Order from a Major Online Bookstore
Ultimate Book Price Comparison Engine
Save Your Time And Money
| AnyBook4Less.com | Order from a Major Online Bookstore |
|
| Home | Store List | FAQ | Contact Us | | ||
| Ultimate Book Price Comparison Engine Save Your Time And Money |
||
 |
Title: Network Intrusion Detection (3rd Edition) by Stephen Northcutt, Judy Novak ISBN: 0-7357-1265-4 Publisher: Que Pub. Date: 27 August, 2002 Format: Paperback Volumes: 1 List Price(USD): $45.00 |
Average Customer Rating: 4.57 (35 reviews)
Rating: 4
Summary: Best IDS book for hands-on implementors
Comment: Of the 3 available intrusion detection texts, this is by far the best for someone who actually wants to do intrusion detection. It is breezy & chatty--like sitting down with a good friend (unfortunately, one who doesn't organize his thoughts very well and whose editor was apparently in a hurry).
This is a bits & bytes book; it assumes some knowledge of TCP/IP and security concepts, but it accomodates non-specialists. It is useful for readers of varying levels of familiarity with Internet protocols. Northcutt provides an excellent introduction to the specific mechanisms of the most common network attacks, and offers the most cogent description I've seen of the [purported] Mitnick attack on Shimomura.
I especially enjoyed his efforts at providing neophyte intrusion analysts with political advice. His insight that host-based IDS is technically superior to network-based, but politically impractical is a gem of organizational wisdom.
Rating: 5
Summary: Excellent breadth and depth of material on IDS
Comment: The next incarnation of the excellent network intrusion detection manual from SANS's Stephen Northcutt and Judy Novak is here. The book boasts an impressive amalgam of high-level issues (risk assessment, business case building, architecture design, etc.) with all the fun low-level details, all the way down to IP headers, tcpdump bit masks and writing snort rules.
A super detailed chapter on TCP/IP protocol suite is a great read for experts (as a refresher) and beginners (might require some studying time for full comprehension, but it will come). Issues such as fragmentation, packet header formats, OS fingerprinting all get a fair share of coverage.
The stimulus-response metaphor, advocated by SANS, is fully represented in the book. Upon seeing the network packet, the analyst might want to identify it as being part of stimulus (such as incoming port scan), response (such as an ICMP echo reply) or third-party effect (back scatter from a DoS attack with your IP addresses used for spoofing).
Two full chapters are devoted to writing snort IDS rules. The material is presented in an easy to learn manner, just as the rest of the book.
Incident and intrusion response with a severity evaluation based on the SANS formula is described with some useful examples. Determining a severity of an attack is also part of the GCIA practical assignment.
On the high-level side, some requirements for IDS sensors and consoles are defined in the book. In addition, many insights on selling IDS and security to management (a.k.a. "management fluffing") are described in the chapter "Business Case for Intrusion Detection." The chapter also contain tips for designing and building the IDS infrastructure, complete with project planning suggestions.
The book is the closest to what one might call "a GCIA certification prep guide," if there was a possibility of creating a prep guide for such a rich and in-depth technical cert. Apparently, some of the content (such as using tcpdump for intrusion detection) is identical to that of the GCIA course book (retailing for a several times higher price). However, the book shows a more complete picture than the coursebook, albeit with somewhat less detail. However, many detailed traffic analysis examples for scans, attacks and intelligence
gathering attempts are provided in the Appendices to the book.
Of particular interest for me was a chapter on the future direction of intrusion detection. New threats, analyst skill sets and tools and even novel approaches to intrusion data analysis are outlined there.
Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major information security company. In his spare time he maintains his security portal info-secure.org
Rating: 5
Summary: Network Intrusion Detection 3rd Edition
Comment: This 3rd edition is more now a training manual than ever before. Stephen and Judy have done a great job putting together a book that can be used daily as a reference and a guide.
Thank you for visiting www.AnyBook4Less.com and enjoy your savings!
Copyright� 2001-2021 Send your comments
