Product Description
The Chief Information Warfare Officer for the entire United States teaches you how to protect your corporate network. This book is a training aid and reference for intrusion detection analysts. While the authors refer to research and theory, they focus their attention on providing practical information. The authors are literally the most recognized names in this specialized field, with unparalleled experience in defending our country’s government and military comput… More >>
Like this post? Post Comment, Download and Subscribe RSS
{ 5 comments… read them below or add one }
NETWORK INTRUSION DETECTION
An Analyst’s Handbook, 2nd Edition
AUTHOR: Stephen Northcutt and Judy Novak
PUBLISHER: New Riders
REVIEWED BY: Barbara Rhoades
BOOK REVIEW: Network Intrusion Detection (NID) has 22 Chapters of information, six page Content section and a 28 page Index. The font is small enough that anyone reading it should have good eyesight or be willing to us a magnifier.
There are very few graphical examples but a few can be found among the reading material. There is a Chapter Summary at the end of each Chapter. Glossary terms are found defined in the chapters where the acronyms are first mentioned.
Network Intrusion Detection is a book meant someone interested in the server side rather than user side of computers. A firm knowledge of the intricacies of the workings of computers will give the reader the advantage to acquire the information this book provides.
Rating: 3 / 5
This was very good. Lots of good examples and technical information. Well worth the price and time to read it.
Rating: 5 / 5
“Network Intrusion Detection” 3rd Edition, by Northcutt and Novak does an excellent job at teaching the protocols, tools and analysis required to become a network analysis. I have been impressed with other books by Stephen Northcutt and this book also does not disappoint.
The book is broken up into 5 sections. The first section discusses TCP/IP (service ports, using TCPdump, fragmentation, the mechanics of ICMP, etc.). When newbie network admins have asked `Where do I start to have a greater appreciation of TCP/IP?” I have recommended the first 75 pages many times. I feel this is a great `primer’, rather than dedicating the time to read Stevens’ “TCP/IP Illustrated”.
The 2nd section deals with traffic analysis – and this is the real beauty of the book. Packet dissemination and header dissection is thoroughly explored. I particularly liked the discussion of an `Insertion Attack’ on page 144. The 3rd section discusses filters and rules for network monitoring. Some other books deal with the same info, but this is a one-stop-shop book. The forth and fifth sections deal with intrusion infrastructure and various exploits, and DoS.
The authors have contributed to SANS courses (Northcutt is the CEO of SANS). Their experience from years of teaching have helped create an excellent book on TCP/IP analysis. The only downside to the book is that the fluidity is somewhat staggered, and there is some rambling (kind of like what you expect a professor to do when reminiscing). I also think the last two sections can be sliced out, and more pages dedicated to packet analysis. Still, this is one of the best books on the market for TCP/IP analysis (see my reviews for others).
I give this book 4 pings out of 5:
!!!.!
Rating: 4 / 5
Very rarely you find a book with the detail contained in this one, its a must! if you care about security
Rating: 5 / 5
Stephen Northcutt is one of the fathers of intrusion detection, and his book complements Bace’s…
Northcutt’s seminal work with the “Shadow IDS,” a network monitoring tool developed by the U.S. Navy, was a forerunner of most contemporary IDSs.
With his experience and knowledge conveyed throughout his writings, Northcutt details varied types of intrusions and discusses how an IDS should respond. His book is invaluable to anyone responsible for intrusion detection or anyone who needs to understand attack techniques and the forensic tools needed to detect and document them.
…
Rating: 5 / 5