Table of Contents

Preface     xv

Chapter 1: Network Overview     1

Chapter 2: Infrastructure Monitoring     31

Chapter 3: Intrusion Detection Systems     53

Chapter 4: Lifecycle of a Vulnerability     87

Chapter 5: Proactive Intrusion Prevention and Response via Attack Graphs     119

Chapter 6: Network Flows and Anomaly Detection     151

Chapter 7: Web Application Firewalls     185

Chapter 8: Wireless IDS/IPS     209

Chapter 9: Physical Intrusion Detection for IT     235

Chapter 10: Geospatial Intrusion Detection     275

Chapter 11: Visual Data Communications     347

Chapter 12: Return on Investment: Business Justification     391

Appendix: Bro Installation Guide     435

Index     441

About the Author

Ryan Trost is the Director of Security and Data Privacy Officer at Comprehensive Health Services where he oversees all the organization’s security and privacy decisions. He teaches several Information Technology courses, including Ethical Hacking, Intrusion Detection, and Data Visualization at Northern Virginia Community College. This enables him to continue exploring his technical interests among the endless managerial meetings. In his spare time, Ryan works to cross-pollinate network security, GIS, and data visualization. He is considered a leading expert in geospatial intrusion detection techniques and has spoken at several conferences on the topic, most notably DEFCON 16. Ryan participated as a RedTeamer in the first annual Collegiate Cyber Defense Competition (CCDC) and now fields a team of students in the annual event. Ryan has been a senior security consultant for several government agencies before transitioning over to the private sector. In 2005, Ryan received his masters of science degree in computer science from George Washington University where he developed his first geospatial intrusion detection tool.