Vous voulez voir cette page en français ? Cliquez ici.


or
Sign in to turn on 1-Click ordering.
More Buying Choices
Have one to sell? Sell yours here
Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network
 
 
Share your own customer images
Search inside this book

Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network [Paperback]

Tim Crothers (Author)
4.5 out of 5 stars  See all reviews (2 customer reviews)
List Price: CDN$ 65.99
Price: CDN$ 41.37 & this item ships for FREE with Super Saver Shipping. Details
You Save: CDN$ 24.62 (37%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Usually ships within 1 to 3 weeks.
Ships from and sold by Amazon.ca. Gift-wrap available.

Product Details

Product Description

Product Description

* Configuring an intrusion detection system (IDS) is very challenging, and if improperly configured an IDS is rendered ineffective
* Packed with real-world tips and practical techniques, this book shows IT and security professionals how to implement, optimize, and effectively use IDS
* Features coverage of the recently revised IETF IDS specification
* Covers IDS standards, managing traffic volume in the IDS, intrusion signatures, log analysis, and incident handling
* Provides step-by-step instructions for configuration procedures

Book Info

Your in-depth guide to implementing and optimizing an effective intrusion detection system for your network. Softcover.
See all Product Description
Inside This Book (Learn More)
First Sentence
WELCOME TO THE WORLD of intrusion detection. Read the first page
Explore More
Concordance
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

Tag this product

 (What's this?)
Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organize and find favorite items.
Your tags: Add your first tag
 
See most popular tags
 

Customer Reviews

2 Reviews
5 star:
 (1)
4 star:
 (1)
3 star:    (0)
2 star:    (0)
1 star:    (0)
 
 
 
 
 
Average Customer Review
4.5 out of 5 stars (2 customer reviews)
 
 
 
 
Share your thoughts with other customers:
Most helpful customer reviews

5.0 out of 5 stars Excellent book, Feb 20 2003
By 
Jonathan Bushnell (Ridgecrest, CA USA) - See all my reviews
This review is from: Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network (Paperback)
This book takes a simplistical approach to understanding IDS systems. I enjoyed the book and really got a grasp on IDS. I've touched basis with IDS before but was able to completely and thouroughly comprehend the main points of the book because of the great technial expertise and writing syle of the book.
Great for security admins!
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4.0 out of 5 stars A welcome start to the 2003 IDS book publishing rush, Jan 9 2003
By 
Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   
This review is from: Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network (Paperback)
When was the last time you saw a new book on detecting intrusions at your local book store? Aside from revisions of "Network Intrusion Detection" by Northcutt and Novak, the last thought-provoking book was Paul Proctor's "Practical Intrusion Detection Handbook," published in August 2000. In 2003, IDS fans, the drought has ended.

"Implementing Intrusion Detection Systems" (IIDS) is a welcome start to a year that will see four books published with the word "Snort" in their titles. IIDS pays homage to the finest detection engine in the land, but uses Snort as a sample of the capabilities an IDS has to offer -- capabilities frequently attacked in the press and by assessment-oriented companies. Author Tim Crothers tackles the naysayers head-on in the book's second paragraph: "You see media articles from well-known security writers claiming that IDS is a dead technology. Fortunately, those writers are wrong." Amen!

IIDS is clear and straightforward, with a dose of good advice and informative diagrams. The sample IDS deployment chapter was nice to see in a published work, and the evasion section in chapter 5 was well done. Overall Wiley did a fine job editing IIDS and the price is reasonable.

Now for the toughest part of any review -- constructive criticism of technical details. Crothers' discussion of "passive ftp" on p. 39 doesn't recognize that port 20 is only involved in "active ftp". (See pp. 456-7 of "Building Internet Firewalls, 2nd Ed, for a chart to silence all debate on this topic.) Closed tcp ports reply with RST ACKs, not the lone RSTs listed on p. 96. The author doesn't mention that FIN scans (p. 97) are never used because the lack of a response could be easily due to firewalls dropping packets, not open ports staying quiet.

And, repeating the mistake seen in almost every book mentioning TCP/IP, Crothers' Appendix A claims TCPDump displays "starting and ending relative sequence numbers" (p. 258). Rather, those numbers are the sequence number of the first byte of data in the segment and the sequence number of the first byte of data in the NEXT segment. That's why a TCP segment with 432 bytes of data shows 1:433 in TCPDump -- the first byte is "relative" number 1, the last is relative number 432, and the NEXT is 433.

