A collection of after-action reports on a variety of network attacks, Network Intrusion Detection
enables you to learn from others' mistakes as you endeavour to protect your networks from intrusion. Authors Stephen Northcutt and Judy Novak document real attacks on systems, highlighting characteristics you--you being a network communications analyst or security specialist--can look for on your own machines. The authors mince no words, advising you which detection tools to use (they like and use Snort, as well as Shadow, Tripwire, TCP Wrappers and others) and how to use them. This second edition of the book includes less about Year 2000 preparation and more about the latest in attacks, countermeasures, and the growing community of white-hat hackers who share information to keep systems safe.
In teaching their readers about the attacks that exploit a particular protocol or service, the authors typically present a TCPdump listing that shows an attack, then comment upon it. They tell you what the attackers did, how successful they were, and how the attack might have been detected and shut down. To cite one example, there's a very detailed analysis of Kevin Mitnick's famous attack (a SYN flood combined with TCP hijacking) on one of Tsutomu Shimomura's machines. By following the advice in this book, you will likely do very well in protecting your machines against people the authors call "script kiddies"--small-time hackers who follow published recipes (or run pre-written routines). You will also be about as prepared as you can be against more skilled attackers who make up their attacks on their own. This is great reading for anyone involved in developing filters to ward off attacks or monitoring network communications for suspicious activity. It's also a valuable resource for someone evaluating network countermeasures in preparation for deployment. --David Wall
From the Publisher
The most recogized names in the specialized field.
Intrusion detection is one of the hottest growing areas of network security. As the number of corporate, government, and educational networks grow and as they become more and more interconnected through the Internet, there is a correlating increase in the types and numbers of attacks to penetrate those networks. Network Intrusion Detection: An Analyst's Handbook, Second Edition is a training aid and reference for intrusion detection analysts. This book is meant to be practical. The authors are literally the most recognized names in this specialized field, with unparalleled experience in defending our country's government and military computer networks. People travel from all over the world to hear them speak, and this book will be a distillation of that experience. The book's approach is to introduce and ground topics through actual traffic patterns. The authors have been through the trenches and give you access to unusual and unique data.