Host Integrity Monitoring Using Osiris and Samhain_图书大全
Host Integrity Monitoring Using Osiris and Samhain
ISBN: 9781597490184
出版社: Syngress Publishing
出版年: 2005-07-01
页数: 450
定价: USD 44.95
装帧: Paperback
内容简介
Your IDS Just Detected an Attack: Was it Successful? This book is about one of the most crucial aspects of system and security management: host integrity protection. Fundamentally, host integrity protection is all about understanding the changes that occur on your system--friendly or hostile, deliberate or accidental--and understanding the impact of those changes. In other words, it's change control in a potentially hostile environment. Best of all, this book is written by Brian Wotring, who has designed and deployed host integrity monitoring systems, used them, and relied on their results. It's hard to overstate the value of such experience. Books like the one you're holding are the survival kits for the future of computing. They're full of the important clues that you're going to need if you want to be one of the survivors instead of the statistics.
--From the Foreword by Marcus J. Ranum
Detect Successful Attacks Determine exactly which attacks successfully compromised your host environment.
Download and Run Invaluable Scripts Use real-world scripts and configurations, which have been successfully deployed in enterprise host integrity monitoring solutions.
Perform Damage Assessment Understand the extent to which a host was compromised, and learn exactly how the attacker penetrated your defenses.
Reduce False Positives Learn how to dramatically reduce false positives, which can obfuscate your valuable, legitimate results.
Monitor Your Entire Environment Develop a solution to monitor files, users and groups, the kernel, open network ports, privileged executables, and other runtime elements.
Learn the Importance of Proper Planning Gain insight into successful planning, deployment, and administration of a working host integrity monitoring solution.
Master Defensive Techniques Learn how to mitigate attacks on the host integrity monitoring system itself.
Monitor Log Files and Create Notifications Use Swatch to monitor Osiris and Samhain log files, and create custom notification messages.
Establish Audit Trails Create trusted audit trails of activity that can prove invaluable in forensic investigations.
Your Solutions Membership Gives You Access to: A comprehensive FAQ page that consolidates all of the key points of this book into an easy-to-search Web page
"From the Author" Forum where the authors post timely updates and links to related sites
Custom, working scripts from the book.
Downloadable chapters from these best-selling books:
Snort 2.1 Intrusion Detection, Second Edition
Ethereal Packet Sniffing
Nessus Network Auditing
Microsoft Log Parser Toolkit
TOCChapter 1 Host Integrity
Chapter 2 Understanding the Terrain
Chapter 3 Understanding Threats
Chapter 4 Planning
Chapter 5 Host Integrity Monitoring with Open Source Tools
Chapter 6 Osiris
Chapter 7 Samhain
Chapter 8 Log Monitoring and Response
Chapter 9 Advanced Strategies
Appendix A Monitoring Linksys Devices
Appendix B Extending Osiris and Samhain with Modules
Appendix C Further Reading
