Intrusion Prevention and Active Response: Deploying Network and Host IPS [Illustrated] [Paperback]

Michael Rash (Author), Angela D. Orebaugh (Author), Graham Clark (Author), Becky Pinkard (Author), Jake Babbin (Author)

Book Description

Publication Date: April 26, 2005 | ISBN-10: 193226647X | ISBN-13: 978-1932266474 | Edition: 1

This book provides an introduction to the field of Intrusion Prevention and provides detailed information on various IPS methods and technologies. Specific methods are covered in depth, including both network and host IPS and response technologies such as port deactivation, firewall/router network layer ACL modification, session sniping, outright application layer data modification, system call interception, and application shims.

* Corporate spending for Intrusion Prevention systems increased dramatically by 11% in the last quarter of 2004 alone

* Lead author, Michael Rash, is well respected in the IPS Community, having authored FWSnort, which greatly enhances the intrusion prevention capabilities of the market-leading Snort IDS

Editorial Reviews

About the Author

Angela Orebaugh (, GCIA, GCFW, GCIH, GSEC, CCNA) is a Senior Scientist in the Advanced Technology Research Center of Sytex, Inc. where she works with a specialized team to advance the state of the art in information systems security. She has over 10 years experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. She has a Masters in Computer Science, and is currently pursuing her Ph.D. with a concentration in Information Security at George Mason University.

Product Details

• Paperback: 424 pages
• Publisher: Syngress; 1 edition (April 26, 2005)
• Language: English
• ISBN-10: 193226647X
• ISBN-13: 978-1932266474
• Product Dimensions: 9.1 x 7 x 1.2 inches
• Shipping Weight: 1.4 pounds (View shipping rates and policies)
• Average Customer Review: 4.0 out of 5 stars  See all reviews (9 customer reviews)
• Amazon Best Sellers Rank: #881,236 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

5 of 6 people found the following review helpful:

4.0 out of 5 stars Not a beginner's book but very, very good, March 29, 2005

By 

Anthony Lawrence "Unix, Linux and Mac OS X" (Middleboro, MA USA) - See all my reviews
(VINE VOICE)    (REAL NAME)   

This review is from: Intrusion Prevention and Active Response: Deploying Network and Host IPS (Paperback)

This is excellent, but not a beginner's book - you'll need to read some other security books before jumping into this. On the other hand, the format of it is very good for learning: each section presents ideas and concepts, and is followed by a summary that bullets important points, and then by a less formal Q&A section. Additionally, the chapters are peppered with "Notes from the Underground" sections that are interesting sidebars on the subject.

The more security books I read, the more I feel like I'm standing in a hall of mirrors, with the villian plainly visible pointing a weapon at me. But where is he? Which reflection is the one I need to pay attention to? That's one of the many interesting points discussed here: false positives distract your attention from real problems, and the "bad guys" know that, so if you ever are under real attack, you can bet that you'll also be seeing all manner of distracting false attacks also.

This covers all the important security tools, mostly from a Linux perspective though Windows isn't entirely ignored. Weaknesses and strengths are examined, but what I really appreciated was the constant focus on reality: this isn't at all a theoretical discussion; it's real-world, get your hands dirty, watch out for this, etc.

Great job, the authors obviously put a lot of thought into it. The only fault I'd find at all is that some of it gets very techy, but that's really unavoidable: you can't begin to understand how some of these exploits work without a deeper understanding of geekish subjects. I think in general they did an excellent job with all of it.

2 of 2 people found the following review helpful:

4.0 out of 5 stars false positives and negatives are the problem, April 9, 2005

By 

W Boudville (Terra, Sol 3) - See all my reviews
(VINE VOICE)    (TOP 1000 REVIEWER)    (HALL OF FAME REVIEWER)    (REAL NAME)   

This review is from: Intrusion Prevention and Active Response: Deploying Network and Host IPS (Paperback)

As malware and cracking become more potent, so too have the countermeasures. Hitherto, IDS have been popular, to detect such incursions into your network. But sterner tactics have evolved. An IDS is essentially passive. This book explores the concept of an Intrusion Prevention System.

The strongest configuration is to put an IPS inline. So that it sits between the Internet and your computers. It parses the network traffic at any or all of the 5 layers, from data link to application. In its most intensive incarnation, it can analyse application layer data and modify these before passing them on. Plus, of course, it can block suspects attack messages, even in a zero-day mode.

The discussion is fairly technical. A good prior knowledge of UDP and TCP is needed to make sense of much of the text.

The book is also careful to warn of the pitfalls of using an IPS, especially inline. False positives and negatives. It is very hard to correctly find all the attacks. That is, to be able to implement a robust rule set to remove attacks from the traffic.

2 of 3 people found the following review helpful:

4.0 out of 5 stars Intrusion Prevention Help, April 5, 2005

By 

Keith Brook - See all my reviews

This review is from: Intrusion Prevention and Active Response: Deploying Network and Host IPS (Paperback)

This book was really helpful! Our company really needed a solution for a prevention/response system. We already had an IDS system but needed something for the attacks. Once our company was under attack we had no way of stopping it. This book really helped us to make an intelligent decision and the company went with the Interceptor.NET from Network Intercept. They were found on www.networkintercept.com. This book explains all about how these kind of systems work and was really knowledgeable. Highly recommend!