Page 479 - StudyBook.pdf

P. 479

Topologies and IDS • Chapter 7 463

A clearinghouse for ISPs known as ISP-Planet offers all kinds of interesting
information online about MSSPs, plus related ﬁrewall,VPN, intrusion detection,
security monitoring, antivirus, and other security services. For more information,
visit any or all of the following URLs:

■ ISP-Planet Survey: Managed Security Service Providers, participating
provider’s chart,
www.isp-planet.com/technology/mssp/participants_chart.html.

■ Managed ﬁrewall services chart, www.isp-
planet.com/technology/mssp/ﬁrewalls_chart.html.
■ Managed virtual private networking chart,
www.isp-planet.com/technology/mssp/services_chart.html.
■ Managed intrusion detection and security monitoring,
www.isp-planet.com/technology/mssp/monitoring_chart.html.

■ Managed antivirus and managed content ﬁltering and URL blocking,
www.isp-planet.com/technology/mssp/mssp_survey2.html.

■ Managed vulnerability assessment and emergency response and forensics,
www.isp-planet.com/technology/mssp/mssp_survey3.html.

Exercise 7.01 introduces you to WinDump.This tool is similar to the Linux
tool TCPDump. It is a simple packet-capture program that can be used to help
demonstrate how IDS systems work.All IDS systems must ﬁrst capture packets so
that the trafﬁc can be analyzed.

EXERCISE 7.01

INSTALLING WINDUMP FOR
PACKET CAPTURE AND ANALYSIS

1. Go to www.winpcap.org/windump/install/
2. At the top of the page you will see a link for WinPcap. This pro-
gram will need to be installed as it will allow the capture of low
level packets.
3. Next, download and install the WinDump program from the link
indicated on the same Web page.

www.syngress.com

474 475 476 477 478 479 480 481 482 483 484