Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE Manual page 4

7.6. Viruses and Spoofed IP Addresses ...................................................................... 70
7.7. IP6Tables.............................................................................................................. 70
7.8. Additional Resources ........................................................................................... 71
III. Assessing Your Security ............................................................................................................. 73
8. Vulnerability Assessment.................................................................................................... 75
8.1. Thinking Like the Enemy .................................................................................... 75
8.2. Defining Assessment and Testing ........................................................................ 75
8.3. Evaluating the Tools............................................................................................. 77
IV. Intrusions and Incident Response............................................................................................. 81
9. Intrusion Detection.............................................................................................................. 83
9.1. Defining Intrusion Detection Systems ................................................................. 83
9.2. Host-based IDS .................................................................................................... 83
9.3. Network-based IDS.............................................................................................. 86
10. Incident Response ............................................................................................................. 89
10.1. Defining Incident Response ............................................................................... 89
10.2. Creating an Incident Response Plan .................................................................. 89
10.3. Implementing the Incident Response Plan......................................................... 90
10.4. Investigating the Incident................................................................................... 91
10.5. Restoring and Recovering Resources ................................................................ 93
10.6. Reporting the Incident........................................................................................ 94
V. Appendixes.................................................................................................................................... 95
A. Hardware and Network Protection..................................................................................... 97
A.1. Secure Network Topologies ................................................................................ 97
A.2. Hardware Security............................................................................................. 100
B. Common Exploits and Attacks......................................................................................... 101
C. Common Ports.................................................................................................................. 105
Index................................................................................................................................................. 117
Colophon.......................................................................................................................................... 123