Amazon.co.uk Review
A collection of after-action reports on a variety of network attacks,
Network Intrusion Detection enables you to learn from others' mistakes as you endeavour to protect your networks from intrusion. Authors Stephen Northcutt and Judy Novak document real attacks on systems, highlighting characteristics you--you being a network communications analyst or security specialist--can look for on your own machines. The authors mince no words, advising you which detection tools to use (they like and use Snort, as well as Shadow, Tripwire, TCP Wrappers and others) and how to use them. This second edition of the book includes less about Year 2000 preparation and more about the latest in attacks, countermeasures, and the growing community of white-hat hackers who share information to keep systems safe.
In teaching their readers about the attacks that exploit a particular protocol or service, the authors typically present a TCPdump listing that shows an attack, then comment upon it. They tell you what the attackers did, how successful they were, and how the attack might have been detected and shut down. To cite one example, there's a very detailed analysis of Kevin Mitnick's famous attack (a SYN flood combined with TCP hijacking) on one of Tsutomu Shimomura's machines. By following the advice in this book, you will likely do very well in protecting your machines against people the authors call "script kiddies"--small-time hackers who follow published recipes (or run pre-written routines). You will also be about as prepared as you can be against more skilled attackers who make up their attacks on their own. This is great reading for anyone involved in developing filters to ward off attacks or monitoring network communications for suspicious activity. It's also a valuable resource for someone evaluating network countermeasures in preparation for deployment. --David Wall
Amazon.co.uk Review
Network Intrusion Detection: An Analyst's Handbook explains some of what you need to know in order to prevent unauthorised accesses of your networked computers and minimise the damage intruders can do. It emphasises, though, proven techniques of recognising attacks while they're underway. Without placing too much emphasis (or blame, for that matter) on any operating system or other software product, author Stephen Northcutt explains ways to spot suspicious behaviour and deal with it, both automatically and manually.
The case studies, large and small, are the best part of this book. Northcutt opens with a technical brief on the methods used by Kevin Mitnick in his attack upon Tsutomu Shimomura's server. In documenting that famous attack, Northcutt explains SYN flooding and TCP hijacking with clarity and detail: Readers get a precise picture of what Mitnick did, and how Shimomura's machine reacted. A former security expert for the US Department of Defense, Northcutt goes on to explain how a system administrator would go about detecting and defeating an attack like Mitnick's. Another case study appears later in the book, this one in the form of a line-by-line analysis of a history file that shows how a bad guy with root privileges attacked a Domain Name System (DNS) server. Reading Northcutt's analysis is like reading a play-by-play account of a football match. Network Intrusion Detection is one of the most readable technical books around. --David Wall, Amazon.com
Topics covered: Catching intruders in the act by recognising the characteristics of various kinds of attacks in real-time, both manually and with the use of filters and other automated systems; techniques for identifying security weaknesses and minimising false security alarms.
--This text refers to an out of print or unavailable edition of this title.
by Matt Fearnow
by Rebecca Gurley Bace
by Jack Koziol
by Bruce Schneier
by Stephen Northcutt
