CSH4 Chapter 37 - Vulnerability Assessment and Intrusion Detection Systems

	37.1		Security Behind the Firewall
	37.1.1		What Is Intrusion Detection?
	37.1.2		What Is Vulnerability Assessment?
	37.1.3		Where Do Intrusion Detection and Vulnerability Assessment Fit in Security Management?
	37.1.4		Brief History of Intrusion Detection
	37.2		Main Concepts
	37.2.1		Process Structure
	37.2.1.1		Information sources
	37.2.1.2		Analysis engine
	37.2.1.3		Response
	37.2.2		Monitoring Approach
	37.2.3		Intrusion Detection Architecture
	37.2.4		Monitoring Frequency
	37.2.5		Analysis Strategy
	37.3		Vulnerability Assessment
	37.3.1		Relationship between Vulnerability Assessment and Intrusion Detection
	37.3.2		Assessment Strategies
	37.3.2.1		Credentialed monitoring
	37.3.2.2		Noncredentialed monitors
	37.3.3		Strengths and Weaknesses
	37.3.4		Roles for Vulnerability Assessment in System Security Management
	37.4		Information Sources
	37.4.1		Network Monitoring
	37.4.2		Operating System Monitoring
	37.4.3		Application Monitoring
	37.4.4		Other Types of Monitoring
	37.4.5		Issues in Information Sources
	37.5		Analysis Schemes
	37.5.1		Misuse Detection
	37.5.2		Anomaly Detection
	37.5.3		Hybrid Approaches
	37.5.4		Issues in Analysis
	37.6		Response
	37.6.1		Passive Responses
	37.6.1.1		Alarms
	37.6.1.2		Reports
	37.6.2		Active Responses
	37.6.3		Automated Responses
	37.6.3.1		Stand-alone responses
	37.6.3.2		Integrated responses
	37.6.4		Investigative Support
	37.6.5		Issues in Responses
	37.7		Needs Assessment and Product Selection
	37.7.1		Matching Needs to Features
	37.7.2		Specific Scenarios
	37.7.3		Integrating IDS Products with Your Security Infrastructure
	37.7.4		Deployment of IDS Products
	37.7.4.1		Location of sensors
	37.7.4.2		IDS integration scheduling
	37.7.4.3		Alarm settings
	37.8		Conclusion
	37.9		Notes
	37.10		References

Please report problems to the webmaster at: webmaster@removethis.rlgsc.com