Apart from my philosophical disagreements with the author's detection methodology and priorities, I enjoyed reading IIDS immensely. I finished it in less than two days and highlighted many lines of text. It will be fun to see how the other four IDS books arriving this year compare to Tim Crothers' work.

Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No

Share your thoughts with other customers: Create your own review
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com: 4.7 out of 5 stars (3 customer reviews)

5 of 5 people found the following review helpful
4.0 out of 5 stars A welcome start to the 2003 IDS book publishing rush, Jan 9 2003
By Richard Bejtlich "TaoSecurity" - Published on Amazon.com
This review is from: Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network (Paperback)
When was the last time you saw a new book on detecting intrusions at your local book store? Aside from revisions of "Network Intrusion Detection" by Northcutt and Novak, the last thought-provoking book was Paul Proctor's "Practical Intrusion Detection Handbook," published in August 2000. In 2003, IDS fans, the drought has ended.

"Implementing Intrusion Detection Systems" (IIDS) is a welcome start to a year that will see four books published with the word "Snort" in their titles. IIDS pays homage to the finest detection engine in the land, but uses Snort as a sample of the capabilities an IDS has to offer -- capabilities frequently attacked in the press and by assessment-oriented companies. Author Tim Crothers tackles the naysayers head-on in the book's second paragraph: "You see media articles from well-known security writers claiming that IDS is a dead technology. Fortunately, those writers are wrong." Amen!

IIDS is clear and straightforward, with a dose of good advice and informative diagrams. The sample IDS deployment chapter was nice to see in a published work, and the evasion section in chapter 5 was well done. Overall Wiley did a fine job editing IIDS and the price is reasonable.

Now for the toughest part of any review -- constructive criticism of technical details. Crothers' discussion of "passive ftp" on p. 39 doesn't recognize that port 20 is only involved in "active ftp". (See pp. 456-7 of "Building Internet Firewalls, 2nd Ed, for a chart to silence all debate on this topic.) Closed tcp ports reply with RST ACKs, not the lone RSTs listed on p. 96. The author doesn't mention that FIN scans (p. 97) are never used because the lack of a response could be easily due to firewalls dropping packets, not open ports staying quiet.

And, repeating the mistake seen in almost every book mentioning TCP/IP, Crothers' Appendix A claims TCPDump displays "starting and ending relative sequence numbers" (p. 258). Rather, those numbers are the sequence number of the first byte of data in the segment and the sequence number of the first byte of data in the NEXT segment. That's why a TCP segment with 432 bytes of data shows 1:433 in TCPDump -- the first byte is "relative" number 1, the last is relative number 432, and the NEXT is 433.

Apart from my philosophical disagreements with the author's detection methodology and priorities, I enjoyed reading IIDS immensely. I finished it in less than two days and highlighted many lines of text. It will be fun to see how the other four IDS books arriving this year compare to Tim Crothers' work.


5.0 out of 5 stars Excellent introduction to IDS, Nov 27 2005
By Daniel Owen - Published on Amazon.com
This review is from: Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network (Paperback)
Implementing Intrusion Detection Systems by Tim Crothers is an excellent introduction to the topics important to implementing any IDS. Crothers uses Snort as a reference IDS system, but the coverage of Snort is not intended to be comprehensive so if you plan to use Snort you will need an additional resource. Crothers does an excellent job of giving a very basic overview of underlying protocol elements that need to be understood to be a competent IDS manager without going into excessive detail for the generalist. Overall this is an excellent introduction to IDS topics. For someone with IDS experience this book will probably be useful in filling in some holes in your knowledge but Network Intrusion Detection by Nortcut and Novak may be a better book for the experienced IDS implementer.

5.0 out of 5 stars Excellent book, Feb 20 2003
By Jonathan Bushnell - Published on Amazon.com
This review is from: Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network (Paperback)
This book takes a simplistical approach to understanding IDS systems. I enjoyed the book and really got a grasp on IDS. I've touched basis with IDS before but was able to completely and thouroughly comprehend the main points of the book because of the great technial expertise and writing syle of the book.
Great for security admins!
 Go to Amazon.com to see all 3 reviews  4.7 out of 5 stars 
 
 
Only search this product's reviews


Listmania!

Create a Listmania! list

Look for similar items by category

Look for similar items by subject























i.e., each book must be in subject 1 AND subject 2 AND ...

Feedback

Would you like to update product info or give feedback on images?

Amazon.ca Privacy Statement Amazon.ca Shipping Information Amazon.ca Returns & Exchanges