Angela Orebaugh – författare

Intrusion Prevention and Active Response provides an introduction to the field of Intrusion Prevention and provides detailed information on various IPS methods and technologies. Specific methods are covered in depth, including both network and host IPS and response technologies such as port deactivation, firewall/router network layer ACL modification, session sniping, outright application layer data modification, system call interception, and application shims.- Corporate spending for Intrusion Prevention systems increased dramatically by 11% in the last quarter of 2004 alone- Lead author, Michael Rash, is well respected in the IPS Community, having authored FWSnort, which greatly enhances the intrusion prevention capabilities of the market-leading Snort IDS

Ethereal is the #2 most popular open source security tool used by system administrators and security professionals. This all new book builds on the success of Syngress'' best-selling book Ethereal Packet Sniffing.Wireshark & Ethereal Network Protocol Analyzer Toolkit provides complete information and step-by-step Instructions for analyzing protocols and network traffic on Windows, Unix or Mac OS X networks. First, readers will learn about the types of sniffers available today and see the benefits of using Ethereal. Readers will then learn to install Ethereal in multiple environments including Windows, Unix and Mac OS X as well as building Ethereal from source and will also be guided through Ethereal''s graphical user interface. The following sections will teach readers to use command-line options of Ethereal as well as using Tethereal to capture live packets from the wire or to read saved capture files. This section also details how to import and export files between Ethereal and WinDump, Snort, Snoop, Microsoft Network Monitor, and EtherPeek. The book then teaches the reader to master advanced tasks such as creating sub-trees, displaying bitfields in a graphical view, tracking requests and reply packet pairs as well as exclusive coverage of MATE, Ethereal''s brand new configurable upper level analysis engine. The final section to the book teaches readers to enable Ethereal to read new Data sources, program their own protocol dissectors, and to create and customize Ethereal reports.- Ethereal is the #2 most popular open source security tool, according to a recent study conducted by insecure.org- Syngress'' first Ethereal book has consistently been one of the best selling security books for the past 2 years

The Perfect Reference for the Multitasked SysAdminThis is the perfect guide if network security tools is not your specialty. It is the perfect introduction to managing an infrastructure with freely available, and powerful, Open Source tools. Learn how to test and audit your systems using products like Snort and Wireshark and some of the add-ons available for both. In addition, learn handy techniques for network troubleshooting and protecting the perimeter.* Take InventorySee how taking an inventory of the devices on your network must be repeated regularly to ensure that the inventory remains accurate.* Use NmapLearn how Nmap has more features and options than any other free scanner.* Implement FirewallsUse netfilter to perform firewall logic and see how SmoothWall can turn a PC into a dedicated firewall appliance that is completely configurable.* Perform Basic HardeningPut an IT security policy in place so that you have a concrete set of standards against which to measure. * Install and Configure Snort and WiresharkExplore the feature set of these powerful tools, as well as their pitfalls and other security considerations.* Explore Snort Add-OnsUse tools like Oinkmaster to automatically keep Snort signature files current.* Troubleshoot Network ProblemsSee how to reporting on bandwidth usage and other metrics and to use data collection methods like sniffing, NetFlow, and SNMP.* Learn Defensive Monitoring ConsiderationsSee how to define your wireless network boundaries, and monitor to know if they''re being exceeded and watch for unauthorized traffic on your network.- Covers the top 10 most popular open source security tools including Snort, Nessus, Wireshark, Nmap, and Kismet- Follows Syngress'' proven "How to Cheat" pedagogy providing readers with everything they need and nothing they don''t

