<option value="/reference/dir.enterprisemanagement1.html">Enterprise Mgt
			<option value="/reference/dir.funandgames1.html">Fun/Games
			<option value="/reference/dir.groupwareandcollaboration1.html">Groupware
			<option value="/reference/dir.hardware1.html">Hardware
			<option value="/reference/dir.intranetandextranetdevelopment1.html">Intranet Dev
			<option value="/reference/dir.middleware.html">Middleware
			<option value="/reference/dir.multimediaandgraphicdesign1.html">Multimedia
			<option value="/reference/dir.networkservices1.html">Networks 
			<option value="/reference/dir.operatingsystems.html">OS
			<option value="/reference/dir.productivityapplications1.html">Prod Apps
			<option value="/reference/dir.programminglanguages.html">Programming
			<option value="/reference/dir.security1.html">Security	
			<!-- <option value="/reference/dir.ewtraining1.html">Training Guides -->
			<option value="/reference/dir.userinterfaces.html">UI
			<option value="/reference/dir.webservices.html">Web Services
			<option value="/reference/dir.webmasterskills1.html">Webmaster
			<option value="/reference/dir.y2k1.html">Y2K
			<option value="">-----------
			<option value="/reference/whatsnew.html">New Titles
			<option value="">-----------
			<option value="/reference/dir.archive1.html">Free Archive		
			</SELECT>
			</font></td>
	</tr>
	</table>
	</form>
<!-- LEFT NAV SEARCH END -->

		</td>
		
<!-- PUB PARTNERS END -->
<!-- END LEFT NAV -->

<td rowspan="8" align="right" valign="top"><img src="/images/iswbls.gif" width=1 height=400 alt="" border="0"></td>
<td><img src="/images/white.gif" width="5" height="1" alt="" border="0"></td>
<!-- end of ITK left NAV -->

<!-- begin main content -->
<td width="100%" valign="top" align="left">


<!-- END SUB HEADER -->

<!--Begin Content Column -->

<FONT FACE="Arial,Helvetica" SIZE="-1">
To access the contents, click the chapter and section titles.
</FONT>
<P>
<B>Intrusion Detection: Network Security beyond the Firewall</B>
<FONT SIZE="-1">
<BR>
<I>(Publisher: John Wiley & Sons, Inc.)</I>
<BR>
Author(s): Terry Escamilla
<BR>
ISBN: 0471290009
<BR>
Publication Date: 11/01/98
</FONT>
<P>
<form name="Search" method="GET" action="http://search.earthweb.com/search97/search_redir.cgi">

<INPUT TYPE="hidden" NAME="Action" VALUE="Search">
<INPUT TYPE="hidden" NAME="SearchPage" VALUE="http://search.earthweb.com/search97/samples/forms/srchdemo.htm">
<INPUT TYPE="hidden" NAME="Collection" VALUE="ITK">
<INPUT TYPE="hidden" NAME="ResultTemplate" VALUE="itk-full.hts">
<INPUT TYPE="hidden" NAME="ViewTemplate" VALUE="view.hts">

<font face="arial, helvetica" size=2><b>Search this book:</b></font><br>
<INPUT NAME="queryText" size=50 VALUE="">&nbsp;<input type="submit" name="submitbutton" value="Go!">
<INPUT type=hidden NAME="section_on" VALUE="on">
<INPUT type=hidden NAME="section" VALUE="http://www.itknowledge.com/reference/standard/0471290009/">

</form>


<!-- Empty Reference Subhead -->

<!--ISBN=0471290009//-->
<!--TITLE=Intrusion Detection: Network Security Beyond the Firewall//-->
<!--AUTHOR=Terry Escamilla//-->
<!--PUBLISHER=John Wiley & Sons, Inc.//-->
<!--IMPRINT=Wiley Computer Publishing//-->
<!--CHAPTER=9//-->
<!--PAGES=279-282//-->
<!--UNASSIGNED1//-->
<!--UNASSIGNED2//-->

