文件名称:How to Cheat at Configuring Open Source Security Tools
文件大小:7.64MB
文件格式:PDF
更新时间:2013-10-23 03:38:41
Open Source Security Tools
Product Description The Perfect Reference for the Multitasked SysAdmin This is the perfect guide if network security tools is not your specialty. It is the perfect introduction to managing an infrastructure with freely available, and powerful, Open Source tools. Learn how to test and audit your systems using products like Snort and Wireshark and some of the add-ons available for both. In addition, learn handy techniques for network troubleshooting and protecting the perimeter. * Take Inventory See how taking an inventory of the devices on your network must be repeated regularly to ensure that the inventory remains accurate. * Use Nmap Learn how Nmap has more features and options than any other free scanner. * Implement Firewalls Use netfilter to perform firewall logic and see how SmoothWall can turn a PC into a dedicated firewall appliance that is completely configurable. * Perform Basic Hardening Put an IT security policy in place so that you have a concrete set of standards against which to measure. * Install and Configure Snort and Wireshark Explore the feature set of these powerful tools, as well as their pitfalls and other security considerations. * Explore Snort Add-Ons Use tools like Oinkmaster to automatically keep Snort signature files current. * Troubleshoot Network Problems See how to reporting on bandwidth usage and other metrics and to use data collection methods like sniffing, NetFlow, and SNMP. * Learn Defensive Monitoring Considerations See how to define your wireless network boundaries, and monitor to know if they're being exceeded and watch for unauthorized traffic on your network. *Covers the top 10 most popular open source security tools including Snort, Nessus, Wireshark, Nmap, and Kismet *Companion Web site contains dozens of working scripts and tools for readers *Follows Syngress' proven "How to Cheat" pedagogy providing readers with everything they need and nothing they don't About the Author Michael Gregg is the President of Superior Solutions, Inc. and has more than 20 years experience in the IT field. He holds two associate's degrees, a bachelor's degree, and a master's degree and is certified as: CISSP, MCSE, MCT, CTT+, A+, N+, Security+, CNA, CCNA, CIW Security Analyst, CCE, CEH, CHFI, CEI, DCNP, ES Dragon IDS, ES Advanced Dragon IDS, and TICSA. Eric Seagren, CISSP, CISA, ISSAP, JPMorganChase has 10 years experience in IT Security and has spent the last 7 years at, one of the largest financial institutions in the world. Eric has contributed to several computer security books including: Hacking Exposed: Cisco Networks (McGraw-Hill, ISBN: 0072259175), Configuring Checkpoint NGX (Syngress, ISBN: 1597490318), and Hardening Network Security (McGraw-Hill, ISBN: 00725557032). Angela Orebaugh (, GCIA, GCFW, GCIH, GSEC, CCNA) is a Senior Scientist in the Advanced Technology Research Center of Sytex, Inc. where she works with a specialized team to advance the state of the art in information systems security. She has over 10 years experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. She has a Masters in Computer Science, and is currently pursuing her Ph.D. with a concentration in Information Security at George Mason University. Matt Jonkman has been involved in Information Technology since the late 1980s. He has a strong background in banking and network security, network engineering, incident response, and Intrusion Detection. Matt is founder of Bleeding Edge Threats (www.bleedingedgethreats.net), formerly Bleeding Snort. Bleeding Edge Threats is an open-source research community for Intrusion Detection Signatures and much more. Matt spent 5 years serving abroad in the Army before attending Indiana State University and the Rose-Hulman Institute. Raffael Marty (GCIA, CISSP) is the manager of ArcSight's Strategic Application Solution Team, where he is responsible for delivering industry solutions that address the security needs of Fortune 500 companies, ranging from regulatory compliance to insider threat. Raffael initiated ArcSight's Content Team, which holds responsibility for all of the product's content, ranging from correlation rules, dashboards and visualizations, to vulnerability mappings and categorization of security events. Before joining ArcSight, Raffael worked as an IT security consultant for PriceWaterhouse Coopers and previously was a member of the Global Security Analysis Lab at IBM Research. There, he participated in various intrusion detection related projects. His main project, Thor, was the first approach to testing intrusion detection systems by means of correlation tables.