Network Intrusion Detection is rare among technical books - it's comprehensive, accurate, interesting, and intelligent; it's got none of the 'filler' chapters which seem to be prevalent in the genre. It's well worth the relatively small investment of time and money required to read and understand it. The author has 'been there, done that' which gives him a perspective unavailable to professional technical authors who write about Java one month, CORBA the next, will be assigned a firewall book next. This book will be useful to people responsible for intrusion detection, people who manage them, and to people who need to understand attack techniques and the forensic tools needed to detect and document them.
The Chief Information Warfare Officer for the entire United States teaches you how to protect your corporate network. This book is a training aid and reference for. Get FREE 7-day instant eTextbook access! Rent Network Intrusion Detection 3rd edition today, or search our site for other textbooks by Stephen Northcutt.
Highly recommended; it's in the same class as Cheswick & Bellovin's classic _Firewalls and Internet Security_. Network Intrusion Detection is rare among technical books - it's comprehensive, accurate, interesting, and intelligent; it's got none of the 'filler' chapters which seem to be prevalent in the genre. It's well worth the relatively small investment of time and money required to read and understand it. The author has 'been there, done that' which gives him a perspective unavailable to professional technical authors who write about Java one month, CORBA the next, will be assigned a firewall book next. This book will be useful to people responsible for intrusion detection, people who manage them, and to people who need to understand attack techniques and the forensic tools needed to detect and document them. Highly recommended; it's in the same class as Cheswick & Bellovin's classic _Firewalls and Internet Security_. A book like this is always aiming at a moving target. Aldl Gm Software License more.
I work at a company that focuses on up-to-the-minute IDS and IPS technologies, based substantially on the same code and techniques involved in this book. Unfortunately, having passed the beginner stage, I found this book outdated. If you already know the Layer 3/Layer 4 protocols, there's not a lot here that isn't already widely known in the IDS community. The chapters on Snort are extremely outdated. No discussion of the extremely complex Flowbits option, and no discussion of the numerous sophisticated payload navigation options such as Byte Jump and Byte Test.
This is after being subjected to a lecture elsewhere in the book that payload inspection is important. Also, the attacks described in this book are pretty much ancient history. More discussions of spyware attacks such as 2020search and 180solutions are vital to keep this book up to date. Frankly, I don't see how this book is useful for anyone except rank beginners who need an introduction. In that capacity it definitely will be helpful. Of the 3 available intrusion detection texts, this is by far the best for someone who actually wants to do intrusion detection.
It is breezy & chatty--like sitting down with a good friend (unfortunately, one who doesn't organize his thoughts very well and whose editor was apparently in a hurry). This is a bits & bytes book; it assumes some knowledge of TCP/IP and security concepts, but it accomodates non-specialists. It is useful for readers of varying levels of familiarity with Internet protocols. Northcutt provides an excellent introduction to the specific mechanisms of the most common network attacks, and offers the most cogent description I've seen of the [purported] Mitnick attack on Shimomura.
I especially enjoyed his efforts at providing neophyte intrusion analysts with political advice. His insight that host-based IDS is technically superior to network-based, but politically impractical is a gem of organizational wisdom. This is a great book. It provides good detail on crucial ID topics.
The examples in the book are clear and easy to follow. The book also does a good job of describing IP fragmentation. I would also recommend that someone get Bejtlich's The Tao of Network Security Monitoring. Read Network Intrusion Detection first then read The Tao. You will be an expert in the area of intrusion detection and network security monitoring. The only down side to this book is that not enough attention is paid to exploring the gory details of networking like Ethernet frames, IP/TCP/UDP/etc. This is an important topic for security people to understand.
This is a great book for both someone new to intrusion detection and people who already have familiarity with the field. A great, easily approachable chapter on internet basics, followed by very clear descriptions and examples. Combines specific examples with discussion of the broader context, themes, and issues around intrusion detection. And there's also a fair bit of humor and 'in the trenches' feel, making the book a lor more fun to read than I thought it would be. For my purposes, I found this book the 'mother lode' giving me the information and perspective I needed.
I read the book from cover to cover and found the book very useful and interesting. The author uses a lot of tongue-in-cheek humor and makes the subject very interesting with interesting examples and anecdotes. He also includes a lot of actual log files in his examples which really makes the book practical and easy to understand. The book also talks about intelligence gathering techniques employed by hackers, the hacker community, and selling management on the idea of intrusion detection. As a network security professional I find myself grappling with the issue of convincing management to fund network security and will use the ideas of this author who clearly has a lot of experience in getting funding from management. I was able to immediately apply some of the ideas and principles in the book to my benefit.
El Croquis Mvrdv Pdf To Excel. This is the first of three chapters that discusses writing filters or signatures to detect anomalous behavior. The authors have chosen to discuss these particular filters and signatures for a couple of reasons. The first is because these signatures are available with freeware and available to the masses—even the impoverished. The second reason is that there are so many IDS packages today, it is almost impossible to cover them and yet not be accused of bias or favoritism because of omissions. As a fair compromise, we have chosen this chapter to discuss TCPdump and the following two chapters to discuss Snort signatures. With Safari, you learn the way you learn best.
Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.