178-180.html

入侵检测的相关教程

			<option value="/reference/dir.databases.html">Databases
			<option value="/reference/dir.enterprisemanagement1.html">Enterprise Mgt
			<option value="/reference/dir.funandgames1.html">Fun/Games
			<option value="/reference/dir.groupwareandcollaboration1.html">Groupware
			<option value="/reference/dir.hardware1.html">Hardware
			<option value="/reference/dir.intranetandextranetdevelopment1.html">Intranet Dev
			<option value="/reference/dir.middleware.html">Middleware
			<option value="/reference/dir.multimediaandgraphicdesign1.html">Multimedia
			<option value="/reference/dir.networkservices1.html">Networks 
			<option value="/reference/dir.operatingsystems.html">OS
			<option value="/reference/dir.productivityapplications1.html">Prod Apps
			<option value="/reference/dir.programminglanguages.html">Programming
			<option value="/reference/dir.security1.html">Security	
			<!-- <option value="/reference/dir.ewtraining1.html">Training Guides -->
			<option value="/reference/dir.userinterfaces.html">UI
			<option value="/reference/dir.webservices.html">Web Services
			<option value="/reference/dir.webmasterskills1.html">Webmaster
			<option value="/reference/dir.y2k1.html">Y2K
			<option value="">-----------
			<option value="/reference/whatsnew.html">New Titles
			<option value="">-----------
			<option value="/reference/dir.archive1.html">Free Archive		
			</SELECT>
			</font></td>
	</tr>
	</table>
	</form>
<!-- LEFT NAV SEARCH END -->

		</td>
		
<!-- PUB PARTNERS END -->
<!-- END LEFT NAV -->

<td rowspan="8" align="right" valign="top"><img src="/images/iswbls.gif" width=1 height=400 alt="" border="0"></td>
<td><img src="/images/white.gif" width="5" height="1" alt="" border="0"></td>
<!-- end of ITK left NAV -->

<!-- begin main content -->
<td width="100%" valign="top" align="left">


<!-- END SUB HEADER -->

<!--Begin Content Column -->

<FONT FACE="Arial,Helvetica" SIZE="-1">
To access the contents, click the chapter and section titles.
</FONT>
<P>
<B>Intrusion Detection: Network Security beyond the Firewall</B>
<FONT SIZE="-1">
<BR>
<I>(Publisher: John Wiley & Sons, Inc.)</I>
<BR>
Author(s): Terry Escamilla
<BR>
ISBN: 0471290009
<BR>
Publication Date: 11/01/98
</FONT>
<P>
<form name="Search" method="GET" action="http://search.earthweb.com/search97/search_redir.cgi">

<INPUT TYPE="hidden" NAME="Action" VALUE="Search">
<INPUT TYPE="hidden" NAME="SearchPage" VALUE="http://search.earthweb.com/search97/samples/forms/srchdemo.htm">
<INPUT TYPE="hidden" NAME="Collection" VALUE="ITK">
<INPUT TYPE="hidden" NAME="ResultTemplate" VALUE="itk-full.hts">
<INPUT TYPE="hidden" NAME="ViewTemplate" VALUE="view.hts">

<font face="arial, helvetica" size=2><b>Search this book:</b></font><br>
<INPUT NAME="queryText" size=50 VALUE="">&nbsp;<input type="submit" name="submitbutton" value="Go!">
<INPUT type=hidden NAME="section_on" VALUE="on">
<INPUT type=hidden NAME="section" VALUE="http://www.itknowledge.com/reference/standard/0471290009/">

</form>


<!-- Empty Reference Subhead -->

<!--ISBN=0471290009//-->
<!--TITLE=Intrusion Detection: Network Security Beyond the Firewall//-->
<!--AUTHOR=Terry Escamilla//-->
<!--PUBLISHER=John Wiley & Sons, Inc.//-->
<!--IMPRINT=Wiley Computer Publishing//-->
<!--CHAPTER=5//-->
<!--PAGES=178-180//-->
<!--UNASSIGNED1//-->
<!--UNASSIGNED2//-->

