Certifications, MSCE, CCIP, A+
Software Books Certification GuideAdvertising Contact Us

Download Certification Software


Microsoft
MCSE MCSA MCAD MCSD MCDBA
Cisco Systems
CCNP CCIE CCDP CCSP CCDA CCNA
CompTia
A+ IT Project+ Security+ CDIA+ Network+ Linux+ Server+ CTT+ I-Net+
Java
J2SE J2EE
Novell
CNA CNE CDE
RedHat Linux
RHCE RHCT
Network Simulation
Router Simulators General Simulators
System Utilities
Monitoring Diganostics Network Tools Security

Featured Certification Software


AdventNet Simulation Toolkit 5
Simulates a network with SNMP, TL1, TFTP, FTP, Telnet and IOS devices on a single PC. Ability to simulate 50000+ devices simultaneously for scalability testing, trap simulation for fault management testing, configuration of device values and simulation types for performance testing, behavior simulation for testing realistic/negative test scenarios across network devices, start/stop of network at runtime, automated network simulation, visualization of network topology and easy-to-use GUI enables full-fledged simulation of large networks.

Cisco IOS Simulator : Simulates Cisco routers and switches supporting IOS Software. The IOS simulator offers a realistic simulation for any management application that can be managed using IOS. It provides complete support for SNMPv1, v2c, v3 and TFTP. The IOS Software can be accessed using CLI.

TL1 Agent Simulator : Simulates a single TL1 manageable device. Supports configuration of multiple AID, MPB and responses, simulation of device behavior and expression of inter-relationships between TL1 commands for testing realistic scenarios, autonomous message generation for fault management testing and configuration of error and delayed responses for testing negative scenarios.


Featured Book: Intrusion Prevent and Active Response


Intrusion Prevention and Active Response (IPAR) is a welcome departure from many books covering intrusion prevention and detection. The authors clearly distinguish between intrusion detection systems (IDS) and intrusion prevention systems (IPS), a distinction often conflated in media, training manuals and other educational material. The level of presentation is well suited for someone familiar with security principles, techniques and methods. If you are new to Linux, then you will probably need supporting materials to get through the more complex chapters. IPAR covers several key areas of IPS. Though many chapters focus on network and data link layers, the section on protecting your system through host-based IPS can be used on a wide number of systems. Too many IPS/IDS books focus only on perimeter security and fail to address what can be done at the host level. With the increase use of WAN, VPN and other applications, the perimeter is dissipating, making host security increasingly important.

The section on host IPS touches on a number of items with a rather detailed treatment of buffer overflows. Although I find reading source code in a book painfully boring, this detailed treatment of buffer overflows is welcomed. If you go through this section carefully, you will have a very good understanding of why buffer overflows are often exploited and more importantly how they can be defeated with tools like PaX and StackGuard. There is a brief treatment of hardened OS's and SELinux. Personally, I think the SELinux treatment was a bit light, especially as SELinux is now standard for Fedora Core 3 and Red Hat Enterprise Linux 4. Few books touch on SELinux, so a more expanded treatment of it here would have been welcomed. Nonetheless, the section on host based IPS is recommended to any server owner, especially those that lease or co-locate equipment that is in a network environment which they cannot control.

Chapter 7 focuses on application layer IPS controls. The best part of this chapter is a good review of common web application attacks such as cross-site scripting, form field manipulation, and SQL injection. These types of attacks are frequent entry points for hackers. The chapter also includes information on tools like ModSecurity, IIS Lockdown and others that can be used to protect your applications.

The remaining chapters provide background IPS information and details on how to protect the network layer. If you are a network manager, these chapters are a good starting point to IPS theory and practice. The last chapter provides brief accounts about deploying various open source tools, such as fwsnort, SnortSAM, LIDS, PSAD, and PortSentry. The inclusion of these tools is great but I think most will find that the treatment is too brief to provide a full-scale implementation. The authors point you in the right direction and get you started but you will need to rely on another resource if you plan to deploy many of these solutions.

Intrusion Prevention and Active Response is very good for anyone looking to secure their hosts and/or network. Some sections can become a bit tedious at times as they include packet captures, traces, and other highly detailed and technical information. I am not sure that showing a page full of a packet capture is too beneficial. I would rather see this replaced with CD-ROM that can simulate such events. Aside from this caveat, the treatment and background information on IPS is very strong.

I recommend this book to anyone considering deploying IPS systems or simply want to learn more about the differences between intrusion detection and intrusion prevention. As one of the few books focusing strictly on IPS, I think any security manager or system administrator can find some useful tidbits inside.

Intrusion Prevention and Active Response: Deploying Network and Host IPS, by Michael Rash, Angela Orebaugh, Graham Clark, Becky Pinkard, and Jake Babbin. Syngress. 424 pages, $49.95 US, $69.95 CA, £27.99 UK.



All material is copyright rackAID. Please do not reproduce this content without written consent. If you wish to include this content on your web site. Please link to this page with appropriate credits do not copy the contents. Use at your own risk. Although rackAID makes every effort to provide accurate information, we are not liable for any losses resulting from use of any tips, instructions or other information contained in rackTIPS.

Certification Depot. The headquarters for cisco, microsoft, networking, and linux certifications. CCNP, A+, MCSE, RHCE and others.