<DL>
<DD><A HREF="ch06/181-183.html#Heading3">Internal Attacks</A>
<DD><A HREF="ch06/186-190.html#Heading4">External Threats</A>
</DL>
<DD><A HREF="ch06/186-190.html#Heading5">Layers of Information Sources</A>
<DL>
<DD><A HREF="ch06/190-191.html#Heading6">Warning: Opportunities for Hackers!</A>
</DL>
<DD><A HREF="ch06/190-191.html#Heading7">Commercial IDS Layering</A>
<DD><A HREF="ch06/191-194.html#Heading8">How Does One Get the Data?</A>
<DL>
<DD><A HREF="ch06/191-194.html#Heading9">Intrusion Detection Inside a Firewall</A>
<DD><A HREF="ch06/194-198.html#Heading10">Relying on Others for Data</A>
</DL>
<DD><A HREF="ch06/194-198.html#Heading11">System Data Sources</A>
<DL>
<DD><A HREF="ch06/194-198.html#Heading12">syslog</A>
<DD><A HREF="ch06/198-201.html#Heading13">Audit Trails</A>
</DL>
<DD><A HREF="ch06/198-201.html#Heading14">Tracing the Path of Activity Can Be Difficult</A>
<DL>
<DD><A HREF="ch06/206-208.html#Heading15">Monitoring Policies</A>
</DL>
<DD><A HREF="ch06/206-208.html#Heading16">Simple or Complex Attacks</A>
<DD><A HREF="ch06/206-208.html#Heading17">Prepare to Scan for Weaknesses</A>
</DL>
</B></FONT>
<DD><A HREF="ch07/209-211.html#Heading1"><FONT SIZE="4"><B>Chapter 7&#151;Vulnerability Scanners</B></FONT></A>
<FONT SIZE="3"><B>
<DL>
<DD><A HREF="ch07/209-211.html#Heading2">What Is a Scanner?</A>
<DD><A HREF="ch07/209-211.html#Heading3">Characteristics of Scanners</A>
<DL>
<DD><A HREF="ch07/211-214.html#Heading4">Local Scanners</A>
<DD><A HREF="ch07/211-214.html#Heading5">Remote Scanning</A>
</DL>
<DD><A HREF="ch07/211-214.html#Heading6">How a Scanner Works</A>
<DD><A HREF="ch07/214-217.html#Heading7">Improving Your Security with Scanners</A>
<DL>
<DD><A HREF="ch07/214-217.html#Heading8">ISS SAFESuite</A>
</DL>
<DD><A HREF="ch07/221-225.html#Heading9">Other Scanners</A>
<DL>
<DD><A HREF="ch07/221-225.html#Heading10">Ballista</A>
<DD><A HREF="ch07/221-225.html#Heading11">IBM Network Security Auditor</A>
<DD><A HREF="ch07/221-225.html#Heading12">Keeping the Scanners Current</A>
</DL>
<DD><A HREF="ch07/225-226.html#Heading13">Are You Done Yet?</A>
</DL>
</B></FONT>
<DD><A HREF="ch08/227-228.html#Heading1"><FONT SIZE="4"><B>Chapter 8&#151;UNIX System-Level IDSs</B></FONT></A>
<FONT SIZE="3"><B>
<DL>
<DD><A HREF="ch08/227-228.html#Heading2">Detecting Hacks with Stalker</A>
<DL>
<DD><A HREF="ch08/229-231.html#Heading3">Audit Management</A>
<DD><A HREF="ch08/229-231.html#Heading4">Tracer/Browser</A>
<DD><A HREF="ch08/231-234.html#Heading5">Misuse Detector</A>
<DD><A HREF="ch08/231-234.html#Heading6">Attacks Detected by Stalker</A>
<DD><A HREF="ch08/231-234.html#Heading7">Is Stalker Right for You?</A>
<DD><A HREF="ch08/234-237.html#Heading8">Some Alternative Stalker Configurations</A>
</DL>
<DD><A HREF="ch08/234-237.html#Heading9">Detecting Hacks with the Computer Misuse Detection System</A>
<DL>
<DD><A HREF="ch08/234-237.html#Heading10">How CMDS Works</A>
</DL>
<DD><A HREF="ch08/237-240.html#Heading11">Other IDS Features to Consider</A>
<DL>
<DD><A HREF="ch08/240-243.html#Heading12">Ease of Set Up</A>
<DD><A HREF="ch08/240-243.html#Heading13">Distributed Intrusion Detection</A>
<DD><A HREF="ch08/240-243.html#Heading14">Monitoring and Privacy</A>
<DD><A HREF="ch08/243-245.html#Heading15">Finding New Attacks</A>
<DD><A HREF="ch08/243-245.html#Heading16">General Event Monitoring or Intrusion Detection</A>
</DL>
<DD><A HREF="ch08/243-245.html#Heading17">Using Audit Logs to Find Attacks</A>
<DL>
<DD><A HREF="ch08/245-247.html#Heading18">Two Main Reasons for Vulnerabilities</A>
<DD><A HREF="ch08/245-247.html#Heading19">Notation</A>
<DD><A HREF="ch08/247-249.html#Heading20">A Word about Sequences</A>
<DD><A HREF="ch08/247-249.html#Heading21">Focusing on Local Attacks</A>
<DD><A HREF="ch08/247-249.html#Heading22">An IDS Limitation</A>
<DD><A HREF="ch08/254-257.html#Heading23">The Scope Problem and Memory Requirements</A>
</DL>
<DD><A HREF="ch08/260-261.html#Heading24">Why You&#146;re Not Finished Yet</A>
</DL>
</B></FONT>
<DD><A HREF="ch09/263-265.html#Heading1"><FONT SIZE="4"><B>Chapter 9&#151;Sniffing for Intruders</B></FONT></A>
<FONT SIZE="3"><B>
<DL>
<DD><A HREF="ch09/263-265.html#Heading2">How Network IDSs Work</A>
<DL>
<DD><A HREF="ch09/263-265.html#Heading3">Networks and Subnets</A>
<DD><A HREF="ch09/263-265.html#Heading4">Network IDSs Sniff Network Traffic</A>
<DD><A HREF="ch09/265-268.html#Heading5">Other Network IDS Features</A>
</DL>