<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="175-177.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="../ch06/181-183.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<P>Feedback is an important part of the generic model. The presence of some event might trigger the rule base to <I>learn</I> and add a new rule. If the Rule Set detects a threshold change in the Activity Profile, one response could be to alter the types, frequency, or details of events emitted from the Event Generator. Note that there is no architectural limitation on the generic model that restricts it to a single system. Each of the three main subsystems could be running on different nodes in a network, and each individual subsystem could itself be partitioned further across multiple nodes.</P>
<H3><A NAME="Heading12"></A><FONT COLOR="#000077">Getting Ready to Look for Hacker Trade</FONT></H3>
<P>The introduction of <I>intrusion detection systems</I> (IDS) into your environment is targeted at filling in the gaps left by other security products. In previous chapters, system and network weaknesses were identified, and recommendations were made for improving security. Despite the possible improvements, weaknesses still exist. This chapter described how I&#38;A, access control, firewalls, and cryptography are still not enough for complete security, and why an IDS rounds out the solution.</P>
<P>Differences in intrusion detection products were described, and the pros and cons of different approaches were briefly mentioned. Vulnerability scanners were the focus of this chapter, although subsequent chapters will deal with network and system-intrusion detection products in more detail. System and network scanners were shown to play a vital role in securing your site because they look for evidence of hacker behavior, examine configuration weaknesses, probe for well-known security problems, and provide useful reports.</P>
<P>If you want to dig a bit deeper into intrusion-detection research before heading into the next few chapters, here are some pointers. Excellent papers and links for intrusion detection can be found at the COAST and UC Davis Web sites. COAST is spearheaded by Gene Spafford and cranks out some papers on intrusion detection. Some of the documents are limited to sponsors, but many have been posted electronically on the site and have been published in journals and conference proceedings. Check it out at <A HREF="www.coast.purdue.edu.">www.coast.purdue.edu.</A> A particularly useful page with one of the most comprehensive collections of security links is maintained there at <A HREF="www.coast.purdue.edu/security-links.html.">www.coast.purdue.edu/security-links.html.</A></P>
<P>UC Davis has several IDS researchers and graduate students. Much of the original work on intrusion detection funded by DARPA involved collaboration between UC Davis and other sites such as Livermore Labs, Los Alamos, and DoD teams. Browse the pages at <A HREF="www.ucd.edu/security">www.ucd.edu/security</A> for good background and current readings. Be sure to pay a visit to the cryptography pages maintained there as well.</P>
<P>Visit the SRI Web site at <A HREF="www.csl.sri.com">www.csl.sri.com</A> to see active research from some of the founding members of the IDS field. Peter Neumann and his colleagues are working on the EMERALD project there and are seeing promising results. As a final note, get your hands on conference proceedings from NISSC. Numerous papers on intrusion detection and computer security in these collections.</P><P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="175-177.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="../ch06/181-183.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>


<!-- all of the reference materials (books) have the footer and subfoot reveresed -->
<!-- reference_subfoot = footer -->
<!-- reference_footer = subfoot -->

<!-- BEGIN SUB FOOTER -->
		<br><br>
		</TD>
    </TR>
	</TABLE>

		
	<table width="640" border=0 cellpadding=0 cellspacing=0>
		<tr>
		<td align="left" width=135><img src="/images/white.gif" width=100 height="1" alt="" border="0"></td>
		
		
<!-- END SUB FOOTER -->

<!-- all of the books have the footer and subfoot reveresed -->
<!-- reference_subfoot = footer -->
<!-- reference_footer = subfoot -->

<!-- FOOTER -->
			
		<td width="515" align="left" bgcolor="#FFFFFF">
<font face="arial, helvetica" size="1"><b><a href="/products.html"><font color="#006666">Products</font></a>&nbsp;|&nbsp; <a href="/contactus.html"><font color="#006666">Contact Us</font></a>&nbsp;|&nbsp; <a href="/aboutus.html"><font color="#006666">About Us</font></a>&nbsp;|&nbsp; <a href="http://www.earthweb.com/corporate/privacy.html" target="_blank"><font color="#006666">Privacy</font></a> &nbsp;|&nbsp; <a href="http://www.itmarketer.com/" target="_blank"><font color="#006666">Ad Info</font></a> &nbsp;|&nbsp; <a href="/"><font color="#006666">Home</font></a></b>
		<br><br>
		
		Use of this site is subject to certain <a href="/agreement.html">Terms &amp; Conditions</a>, <a href="/copyright.html">Copyright &copy; 1996-1999 EarthWeb Inc.</a><br> 
All rights reserved.  Reproduction whole or in part in any form or medium without express written permision of EarthWeb is prohibited.</font><p>
</td>
		</tr>
</table>
</BODY>
</HTML>

<!-- END FOOTER -->