Buy Used
£0.01
+ £2.80 UK delivery
Used: Very Good | Details
Condition: Used: Very Good
Comment: This book is in very good condition and will be shipped within 24 hours of ordering. The cover may have some limited signs of wear but the pages are clean, intact and the spine remains undamaged. This book has clearly been well maintained and looked after thus far. Money back guarantee if you are not satisfied. See more of our deals.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Network Intrusion Detection: An Analyst's Handbook (Landmark) Paperback – 19 Sep 2000


See all 3 formats and editions Hide other formats and editions
Amazon Price New from Used from
Paperback, 19 Sep 2000
£11.49 £0.01

There is a newer edition of this item:



Product details

  • Paperback: 480 pages
  • Publisher: QUE; 2 edition (19 Sept. 2000)
  • Language: English
  • ISBN-10: 0735710082
  • ISBN-13: 978-0735710085
  • Product Dimensions: 22.8 x 17.8 x 2.6 cm
  • Average Customer Review: 4.0 out of 5 stars  See all reviews (4 customer reviews)
  • Amazon Bestsellers Rank: 1,852,190 in Books (See Top 100 in Books)
  • See Complete Table of Contents

More About the Author

Discover books, learn about writers, and more.

Product Description

Amazon Review

A collection of after-action reports on a variety of network attacks, Network Intrusion Detection enables you to learn from others' mistakes as you endeavour to protect your networks from intrusion. Authors Stephen Northcutt and Judy Novak document real attacks on systems, highlighting characteristics you--you being a network communications analyst or security specialist--can look for on your own machines. The authors mince no words, advising you which detection tools to use (they like and use Snort, as well as Shadow, Tripwire, TCP Wrappers and others) and how to use them. This second edition of the book includes less about Year 2000 preparation and more about the latest in attacks, countermeasures, and the growing community of white-hat hackers who share information to keep systems safe.

In teaching their readers about the attacks that exploit a particular protocol or service, the authors typically present a TCPdump listing that shows an attack, then comment upon it. They tell you what the attackers did, how successful they were, and how the attack might have been detected and shut down. To cite one example, there's a very detailed analysis of Kevin Mitnick's famous attack (a SYN flood combined with TCP hijacking) on one of Tsutomu Shimomura's machines. By following the advice in this book, you will likely do very well in protecting your machines against people the authors call "script kiddies"--small-time hackers who follow published recipes (or run pre-written routines). You will also be about as prepared as you can be against more skilled attackers who make up their attacks on their own. This is great reading for anyone involved in developing filters to ward off attacks or monitoring network communications for suspicious activity. It's also a valuable resource for someone evaluating network countermeasures in preparation for deployment. --David Wall

From the Publisher

The most recogized names in the specialized field.
Intrusion detection is one of the hottest growing areas of network security. As the number of corporate, government, and educational networks grow and as they become more and more interconnected through the Internet, there is a correlating increase in the types and numbers of attacks to penetrate those networks. Network Intrusion Detection: An Analyst's Handbook, Second Edition is a training aid and reference for intrusion detection analysts. This book is meant to be practical. The authors are literally the most recognized names in this specialized field, with unparalleled experience in defending our country's government and military computer networks. People travel from all over the world to hear them speak, and this book will be a distillation of that experience. The book's approach is to introduce and ground topics through actual traffic patterns. The authors have been through the trenches and give you access to unusual and unique data.

