.html#Heading25">Port Security</A>
<DD><A HREF="ch04/141-143.html#Heading26">UDP Security Concerns</A>
</DL>
<DD><A HREF="ch04/141-143.html#Heading27">Transmission Control Protocol (TCP)</A>
<DL>
<DD><A HREF="ch04/141-143.html#Heading28">TCP/IP Security Concerns</A>
</DL>
<DD><A HREF="ch04/143-146.html#Heading29">TCP/IP Application Security</A>
<DL>
<DD><A HREF="ch04/143-146.html#Heading30">Trusted Hosts</A>
</DL>
<DD><A HREF="ch04/146-148.html#Heading31">The Role of the Firewall in Traditional Security</A>
<DL>
<DD><A HREF="ch04/146-148.html#Heading32">What Is a Firewall?</A>
<DD><A HREF="ch04/146-148.html#Heading33">Packet Filters Provide Access Control Services</A>
<DD><A HREF="ch04/148-151.html#Heading34">Application Proxies Provide Access Control</A>
<DD><A HREF="ch04/148-151.html#Heading35">Firewalls Provide IP Security</A>
<DD><A HREF="ch04/151-152.html#Heading36">IP Sec or Application Security</A>
</DL>
<DD><A HREF="ch04/151-152.html#Heading37">How Complex Is Your Network Security?</A>
<DD><A HREF="ch04/153-154.html#Heading38">Why Intrusion Detection Is Needed after Network Security</A>
</DL>
</DL>
</B></FONT>
<BR><DD><A HREF="ch05/155-160.html"><FONT SIZE="4"><B>PART 2—Intrusion Detection: Beyond Traditional Security</B></FONT></A>
<DL>
<DD><A HREF="ch05/155-160.html#Heading1"><FONT SIZE="4"><B>Chapter 5—Intrusion Detection and Why You Need It</B></FONT></A>
<FONT SIZE="3"><B>
<DL>
<DD><A HREF="ch05/155-160.html#Heading2">Do You Have Protection?</A>
<DD><A HREF="ch05/160-163.html#Heading3">The Role of Intrusion Detection</A>
<DL>
<DD><A HREF="ch05/160-163.html#Heading4">Beyond I&A</A>
<DD><A HREF="ch05/163-167.html#Heading5">Beyond Access Control</A>
<DD><A HREF="ch05/163-167.html#Heading6">Beyond Network Security</A>
</DL>
<DD><A HREF="ch05/167-169.html#Heading7">Intrusion Detection: Concepts and Definitions</A>
<DL>
<DD><A HREF="ch05/170-172.html#Heading8">IDS Engine Categories</A>
<DD><A HREF="ch05/172-175.html#Heading9">Real Time or Interval Based</A>
<DD><A HREF="ch05/172-175.html#Heading10">Data Source</A>
<DD><A HREF="ch05/175-177.html#Heading11">A Generic IDS Model</A>
</DL>
<DD><A HREF="ch05/178-180.html#Heading12">Getting Ready to Look for Hacker Trade</A>
</DL>
</B></FONT>
<DD><A HREF="ch06/181-183.html#Heading1"><FONT SIZE="4"><B>Chapter 6—Detecting Intruders on Your System Is Fun and Easy</B></FONT></A>
<FONT SIZE="3"><B>
<DL>
<DD><A HREF="ch06/181-183.html#Heading2">Classes of Attacks</A>
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -