Network Intrusion Detection (3rd Edition)

It starts out by giving you the complete picture. Talking not only about technology but also about politics and money. It expands on the pieces of the puzzle in a clear and concise way. Both the technical and the organisational issues are presented in a way you can use now. The practical advise and examples help you on your way to put this knowledge into practice. Theory is fine but aplying what you learned is better. That is precisely what this book will help you do.

This book is the best introduction I have seen yet. And I have been arround for some time. :)

Rating:
Summary: The best intrusion book yet
Review: I have the first edition of this book. And its till now the best intrusion book I've read yet. It covers dumps in great detail, yet is simple to read for a newbie in security. I've seen other intrusion books around, but so far this one is way beyond any other in this section.

Rating:
Summary: Fair book on IDS: good content, poor writing & delivery
Review: I purchased this book for our office. My firm specializes in installing, tuning, and managing intrusion detection systems. This book had come highly recommended from some sources. As a network security consultant and a writer, I was not very impressed with this book.

First, the information is a bit dated. It also focuses a great deal of its content on teaching readers how to use TCPDump, which is merely a kind of protocol analyzer (sniffer)

The other problem with this book is the abysmal writing. The information is very poorly structured. Topics jump around from concept to concept, often looping back and readdressing issues and expanding upon unmentioned ones. This also leads to sections that are far longer than they need to be. For example, the first section on basic networking spends an awful lot of time explaining very simple concepts.

Furthermore, I became rather annoyed with the writer's constant editorializing about various facts or concepts. In my opinion, a book of this nature should be consumed with presenting an unbiased and scientific approach to security issues. However, the material is full of blatant biases and thinly veiled presentation of opinions as fact. I particularly enjoyed the preface which makes it clear that the authors consider the GIAC databases to be the only "true" signature databases. Quantity of signatures does not mean quality...just because GIAC has a zillion signatures does not mean they are all useful.

The authors also have a clear bias toward Snort, which is an excellent IDS, but not a tool for the average consumer. Snort is very difficult to use and will quickly deplete the resources of most IT departments. In this way, the authors show their lack of experience working and supporting real networks where budgets are tight, training is sparse, and responsibilities are numerous.

Nevertheless, there is some valuable information in the book. Once you penetrate the annoying preface, the condescending first chapter, and the TCPdump marketing brochure 2nd chapter, the material improves considerably. The next few chapters are far better with detailed information about architectural issues, protocols, and how hacks are done.

I gave this book 3 stars because the bulk of the content is quality material, just delivered poorly. I wish the authors would hire a competent ghost writer or editor to clean up the material, remove the editorializing, and focus on delivering content more effectively.

Rating:
Summary: Thorough discussion of Intrusion Detection
Review: I read the book from cover to cover and found the book very useful and interesting. The author uses a lot of tongue-in-cheek humor and makes the subject very interesting with interesting examples and anecdotes. He also includes a lot of actual log files in his examples which really makes the book practical and easy to understand.

The book also talks about intelligence gathering techniques employed by hackers, the hacker community, and selling management on the idea of intrusion detection. As a network security professional I find myself grappling with the issue of convincing management to fund network security and will use the ideas of this author who clearly has a lot of experience in getting funding from management.

I was able to immediately apply some of the ideas and principles in the book to my benefit.

Rating:
Summary: Amazingly good book
Review: I was stunned- stunned I tell you! by the quality of this book. As a network engineer seeking to learn more about security this book is very useful. I am learning interesting things every few pages. Best of all, the writing style is consistently lucid while the level of technical detail leaves me satisfied. In fact, I wrote my name all over my copy of this book to insure no one ever tries to take it! I can't have anything nice around here. I know they covet my things. It's mine!

Rating:
Summary: Amazingly good book
Review: I was stunned- stunned I tell you! by the quality of this book. As a network engineer seeking to learn more about security this book is very useful. I am learning interesting things every few pages. Best of all, the writing style is consistently lucid while the level of technical detail leaves me satisfied. In fact, I wrote my name all over my copy of this book to insure no one ever tries to take it! I can't have anything nice around here. I know they covet my things. It's mine!

Rating:
Summary: Readable, intelligent, down-to-earth.
Review: Network Intrusion Detection is rare among technical books - it's comprehensive, accurate, interesting, and intelligent; it's got none of the "filler" chapters which seem to be prevalent in the genre. It's well worth the relatively small investment of time and money required to read and understand it.

The author has "been there, done that" which gives him a perspective unavailable to professional technical authors who write about Java one month, CORBA the next, will be assigned a firewall book next.

This book will be useful to people responsible for intrusion detection, people who manage them, and to people who need to understand attack techniques and the forensic tools needed to detect and document them. Highly recommended; it's in the same class as Cheswick & Bellovin's classic _Firewalls and Internet Security_.

Rating:
Summary: Conputer Guru's Book
Review: NETWORK INTRUSION DETECTION
An Analyst's Handbook, 2nd Edition
AUTHOR: Stephen Northcutt and Judy Novak
PUBLISHER: New Riders
REVIEWED BY: Barbara Rhoades

BOOK REVIEW: Network Intrusion Detection (NID) has 22 Chapters of information, six page Content section and a 28 page Index. The font is small enough that anyone reading it should have good eyesight or be willing to us a magnifier.

There are very few graphical examples but a few can be found among the reading material. There is a Chapter Summary at the end of each Chapter. Glossary terms are found defined in the chapters where the acronyms are first mentioned.

Network Intrusion Detection is a book meant someone interested in the server side rather than user side of computers. A firm knowledge of the intricacies of the workings of computers will give the reader the advantage to acquire the information this book provides.

Rating:
Summary: Best IDS book for hands-on implementors
Review: Of the 3 available intrusion detection texts, this is by far the best for someone who actually wants to do intrusion detection. It is breezy & chatty--like sitting down with a good friend (unfortunately, one who doesn't organize his thoughts very well and whose editor was apparently in a hurry).

This is a bits & bytes book; it assumes some knowledge of TCP/IP and security concepts, but it accomodates non-specialists. It is useful for readers of varying levels of familiarity with Internet protocols. Northcutt provides an excellent introduction to the specific mechanisms of the most common network attacks, and offers the most cogent description I've seen of the [purported] Mitnick attack on Shimomura.

I especially enjoyed his efforts at providing neophyte intrusion analysts with political advice. His insight that host-based IDS is technically superior to network-based, but politically impractical is a gem of organizational wisdom.

Rating:
Summary: Best IDS book for hands-on implementors
Review: Of the 3 available intrusion detection texts, this is by far the best for someone who actually wants to do intrusion detection. It is breezy & chatty--like sitting down with a good friend (unfortunately, one who doesn't organize his thoughts very well and whose editor was apparently in a hurry).

This is a bits & bytes book; it assumes some knowledge of TCP/IP and security concepts, but it accomodates non-specialists. It is useful for readers of varying levels of familiarity with Internet protocols. Northcutt provides an excellent introduction to the specific mechanisms of the most common network attacks, and offers the most cogent description I've seen of the [purported] Mitnick attack on Shimomura.

I especially enjoyed his efforts at providing neophyte intrusion analysts with political advice. His insight that host-based IDS is technically superior to network-based, but politically impractical is a gem of organizational wisdom.