<DD><A HREF="ch09/265-268.html#Heading6">Network IDS Attack Recognition</A>
<DL>
<DD><A HREF="ch09/265-268.html#Heading7">Fragmented IP Packets</A>
</DL>
<DD><A HREF="ch09/268-270.html#Heading8">Advantages of Network IDSs</A>
<DD><A HREF="ch09/268-270.html#Heading9">Limitations of Network Packet Sniffing</A>
<DL>
<DD><A HREF="ch09/270-273.html#Heading10">Network Sniffers Do Not See All Packets</A>
<DD><A HREF="ch09/270-273.html#Heading11">Network Sniffers Are Blinded by Encryption</A>
<DD><A HREF="ch09/270-273.html#Heading12">Missed System-Level Attacks</A>
<DD><A HREF="ch09/273-276.html#Heading13">The Network IDS Is Not the Destination Node</A>
<DD><A HREF="ch09/273-276.html#Heading14">Getting around the Encryption Problem</A>
</DL>
<DD><A HREF="ch09/276-279.html#Heading15">Which Product Has the Best Nose?</A>
<DL>
<DD><A HREF="ch09/276-279.html#Heading16">IBM and NetRanger</A>
<DD><A HREF="ch09/276-279.html#Heading17">RealSecure</A>
<DD><A HREF="ch09/279-282.html#Heading18">Network Flight Recorder</A>
</DL>
<DD><A HREF="ch09/279-282.html#Heading19">Will Intrusion Detection Be Enough?</A>
</DL>
</B></FONT>
<DD><A HREF="ch10/283-285.html#Heading1"><FONT SIZE="4"><B>Chapter 10&#151;Intrusion Detection for NT</B></FONT></A>
<FONT SIZE="3"><B>
<DL>
<DD><A HREF="ch10/283-285.html#Heading2">NT Security Review</A>
<DD><A HREF="ch10/283-285.html#Heading3">Sources of Data for NT IDSs</A>
<DL>
<DD><A HREF="ch10/285-288.html#Heading4">NT Event Log</A>
<DD><A HREF="ch10/285-288.html#Heading5">Event Records</A>
</DL>
<DD><A HREF="ch10/288-290.html#Heading6">What to Monitor on NT</A>
<DL>
<DD><A HREF="ch10/288-290.html#Heading7">Increased Privileges</A>
<DD><A HREF="ch10/288-290.html#Heading8">Impersonation</A>
<DD><A HREF="ch10/290-292.html#Heading9">Remote Attacks</A>
<DD><A HREF="ch10/292-295.html#Heading10">Local Vulnerabilities</A>
</DL>
<DD><A HREF="ch10/292-295.html#Heading11">Intrusion Detection Products for NT</A>
<DL>
<DD><A HREF="ch10/292-295.html#Heading12">Look for These Features</A>
<DD><A HREF="ch10/292-295.html#Heading13">Centrax</A>
</DL>
<DD><A HREF="ch10/299-302.html#Heading14">For Further Thought</A>
</DL>
</DL>
</B></FONT>
<BR><DD><A HREF="ch11/303-307.html"><FONT SIZE="4"><B>PART 3&#151;Rounding Out Your Environment</B></FONT></A>
<DL>
<DD><A HREF="ch11/303-307.html#Heading1"><FONT SIZE="4"><B>Chapter 11&#151;You&#146;ve Been Hit!</B></FONT></A>
<FONT SIZE="3"><B>
<DL>
<DD><A HREF="ch11/303-307.html#Heading2">Be Prepared</A>
<DD><A HREF="ch11/307-309.html#Heading3">Discovery and Detection</A>
<DD><A HREF="ch11/309-311.html#Heading4">Responding to Intrusions</A>
<DD><A HREF="ch11/311-312.html#Heading5">Should You Pursue Your Attacker?</A>
</DL>
</B></FONT>
<DD><A HREF="ch12/313-315.html#Heading1"><FONT SIZE="4"><B>Chapter 12&#151;Intrusion Detection: Not the Last Chapter When It Comes to Security</B></FONT></A>
<FONT SIZE="3"><B>
<DL>
<DD><A HREF="ch12/313-315.html#Heading2">Traditional Computer Security</A>
<DL>
<DD><A HREF="ch12/313-315.html#Heading3">The Basic Security Model</A>
<DD><A HREF="ch12/313-315.html#Heading4">I&#38;A</A>
<DD><A HREF="ch12/313-315.html#Heading5">Access Control</A>
<DD><A HREF="ch12/315-318.html#Heading6">Network Security</A>
</DL>
<DD><A HREF="ch12/315-318.html#Heading7">The Rationale for IDSs</A>
<DD><A HREF="ch12/315-318.html#Heading8">Types of IDSs</A>
<DL>
<DD><A HREF="ch12/315-318.html#Heading9">Scanners</A>
<DD><A HREF="ch12/315-318.html#Heading10">System-Level IDSs</A>
<DD><A HREF="ch12/318-320.html#Heading11">Network Sniffers</A>
</DL>
<DD><A HREF="ch12/318-320.html#Heading12">Improving upon IDSs</A>
<DL>
<DD><A HREF="ch12/320-322.html#Heading13">Increase Application-Level Detection</A>
<DD><A HREF="ch12/320-322.html#Heading14">Adapt to Changing I&#38;A</A>
<DD><A HREF="ch12/320-322.html#Heading15">Support Common Systems Management</A>
<DD><A HREF="ch12/320-322.html#Heading16">Simplify Development of Attack Signatures</A>
<DD><A HREF="ch12/323-325.html#Heading17">Combine Products</A>
<DD><A HREF="ch12/323-325.html#Heading18">Support Integration into Other Products</A>
<DD><A HREF="ch12/323-325.html#Heading19">Support Research</A>
<DD><A HREF="ch12/323-325.html#Heading20">Self Reference and IDSs</A>
</DL>
<DD><A HREF="ch12/325-326.html#Heading21">Take It Away</A>
</DL>
</DL>
</DL>
<B></FONT>
<FONT SIZE="4"><B>
<DD><A HREF="bib.html">Bibliography</A>
<DD><A HREF="appendix-a.html">Appendix A</A>
<DD><A HREF="book-index.html">Index</A>
</B></FONT>
</DL>


