InterAKT Online

 Table of Contents
 Search Magazine
 Search Hints and Tips

Ron Ridley Auto Care Mall

 
  Network Intrusion Detection, Third Edition
Words from the back cover:
Despite the best efforts of security professionals, networks are subjected to an increasing number of sophisticated attacks. Network Intrusion Detection, Third Edition will compliment the knowledge you’ve gained in the two previous books and empower you as an analyst.

Network security experts Stephen Northcutt and Judy Novak share their ongoing intrusion experiences to help you prepare to meet your intrusion detection challenges with confidence. You’ll get complete coverage of key concepts such as how packets really work on the network, how to determine if a network trace is a stimulus or response, how to analyze traffic and information contained in IP and higher protocol fields, and how to incorporate intrusion detection into standard business setups.

Contents Overview:

• I. TCP/IP
o 1.IP Concepts
o 2. Introduction to TCPdump and TCP
o 3. Fragmentation
o 4. ICMP
o 5. Stimulus and Response
o 6. DNS
• II. TRAFFIC ANALYSIS
o 7. Packet Dissection Using TCPdump
o 8. Examining IP Header Fields
o 9. Examining Embedded Protocol Header Fields
o 10. Real-World Analysis
o 11. Mystery Traffic
• III. FILTERS/RULES FOR NETWORK MONITORING
o 12. Writing TCPdump Filters
o 13. Introduction to Snort and Snort Rules
o 14. Snort Rules-Part II
• IV. INTRUSION INFRASTRUCTURE
o 15. Mitnick Attack
o 16. Architectural Issues
o 17. Organizational Issues
o 18. Automated and Manual Response
o 19. Business Case for Intrusion Detection
o 20. Future Directions
• V. APPENDIXES
o Appendix A. Exploits and Scans to Apply Exploits
o Appendix B. Denial of Service
o Appendix C. Detection of Intelligence Gathering


The Review:
Network Intrusion Detection, Third Edition is an excellent book on all of the aspects of intrusion detection, from understanding TCP in a real-world context, the details of network-based attacks, to the policy and business concerns of intrusion detection.

The first thing that I found interesting was info about the open-source intrusion detection project Snort. This included an explanation about Snort and how to set it up to distinguish normal and anomalous traffic and writing your own intrusion detection signatures.

The other info I found interesting was that about the issues and threats that an intrusion detection system attempts to protect you from and the techniques used by attackers all the way to analyzing attacks to provide the most secure environment possible.


Conclusion:
If you are new to intrusion detection and want to learn what you need to know to get started, or if you are already an expert but would like to have a handy guide as a reference, I recommend you get this book

Review ID Number: 587
  Product Details
New Riders
Review Date: 2004-02-28
Reviewer: Chad Laity
Rating: 9 out of 10
 
  Product Photo
  Photos / Screenshots
:: Go Back ::