Nmap, or Network Mapper, is a free, open source tool that is available under the GNU General Public License as published by the Free Software Foundation. It is most often used by network administrators and IT security professionals to scan corporate networks, looking for live hosts, specific services, or specific operating systems. Part of the beauty of Nmap is its ability to create IP packets from scratch and send them out utilizing unique methodologies to perform the above-mentioned types of scans and more. This book provides comprehensive coverage of all Nmap features, including detailed, real-world case studies.- Understand Network Scanning: Master networking and protocol fundamentals, network scanning techniques, common network scanning tools, along with network scanning and policies.- Get Inside Nmap: Use Nmap in the enterprise, secure Nmap, optimize Nmap, and master advanced Nmap scanning techniques.- Install, Configure, and Optimize Nmap: Deploy Nmap on Windows, Linux, Mac OS X, and install from source.- Take Control of Nmap with the Zenmap GUI: Run Zenmap, manage Zenmap scans, build commands with the Zenmap command wizard, manage Zenmap profiles, and manage Zenmap results.- Run Nmap in the Enterprise: Start Nmap scanning, discover hosts, port scan, detecting operating systems, and detect service and application versions- Raise those Fingerprints: Understand the mechanics of Nmap OS fingerprinting, Nmap OS fingerprint scan as an administrative tool, and detect and evade the OS fingerprint scan.- "Tool around with Nmap: Learn about Nmap add-on and helper tools: NDiff--Nmap diff, RNmap--Remote Nmap, Bilbo, Nmap-parser.- Analyze Real-World Nmap Scans: Follow along with the authors to analyze real-world Nmap scans.- Master Advanced Nmap Scanning Techniques: Torque Nmap for TCP scan flags customization, packet fragmentation, IP and MAC address spoofing, adding decoy scan source IP addresses, add random data to sent packets, manipulate time-to-live fields, and send packets with bogus TCP or UDP checksums.

If you are a network administrator, you're under a lot of pressure to ensure that mission-critical systems are completely safe from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is an essential - but often overwhelming - challenge. SNORT, the defacto open source standard of intrusion detection tools, is capable of performing real-time traffic analysis and packet logging on IP network. It can perform protocol analysis, content searching, and matching. SNORT can save countless headaches; the new SNORT Cookbook will save countless hours of sifting through dubious online advice or wordy tutorials in order to leverage the full power of SNORT. Each recipe in the popular and practical problem-solution-discussion O'Reilly cookbook format contains a clear and thorough description of the problem, a concise but complete discussion of a solution, and real-world examples that illustrate that solution.The SNORT Cookbook covers important issues that sys admins and security pros will us everyday, such as: - installation - optimization - logging - alerting - rules and signatures - detecting viruses - countermeasures - detecting common attacks - administration - honeypots - log analysis But the SNORT Cookbook offers far more than quick cut-and-paste solutions to frustrating security issues. Those who learn best in the trenches - and don't have the hours to spare to pore over tutorials or troll online for best-practice snippets of advice - will find that the solutions offered in this ultimate SNORT sourcebook not only solve immediate problems quickly, but also showcase the best tips and tricks they need to master be security gurus - and still have a life.

If you are a network administrator, you''re under a lot of pressure to ensure that mission-critical systems are completely safe from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is an essential--but often overwhelming--challenge. Snort, the defacto open source standard of intrusion detection tools, is capable of performing real-time traffic analysis and packet logging on IP network. It can perform protocol analysis, content searching, and matching. Snort can save countless headaches; the new Snort Cookbook will save countless hours of sifting through dubious online advice or wordy tutorials in order to leverage the full power of SNORT.Each recipe in the popular and practical problem-solution-discussion O''Reilly cookbook format contains a clear and thorough description of the problem, a concise but complete discussion of a solution, and real-world examples that illustrate that solution. The Snort Cookbook covers important issues that sys admins and security pros will us everyday, such as:

installationoptimizationloggingalertingrules and signaturesdetecting virusescountermeasuresdetecting common attacksadministrationhoneypotslog analysisBut the Snort Cookbook offers far more than quick cut-and-paste solutions to frustrating security issues. Those who learn best in the trenches--and don''t have the hours to spare to pore over tutorials or troll online for best-practice snippets of advice--will find that the solutions offered in this ultimate Snort sourcebook not only solve immediate problems quickly, but also showcase the best tips and tricks they need to master be security gurus--and still have a life.

