Rating: 
Summary: Good material poorly exposed
Review: A bad book is like a bad friend, can take you places you do not want to go and make you do things you do not want to do. Any author should have two assets good knowledge of the material to cover and good to excellent writing skills. The authors have a good knowledge of the subject at hand and give good references. Unfortunately their technical writing skills are very poor. The beauty of technical writing has been destroyed. Using their terminology, a freshman could have done a better job. By definitions handbooks are very concise and clear. This one tells stories about unrelated matter in order to explain simple facts. Please save the trees .
Rating: 
Summary: Good reading both for NID geeks and IT security consultants
Review: A fine book, that can only scratch the surface of intrusion detection. While it admittedly selects older exploits as case studies, they are well chosen (paradigmatic even!), and should encourage security specialists to start developing a real familiarity with attack fingerprints and NID signatures. Its biggest strength is to provoke ways of thinking about network traffic analysis and common pitfalls. Don't forget that the scope of this book is not intended to cover the wider IT security gamut - it really is focused on the NID mindset.Caveat: As someone used to imposing security policy and maintaining the corporate IT security culture, I am somewhat new to the NID/forensics game. But this book has encouraged me to learn more about the precise workings of TCP/IP protocols more than any other impetus to date. In a year's time I might look for more comprehensive references and clinical howto's, but for now Northcutt has provided a great insight into analysis techniques, attack mindsets and bit-level quirks. Some other reviews have lamented Northcutt's writing style. Yes, he repeats some concepts and scatters his thoughts, but I personally felt they were worth repeating and scattering. The book is probably more suited to those who can follow accounts that include gut feelings and intellectual diversion, than someone who prefers to follow a scripted, blow-by-blow transcript. Both have their legitimate place.
Rating: 
Summary: The ultimate security analyst handbook!!
Review: After sifting thru virtually tons of security text and documentation, one name seems to pop-up all the time: Stephen Northcutt. So, I purchased this book (based upon his experience and work with Shadow) and needless to say, I was very impressed. Not only did I immediately put his methodologies to work on our current environment, but it provided me with a vast amount of detailed information to catapult me into even deeper security topics, as well as help me get going with my preparation with the CISSP exam... A killer handbook no security analyst (or network/systems administrator, for that matter) should do without!! Awesome job!
Rating:
Summary: Theoretical and Practical Intrusion Detection
Review: An excellent book in order to understand technical issues in TCP/IP, hacking attacks and reviewing protection ideas in real context. This book will used in Forensic Course at University de Los Andes, Bogotá. Colombia. Jeimy J. Cano, M.Sc., Ph.D(c), Part Time Professor, Universidad de los Andes.
Rating: 
Summary: Helps understand what's happening under the hood.
Review: Apart from the biased outlook on the IDS products of the world (the writer definitely prefers SNORT over anything else presently available). The book gives the essentials that a beginner to intermediate WAN engineer would need to get a very good idea of what is an IDS system, how it works, the pitfall to avoid and how to implement it.
The first part of the book is sort of a short recap on TCP/IP (and should have been taken off from this book though - if you are familiar with TCP/IP you'll just skip it and if not...I suggest you buy a more focused book on the TCP/IP suite before buying this book !)
The rest of the book is technical enough to get you informed and curious(you'll probably need other good TCP/IP reference books to statisfy your technical curiosity), and covers the non-technical aspect of an IDS enough to point you in the good direction if you are planning to implement an IDS.
This is not a "How To" manual on IDS though, if you are looking for something on "how to operate your Realsecure IDS" for example, well this is the wrong book, go get some training at ISS. But if you are looking to understand what's going on inside your IDS and to dig a little deeper than just printing off a report when the alerts start going off, this book should be part of your library. I put a 4 star because even if the book has not been written by an expert writer and has some bias toward specific techniques and products, the information covered is very good and accurate. A good book and one needed if you what to know an IDS a little bit more.
Rating:
Summary: Helps understand what's happening under the hood.
Review: Apart from the biased outlook on the IDS products of the world (the writer definitely prefers SNORT over anything else presently available). The book gives the essentials that a beginner to intermediate WAN engineer would need to get a very good idea of what is an IDS system, how it works, the pitfall to avoid and how to implement it.