<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="276-279.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="../ch10/283-285.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<H4 ALIGN="LEFT"><A NAME="Heading18"></A><FONT COLOR="#000077">Network Flight Recorder</FONT></H4>
<P>The interesting feature of NFR is that it is not designed to be an IDS. Instead, NFR is a general-purpose network monitoring tool. NFR just happens to include a general-purpose scripting language that can be used to build attack signature recognition routines. Note that Checkpoint adheres to this philosophy in the firewall market by offering its INSPECT language for similar reasons. The argument, and it is a reasonable one, is that passing packets through arbitrary programs provides great flexibility in enforcing a security policy.
</P>
<P>As a security officer, knowing that you have complete control over the attack signatures is a compelling thought. However, you must be cautious because you could make a mistake in programming. Relying on consulting services to obtain signatures for well-known attacks, and developing custom signatures for your proprietary applications is a good tradeoff. Although the general-purpose scripting language in NFR is it&#146;s most appealing feature, you probably can expect network IDS vendors to offer similar functionality soon. When NetRanger and RealSecure enables you to easily add your own signatures or adapt the ones delivered with the tools, the appeal of NFR will be challenged.</P>
<P>Earlier versions of NFR did not have the same level of distributed systems management provided with NetRanger and RealSecure. This level probably is supported in the version on the market today. Paging is a standard notification mechanism supported, and the summary reports are exceptional. If you invest in NFR, you&#146;ll also be able to use expertise to watch your network behavior in other ways, such as monitoring performance.</P>
<H3><A NAME="Heading19"></A><FONT COLOR="#000077">Will Intrusion Detection Be Enough?</FONT></H3>
<P>It would be wonderful if this chapter could close by claiming victory in the war on intruders. You know by now that perfect security is impossible. You&#146;ve had a chance to see how scanners, system-level tools, and network IDSs are able to catch some hacks but miss others. Your job is to know the types of IDS tools that are available, know what they <I>can</I> do, and know what they <I>cannot</I> do in order to properly rely on them for improving your security. The bad news is that no single type of IDS today will be sufficient by itself. The good news is that you can buy several tools that <I>do</I> give you ample coverage against attacks. Today, not all of the tools will come from the same vendor, nor is it likely that they will interoperate. This situation is changing, though.</P>
<P>Vendors who build each type of tool make design tradeoffs when building a scanner, system, or network IDS. In the recent past, a vendor might focus on one or two of these tools types but not offer solutions covering all three categories. Alliances, acquisitions, and new product offerings by IDS vendors are becoming more inclusive. In 1998, you should see some significant improvements in this area. The final chapter of the book offers some suggestions for what you can do today, and what you can expect from IDSs in the future.</P>
<P>Another issue you will need to contend with is increasingly sophisticated hackers. IDS vendors try to keep abreast of new hacks and modify their tools to detect these. However, a lag always exists between a clever new way to break into a system and the products that try to find hackers.</P>
<P>Much of the material on intrusion detection so far has focused on UNIX systems and TCP/IP. This focus was used to keep the discussions simple. Including NT and UNIX comparisons in each section would have been too confusing. Now that you&#146;re an expert on IDSs and understand how they apply in UNIX environments, you are ready for the next chapter, which examines intrusion detection for NT.</P><P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="276-279.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="../ch10/283-285.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>


<!-- all of the reference materials (books) have the footer and subfoot reveresed -->
<!-- reference_subfoot = footer -->
<!-- reference_footer = subfoot -->

<!-- BEGIN SUB FOOTER -->
		<br><br>
		</TD>
    </TR>
	</TABLE>

		
	<table width="640" border=0 cellpadding=0 cellspacing=0>
		<tr>
		<td align="left" width=135><img src="/images/white.gif" width=100 height="1" alt="" border="0"></td>
		
		
<!-- END SUB FOOTER -->

<!-- all of the books have the footer and subfoot reveresed -->
<!-- reference_subfoot = footer -->
<!-- reference_footer = subfoot -->

<!-- FOOTER -->
			
		<td width="515" align="left" bgcolor="#FFFFFF">
<font face="arial, helvetica" size="1"><b><a href="/products.html"><font color="#006666">Products</font></a>&nbsp;|&nbsp; <a href="/contactus.html"><font color="#006666">Contact Us</font></a>&nbsp;|&nbsp; <a href="/aboutus.html"><font color="#006666">About Us</font></a>&nbsp;|&nbsp; <a href="http://www.earthweb.com/corporate/privacy.html" target="_blank"><font color="#006666">Privacy</font></a> &nbsp;|&nbsp; <a href="http://www.itmarketer.com/" target="_blank"><font color="#006666">Ad Info</font></a> &nbsp;|&nbsp; <a href="/"><font color="#006666">Home</font></a></b>
		<br><br>
		
		Use of this site is subject to certain <a href="/agreement.html">Terms &amp; Conditions</a>, <a href="/copyright.html">Copyright &copy; 1996-1999 EarthWeb Inc.</a><br> 
All rights reserved.  Reproduction whole or in part in any form or medium without express written permision of EarthWeb is prohibited.</font><p>
</td>
		</tr>
</table>
</BODY>
</HTML>

<!-- END FOOTER -->