Rating: 
Summary: Network Intrusion Detection, 2E
Review: Serious Intrusion Detection (ID) analysts need this book. It is the best book I have read so far which really addresses the difficulties associated with ID showing a wide range of examples. In my opinion, it could easily be used as a training manual for new and upcoming ID analysts teaching them the art of Intrusion Detection. A great companion!
Rating:
Summary: For Pro's and one's they want to be
Review: Simply the best in the subject. I am pretty long in Network Security and while a I was in a learning stage, was looking for book like this. Today I have it and I still learned from it. A lot. It is in depth on the subject. People who are in Network Security should have it.
Rating:
Summary: Easy to read and VERY practical
Review: Stephen Northcutt and his co-authors have put together an easy to read and very comprehensive work. Extensive use is made of humour, graphics and annecdotes to drive home key concepts. The material begins with simple concepts and delves gradually deeper into the more complex concepts. This allows the reader to build up and get all of the coverage of this critical subject that will allow them to understand how important intrusion detection is within network security.
Rating:
Summary: Required reading for effective use of an IDS
Review: Stephen Northcutt is one of the fathers of intrusion detection, and his book complements Bace's... Northcutt's seminal work with the "Shadow IDS," a network monitoring tool developed by the U.S. Navy, was a forerunner of most contemporary IDSs. With his experience and knowledge conveyed throughout his writings, Northcutt details varied types of intrusions and discusses how an IDS should respond. His book is invaluable to anyone responsible for intrusion detection or anyone who needs to understand attack techniques and the forensic tools needed to detect and document them. ...
Rating: 
Summary: Understanding packets in the wild
Review: Steven Northcutt has put together a truly fascinating and helpful look at Network Security and Intrusion Detection. The book is littered with dozens of packet sequence examples and excellent narative which helps explain an often time difficult topic. I found the initial section on TCP/IP a welcome refresher, however those of you who have already read "TCP/IP Illustrated" will want to skip that portion entirely. After reading this book I really don't think you'll ever look at log files in the same light again.
Rating:
Summary: Excellent breadth and depth of material on IDS
Review: The next incarnation of the excellent network intrusion detection manual from SANS's Stephen Northcutt and Judy Novak is here. The book boasts an impressive amalgam of high-level issues (risk assessment, business case building, architecture design, etc.) with all the fun low-level details, all the way down to IP headers, tcpdump bit masks and writing snort rules. A super detailed chapter on TCP/IP protocol suite is a great read for experts (as a refresher) and beginners (might require some studying time for full comprehension, but it will come). Issues such as fragmentation, packet header formats, OS fingerprinting all get a fair share of coverage. The stimulus-response metaphor, advocated by SANS, is fully represented in the book. Upon seeing the network packet, the analyst might want to identify it as being part of stimulus (such as incoming port scan), response (such as an ICMP echo reply) or third-party effect (back scatter from a DoS attack with your IP addresses used for spoofing). Two full chapters are devoted to writing snort IDS rules. The material is presented in an easy to learn manner, just as the rest of the book. Incident and intrusion response with a severity evaluation based on the SANS formula is described with some useful examples. Determining a severity of an attack is also part of the GCIA practical assignment. On the high-level side, some requirements for IDS sensors and consoles are defined in the book. In addition, many insights on selling IDS and security to management (a.k.a. "management fluffing") are described in the chapter "Business Case for Intrusion Detection." The chapter also contain tips for designing and building the IDS infrastructure, complete with project planning suggestions. The book is the closest to what one might call "a GCIA certification prep guide," if there was a possibility of creating a prep guide for such a rich and in-depth technical cert. Apparently, some of the content (such as using tcpdump for intrusion detection) is identical to that of the GCIA course book (retailing for a several times higher price). However, the book shows a more complete picture than the coursebook, albeit with somewhat less detail. However, many detailed traffic analysis examples for scans, attacks and intelligence
gathering attempts are provided in the Appendices to the book. Of particular interest for me was a chapter on the future direction of intrusion detection. New threats, analyst skill sets and tools and even novel approaches to intrusion data analysis are outlined there. Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major information security company. In his spare time he maintains his security portal info-secure.org
Rating:
Summary: Excellent breadth and depth of material on IDS
Review: The next incarnation of the excellent network intrusion detection manual from SANS's Stephen Northcutt and Judy Novak is here. The book boasts an impressive amalgam of high-level issues (risk assessment, business case building, architecture design, etc.) with all the fun low-level details, all the way down to IP headers, tcpdump bit masks and writing snort rules. A super detailed chapter on TCP/IP protocol suite is a great read for experts (as a refresher) and beginners (might require some studying time for full comprehension, but it will come). Issues such as fragmentation, packet header formats, OS fingerprinting all get a fair share of coverage. The stimulus-response metaphor, advocated by SANS, is fully represented in the book. Upon seeing the network packet, the analyst might want to identify it as being part of stimulus (such as incoming port scan), response (such as an ICMP echo reply) or third-party effect (back scatter from a DoS attack with your IP addresses used for spoofing). Two full chapters are devoted to writing snort IDS rules. The material is presented in an easy to learn manner, just as the rest of the book. Incident and intrusion response with a severity evaluation based on the SANS formula is described with some useful examples. Determining a severity of an attack is also part of the GCIA practical assignment. On the high-level side, some requirements for IDS sensors and consoles are defined in the book. In addition, many insights on selling IDS and security to management (a.k.a. "management fluffing") are described in the chapter "Business Case for Intrusion Detection." The chapter also contain tips for designing and building the IDS infrastructure, complete with project planning suggestions. The book is the closest to what one might call "a GCIA certification prep guide," if there was a possibility of creating a prep guide for such a rich and in-depth technical cert. Apparently, some of the content (such as using tcpdump for intrusion detection) is identical to that of the GCIA course book (retailing for a several times higher price). However, the book shows a more complete picture than the coursebook, albeit with somewhat less detail. However, many detailed traffic analysis examples for scans, attacks and intelligence
gathering attempts are provided in the Appendices to the book. Of particular interest for me was a chapter on the future direction of intrusion detection. New threats, analyst skill sets and tools and even novel approaches to intrusion data analysis are outlined there. Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major information security company. In his spare time he maintains his security portal info-secure.org
Rating:
Summary: Network Intrusion Detection 3rd Edition
Review: This 3rd edition is more now a training manual than ever before. Stephen and Judy have done a great job putting together a book that can be used daily as a reference and a guide.
Rating:
Summary: Great Networks Security Book
Review: This book is great. It contains great technical content, and its exciting. This author provide guidance. You will find yourself excited after reading the book, looking forward to improving your analysis skills. You don't have to be a newbie to enjoy this book. I found myself learning something in every chapter. The authors are visionaries and they have created a security book that will be an asset to security engineers for years to come. There are some things I don't agree with, but the author is fair in his delivery and he provides you with the direction you need.
I would recommend that non-technical managers have a look in certain chapters. IDS decisions should not be left up to the engineers alone. They usually have a limited view of the organizations needs and don't always make the right decisions. GET THIS BOOK!
Rating:
Summary: Buy this book now!
Review: This book is one of the better technical books I've read. It is easy to understand and goes into depth explaining the theory on which intrusion signatures are created. If you know basic TCP/IP but really want to know its inner-workings, get this book. I bought it less than 24 hrs ago and I'm already 100 pgs through it. This book takes a subject that could potentially be very dry and breathes a gust of fresh air into it. Recommended!
| 
