Your IDS Just Detected an Attack: Was it Successful? This book is about one of the most crucial aspects of system and security management: host integrity protection. Fundamentally, host integrity protection is all about understanding the changes that occur on your system--friendly or hostile, deliberate or accidental--and understanding the impact of those changes. In other words, it's change control in a potentially hostile environment. Best of all, this book is written by Brian Wotring, who has designed and deployed host integrity monitoring systems, used them, and relied on their results. It's hard to overstate the value of such experience. Books like the one you're holding are the survival kits for the future of computing. They're full of the important clues that you're going to need if you want to be one of the survivors instead of the statistics.

--From the Foreword by Marcus J. Ranum</p>

Detect Successful Attacks Determine exactly which attacks successfully compromised your host environment.

Download and Run Invaluable Scripts Use real-world scripts and configurations, which have been successfully deployed in enterprise host integrity monitoring solutions.

Perform Damage Assessment Understand the extent to which a host was compromised, and learn exactly how the attacker penetrated your defenses.

Reduce False Positives Learn how to dramatically reduce false positives, which can obfuscate your valuable, legitimate results.

Monitor Your Entire Environment Develop a solution to monitor files, users and groups, the kernel, open network ports, privileged executables, and other runtime elements.

Learn the Importance of Proper Planning Gain insight into successful planning, deployment, and administration of a working host integrity monitoring solution.

Master Defensive Techniques Learn how to mitigate attacks on the host integrity monitoring system itself.

Monitor Log Files and Create Notifications Use Swatch to monitor Osiris and Samhain log files, and create custom notification messages.

Establish Audit Trails Create trusted audit trails of activity that can prove invaluable in forensic investigations.</p>

Your Solutions Membership Gives You Access to: A comprehensive FAQ page that consolidates all of the key points of this book into an easy-to-search Web page </p>

"From the Author" Forum where the authors post timely updates and links to related sites</p>

Custom, working scripts from the book.</p>

Downloadable chapters from these best-selling books:

Snort 2.1 Intrusion Detection, Second Edition

Ethereal Packet Sniffing

Nessus Network Auditing

Microsoft Log Parser Toolkit</p> TOC

Chapter 1 Host Integrity</p>

Chapter 2 Understanding the Terrain</p>

Chapter 3 Understanding Threats</p>

Chapter 4 Planning</p>

Chapter 5 Host Integrity Monitoring with Open Source Tools</p>

Chapter 6 Osiris</p>

Chapter 7 Samhain</p>

Chapter 8 Log Monitoring and Response</p>

Chapter 9 Advanced Strategies</p>

Appendix A Monitoring Linksys Devices</p>

Appendix B Extending Osiris and Samhain with Modules</p>

Appendix C Further Reading</p>