If you are a network administrator, you''re under a lot of pressure to ensure that mission-critical systems are completely safe from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is an essential--but often overwhelming--challenge. Snort, the defacto open source standard of intrusion detection tools, is capable of performing real-time traffic analysis and packet logging on IP network. It can perform protocol analysis, content searching, and matching. Snort can save countless headaches; the new Snort Cookbook will save countless hours of sifting through dubious online advice or wordy tutorials in order to leverage the full power of SNORT.Each recipe in the popular and practical problem-solution-discussion O''Reilly cookbook format contains a clear and thorough description of the problem, a concise but complete discussion of a solution, and real-world examples that illustrate that solution. The Snort Cookbook covers important issues that sys admins and security pros will us everyday, such as:

installationoptimizationloggingalertingrules and signaturesdetecting virusescountermeasuresdetecting common attacksadministrationhoneypotslog analysisBut the Snort Cookbook offers far more than quick cut-and-paste solutions to frustrating security issues. Those who learn best in the trenches--and don''t have the hours to spare to pore over tutorials or troll online for best-practice snippets of advice--will find that the solutions offered in this ultimate Snort sourcebook not only solve immediate problems quickly, but also showcase the best tips and tricks they need to master be security gurus--and still have a life.

The Perfect Reference for the Multitasked SysAdminThis is the perfect guide if network security tools is not your specialty. It is the perfect introduction to managing an infrastructure with freely available, and powerful, Open Source tools. Learn how to test and audit your systems using products like Snort and Wireshark and some of the add-ons available for both. In addition, learn handy techniques for network troubleshooting and protecting the perimeter.* Take InventorySee how taking an inventory of the devices on your network must be repeated regularly to ensure that the inventory remains accurate.* Use NmapLearn how Nmap has more features and options than any other free scanner.* Implement FirewallsUse netfilter to perform firewall logic and see how SmoothWall can turn a PC into a dedicated firewall appliance that is completely configurable.* Perform Basic HardeningPut an IT security policy in place so that you have a concrete set of standards against which to measure. * Install and Configure Snort and WiresharkExplore the feature set of these powerful tools, as well as their pitfalls and other security considerations.* Explore Snort Add-OnsUse tools like Oinkmaster to automatically keep Snort signature files current.* Troubleshoot Network ProblemsSee how to reporting on bandwidth usage and other metrics and to use data collection methods like sniffing, NetFlow, and SNMP.* Learn Defensive Monitoring ConsiderationsSee how to define your wireless network boundaries, and monitor to know if they're being exceeded and watch for unauthorized traffic on your network. Covers the top 10 most popular open source security tools including Snort, Nessus, Wireshark, Nmap, and Kismet Follows Syngress' proven "How to Cheat" pedagogy providing readers with everything they need and nothing they don't

Nmap, or Network Mapper, is a free, open source tool that is available under the GNU General Public License as published by the Free Software Foundation. It is most often used by network administrators and IT security professionals to scan corporate networks, looking for live hosts, specific services, or specific operating systems. Part of the beauty of Nmap is its ability to create IP packets from scratch and send them out utilizing unique methodologies to perform the above-mentioned types of scans and more. This book provides comprehensive coverage of all Nmap features, including detailed, real-world case studies. Understand Network Scanning: Master networking and protocol fundamentals, network scanning techniques, common network scanning tools, along with network scanning and policies. Get Inside Nmap: Use Nmap in the enterprise, secure Nmap, optimize Nmap, and master advanced Nmap scanning techniques. Install, Configure, and Optimize Nmap: Deploy Nmap on Windows, Linux, Mac OS X, and install from source. Take Control of Nmap with the Zenmap GUI: Run Zenmap, manage Zenmap scans, build commands with the Zenmap command wizard, manage Zenmap profiles, and manage Zenmap results. Run Nmap in the Enterprise: Start Nmap scanning, discover hosts, port scan, detecting operating systems, and detect service and application versions Raise those Fingerprints: Understand the mechanics of Nmap OS fingerprinting, Nmap OS fingerprint scan as an administrative tool, and detect and evade the OS fingerprint scan. "Tool� around with Nmap: Learn about Nmap add-on and helper tools: NDiff--Nmap diff, RNmap--Remote Nmap, Bilbo, Nmap-parser. Analyze Real-World Nmap Scans: Follow along with the authors to analyze real-world Nmap scans. Master Advanced Nmap Scanning Techniques: Torque Nmap for TCP scan flags customization, packet fragmentation, IP and MAC address spoofing, adding decoy scan source IP addresses, add random data to sent packets, manipulate time-to-live fields, and send packets with bogus TCP or UDP checksums.