<!-- all of the reference materials (books) have the footer and subfoot reveresed -->
<!-- reference_subfoot = footer -->
<!-- reference_footer = subfoot -->

<!-- BEGIN SUB FOOTER -->
		<br><br>
		</TD>
    </TR>
	</TABLE>

		
	<table width="640" border=0 cellpadding=0 cellspacing=0>
		<tr>
		<td align="left" width=135><img src="/images/white.gif" width=100 height="1" alt="" border="0"></td>
		
		
<!-- END SUB FOOTER -->

<!-- all of the books have the footer and subfoot reveresed -->
<!-- reference_subfoot = footer -->
<!-- reference_footer = subfoot -->

<!-- FOOTER -->
			
		<td width="515" align="left" bgcolor="#FFFFFF">
<font face="arial, helvetica" size="1"><b><a href="/products.html"><font color="#006666">Products</font></a>&nbsp;|&nbsp; <a href="/contactus.html"><font color="#006666">Contact Us</font></a>&nbsp;|&nbsp; <a href="/aboutus.html"><font color="#006666">About Us</font></a>&nbsp;|&nbsp; <a href="http://www.earthweb.com/corporate/privacy.html" target="_blank"><font color="#006666">Privacy</font></a> &nbsp;|&nbsp; <a href="http://www.itmarketer.com/" target="_blank"><font color="#006666">Ad Info</font></a> &nbsp;|&nbsp; <a href="/"><font color="#006666">Home</font></a></b>
		<br><br>
		
		Use of this site is subject to certain <a href="/agreement.html">Terms &amp; Conditions</a>, <a href="/copyright.html">Copyright &copy; 1996-1999 EarthWeb Inc.</a><br> 
All rights reserved.  Reproduction whole or in part in any form or medium without express written permision of EarthWeb is prohibited.</font><p>
</td>
		</tr>
</table>
</BODY>
</HTML>

<!-- END FOOTER -->