Customer Reviews

4.0 out of 5 stars
Share your thoughts with other customers

Most Helpful Customer Reviews

5 of 5 people found the following review helpful By A Customer on 26 Aug. 1999
Format: Paperback
I am the chief of a 15 person intrusion detection team, with responsibility for centralized, around-the-clock monitoring of a global network. I believe I have enough experience to claim Steven's book is first rate and sorely needed. His reconstruction of a Christmas Eve system compromise and his analysis of Kevin Mitnick's TCP hijack of Tsutomu Shimomura's host are excellent case studies. His coverage of reset scans and other non-standard reconnaissance techniques prompted me to scour my traffic for the same events and write a paper on my findings. I do not agree with some of his conclusions on SYN ACK and reset scans, but his work made me investigate those topics. While I would have preferred slightly more explanation and examples of network traces (who wouldn't?), I hope this book begins a trend of sharing (sanitized) packet-level incident details within the IDS community. I recommended Steven's book to every analyst on my flight and every person in my unit, and I plan to build in-house training around it. I guarantee every person with a technical leaning and a position on the front line of intrusion detection will appreciate Steven's book. See you at SANS Network Security 99!
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By Remi Lillelien on 25 April 2001
Format: Paperback Verified Purchase
While this is a book on intrusion detection, I bought it for another reason. A friend refered me to this book when I asked him about "sniffing". The book is a great introduction to network sniffing! I give it "only" four stars because it falls short of its primary goal IDS.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
Format: Paperback
Whilst there are a multitude of books detailing the various computer vulnerabilities, very few give such a thorough description of how they work, more importantly in the IDS field their signatures. To get the most from this book a reasonable understanding of TCP/IP is required. Essential reading for anyone evaluating or tuning an IDS. Having just moved into the IDS field from security auditing this book has allowed me to hit the ground running.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
0 of 2 people found the following review helpful By G.Gil on 9 Jan. 2001
Format: Paperback
The book provide a good list and overview of most IDS tools out in the market. Unfortunatly if you are looking to go into greater detail about types of intrusion... it comes quite short in content. I found if you are looking to read this kind of subject is because you want to go in deep into the information and not very quick overview as per book.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: 0 reviews
60 of 61 people found the following review helpful
Best IDS book for hands-on implementors 30 Jan. 2000
By J. G. Heiser - Published on Amazon.com
Format: Paperback Verified Purchase
Of the 3 available intrusion detection texts, this is by far the best for someone who actually wants to do intrusion detection. It is breezy & chatty--like sitting down with a good friend (unfortunately, one who doesn't organize his thoughts very well and whose editor was apparently in a hurry).
This is a bits & bytes book; it assumes some knowledge of TCP/IP and security concepts, but it accomodates non-specialists. It is useful for readers of varying levels of familiarity with Internet protocols. Northcutt provides an excellent introduction to the specific mechanisms of the most common network attacks, and offers the most cogent description I've seen of the [purported] Mitnick attack on Shimomura.
I especially enjoyed his efforts at providing neophyte intrusion analysts with political advice. His insight that host-based IDS is technically superior to network-based, but politically impractical is a gem of organizational wisdom.
48 of 48 people found the following review helpful
Readable, intelligent, down-to-earth. 2 Oct. 1999
By Greg Broiles - Published on Amazon.com
Format: Paperback Verified Purchase
Network Intrusion Detection is rare among technical books - it's comprehensive, accurate, interesting, and intelligent; it's got none of the "filler" chapters which seem to be prevalent in the genre. It's well worth the relatively small investment of time and money required to read and understand it.
The author has "been there, done that" which gives him a perspective unavailable to professional technical authors who write about Java one month, CORBA the next, will be assigned a firewall book next.
This book will be useful to people responsible for intrusion detection, people who manage them, and to people who need to understand attack techniques and the forensic tools needed to detect and document them. Highly recommended; it's in the same class as Cheswick & Bellovin's classic _Firewalls and Internet Security_.
37 of 37 people found the following review helpful
Northcutt hits the ball out of the park! 26 Aug. 1999
By Richard Bejtlich - Published on Amazon.com
Format: Paperback
I am the chief of a 15 person intrusion detection team, with responsibility for centralized, around-the-clock monitoring of a global network. I believe I have enough experience to claim Steven's book is first rate and sorely needed. His reconstruction of a Christmas Eve system compromise and his analysis of Kevin Mitnick's TCP hijack of Tsutomu Shimomura's host are excellent case studies. His coverage of reset scans and other non-standard reconnaissance techniques prompted me to scour my traffic for the same events and write a paper on my findings. I do not agree with some of his conclusions on SYN ACK and reset scans, but his work made me investigate those topics. While I would have preferred slightly more explanation and examples of network traces (who wouldn't?), I hope this book begins a trend of sharing (sanitized) packet-level incident details within the IDS community. I recommended Steven's book to every analyst on my flight and every person in my unit, and I plan to build in-house training around it. I guarantee every person with a technical leaning and a position on the front line of intrusion detection will appreciate Steven's book. See you at SANS Network Security 99
14 of 15 people found the following review helpful
A readable and timely introduction to catching the bad guys 9 Sept. 1999
By Andrew T. Wilson - Published on Amazon.com
Format: Paperback
When "Network Intrusion Detection" is made into a big-budget Hollywood movie, I see Harrison Ford starring in the Stephen Northcutt role. He's experienced and more than a little hard-bitten, he has no patience for the foolish and the ill-prepared, but he really knows his stuff. Plus, there's a gleam of playfulness in the way he tackles the bad guys. Think "Indiana Jones and Back Doors of Quake."
Seriously, Stephen Northcutt is a good writer. He's been there and he's done that, and this book is the summary of what he's learned so far about detecting and countering breakins to a computer network. The book is quite current, documenting exploits as recent as early '99, which is both a plus and a minus. The plus is obviously the freshness and relevance of the content, the minus lies in the somewhat unpolished nature of the book, no doubt an artifact of speedy publication (typos abound, and organization could be improved).
However, on balance, I'd recommend this book to anyone with an interest in computer security. It could also serve as an introductory textbook on hacking into networks, as Mr. Northcutt surely realizes.... But dark hackers already have their own "apprenticeship" system, as he points out, whereas the white-hat community needs books such as this for training analysts.
16 of 18 people found the following review helpful
Thorough discussion of Intrusion Detection 26 Nov. 2000
By A Customer - Published on Amazon.com
Format: Paperback Verified Purchase
I read the book from cover to cover and found the book very useful and interesting. The author uses a lot of tongue-in-cheek humor and makes the subject very interesting with interesting examples and anecdotes. He also includes a lot of actual log files in his examples which really makes the book practical and easy to understand.
The book also talks about intelligence gathering techniques employed by hackers, the hacker community, and selling management on the idea of intrusion detection. As a network security professional I find myself grappling with the issue of convincing management to fund network security and will use the ideas of this author who clearly has a lot of experience in getting funding from management.
I was able to immediately apply some of the ideas and principles in the book to my benefit.
Were these reviews helpful? Let us know


Feedback