The first part of the book is sort of a short recap on TCP/IP (and should have been taken off from this book though - if you are familiar with TCP/IP you'll just skip it and if not...I suggest you buy a more focused book on the TCP/IP suite before buying this book !)
The rest of the book is technical enough to get you informed and curious(you'll probably need other good TCP/IP reference books to statisfy your technical curiosity), and covers the non-technical aspect of an IDS enough to point you in the good direction if you are planning to implement an IDS.
This is not a "How To" manual on IDS though, if you are looking for something on "how to operate your Realsecure IDS" for example, well this is the wrong book, go get some training at ISS. But if you are looking to understand what's going on inside your IDS and to dig a little deeper than just printing off a report when the alerts start going off, this book should be part of your library. I put a 4 star because even if the book has not been written by an expert writer and has some bias toward specific techniques and products, the information covered is very good and accurate. A good book and one needed if you what to know an IDS a little bit more.
Rating:
Summary: A great guide, but minor errors & arrangement may confuse
Review: Disclaimer: my support appears in the 2nd ed.'s inside cover and onp. 210. This book should be in every intrusion detector's library!New co-authors Judy Novak and Donald McLachlan add to StephenNorthcutt's original wisdom, with insight on filters and advancedanalysis of ICMP. The RPC chapter is characteristically informative,while the inclusion of useful yet aging "front-line" storieskeeps the reading lively.Still, I expected more. As a new analystwho read the 1st ed. in mid-1999, I published a rebuttal of Stephen'stheories. Now, slightly more experienced, I recognize other areasneed similar scrutiny. For example, chapters 7 and 13 imply"login ports associated with trusted relationships" makegood SYN flood targets, when really forged connections to those portsare the problem. This is and other subtle technical points needclarification. A 2nd example: ch. 7 says "The signature of TCPhijacking is that the IP addresses change during a TCP session, whilethe sequence numbers remain correct." This doesn't match myexperience with session hijacking.The book's arrangement could beimproved; I prefer the clear taxonomy of Hacking Exposed. Basicsshould also be separated from advanced material to satisfy newbies andgurus. I encourage New Riders to publish an errata page on the Web(with room for reader input), as minor errors could be quickly erasedby a second printing. This book is still the best available, but Ihope for more from the 3rd ed. and other ambitious authors!
Rating: 
Summary: Indispensable for the security analyst and administrator
Review: Get answers and solutions from someone who has been in the trenches with Network Intrusion Detection: An Analyst's Handbook. Author Stephen Northcutt, original developer of the Shadow intrusion detection system and former Director of the United States Navy's Information System Security Office at the Naval Security Warfare Center, lends his expertise to intrusion detection specialists, security analysts, and consultants responsible for setting up and maintaining an effective defense against network security attacks.
Rating:
Summary: Northcutt hits the ball out of the park!
Review: I am the chief of a 15 person intrusion detection team, with responsibility for centralized, around-the-clock monitoring of a global network. I believe I have enough experience to claim Steven's book is first rate and sorely needed. His reconstruction of a Christmas Eve system compromise and his analysis of Kevin Mitnick's TCP hijack of Tsutomu Shimomura's host are excellent case studies. His coverage of reset scans and other non-standard reconnaissance techniques prompted me to scour my traffic for the same events and write a paper on my findings. I do not agree with some of his conclusions on SYN ACK and reset scans, but his work made me investigate those topics. While I would have preferred slightly more explanation and examples of network traces (who wouldn't?), I hope this book begins a trend of sharing (sanitized) packet-level incident details within the IDS community. I recommended Steven's book to every analyst on my flight and every person in my unit, and I plan to build in-house training around it. I guarantee every person with a technical leaning and a position on the front line of intrusion detection will appreciate Steven's book. See you at SANS Network Security 99
Rating:
Summary: the best NIDS book, but get a richard steven's tcp too
Review: I bought this book together with intrusion signatures and analysis (also from Northcut, too).
I really recommend this book, although with some luck perhaps you will find other information freely on the network, this nid handbook is really a good choise.
| 
