Customer Reviews


8 Reviews
5 star:
 (4)
4 star:
 (2)
3 star:
 (2)
2 star:    (0)
1 star:    (0)
 
 
 
 
 
Average Customer Review
Share your thoughts with other customers
Create your own review
 
 

The most helpful favourable review
The most helpful critical review


5.0 out of 5 stars When a good book is worth a thousand experiences!
This is the best book about Intrusion Signatures published yet.
I teach computer security at a local university, and with the only help of this book, I could take care of all the practical aspects of my last course. If you have already a good background on this field, and read and understand thoroughly the book, then you can afford any related security certification...
Published on Feb. 23 2002 by Marco De Vivo

versus
3.0 out of 5 stars A good start, but proceed with caution: uncertain analysis
Disclaimer: I withdrew a chapter from this book, and my words appear on p. 25. "Intrusion Signatures" tries to share the collective wisdom of SANS GIAC certification candidates, tempered by more experienced SANS editors. I applaud their intentions, but the uneven analysis and commentary warrants faint praise. New analysts flying solo should not read this...
Published on Feb. 2 2001 by Richard Bejtlich


Most Helpful First | Newest First

5.0 out of 5 stars When a good book is worth a thousand experiences!, Feb. 23 2002
By 
Marco De Vivo "Mr. TCP/IP" (Miami, Florida United States) - See all my reviews
(REAL NAME)   
Ce commentaire est de: Intrusion Signatures and Analysis (Paperback)
This is the best book about Intrusion Signatures published yet.
I teach computer security at a local university, and with the only help of this book, I could take care of all the practical aspects of my last course. If you have already a good background on this field, and read and understand thoroughly the book, then you can afford any related security certification test.
Chapters 3 through 17, present several well documented cases, which, in turn, are discussed following the same standard:
- Presentation
- Source of Trace
- Detect Generated by
- Probability the Source Address Was spoofed
- Attack Description
- Attack Mechanism
- Correlations
- Evidence of Active Targeting
- Severity
- Defense Recommendations
- Questions
Chapter 1 introduces the reader to Analysis of Logs (including Snort, Tcpdump, and Syslog), IDS, and Firewalls. Even being a quick review, it is quite useful, though.
Chapter 2 explains the way the cases are studied.
The covered vulnerabilities and attacks include:
- Internet Security Threats
- Routers and Firewalls Attacks
- IP Spoofing
- Networks Mapping and Scanning
- Denial of Service
- Trojans
- Assorted Exploits
- Buffer Overflows
- IP Fragmentation
- False Positives
- Crafted Packets
At the bottom line, this is one of the 5 best computer security books I ever read. Even for non experts, the book can be a valuable tool to improve the understanding on this field.
Try it.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


5.0 out of 5 stars You want experience?, Feb. 6 2001
Ce commentaire est de: Intrusion Signatures and Analysis (Paperback)
The real-world signatures in this book, along with the analysis, make this a wonderful reference book. There is, of course, no substitute for experience. However, this book provides an excellent baseline of experience for any Intrusion Analyst! From that baseline one should be able to better analyze future attacks; there is, after all, only so much an attacker can do.
This book was made possible by contributors to GIAC (Global Incident Analysis Center); professionals out "in the trenches" dealing with attacks of all shape and size on a daily basis. These traces were not generated in a lab; they're the same traces you will see on your network if you're looking for them.
I've already used this book as a reference guide and it sits on my shelf next to "TCP/IP Illustrated V1" by Dr. Richard Stevens and "Intrusion Detection: An Analysts Handbook V2" by Stephen Northcutt and Judy Novak- I use all on a regular basis.
Whether you are just starting out in the IDS realm or whether you're an established Analyst sitting on an enterprise of sensors this book is for you.
-- Brent Deterding Enterprise Manager of Network Security - Solutia Inc.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


3.0 out of 5 stars A good start, but proceed with caution: uncertain analysis, Feb. 2 2001
By 
Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   
Ce commentaire est de: Intrusion Signatures and Analysis (Paperback)
Disclaimer: I withdrew a chapter from this book, and my words appear on p. 25. "Intrusion Signatures" tries to share the collective wisdom of SANS GIAC certification candidates, tempered by more experienced SANS editors. I applaud their intentions, but the uneven analysis and commentary warrants faint praise. New analysts flying solo should not read this book. Analysts with a guru to consult should get his or her input before trusting the book's interpretations.
Examples: (1) Eric Hacker expertly discusses a Windows password problem on pp. 77-85, but a significant trace is missing on p. 81. This causes the following dozen traces to not match their respective explanations. Would a new analyst notice? (2) Several times (p. 87, etc.) the authors fail to realize "public" is a common default SNMP "read" community string, while "private" is the "read/write" counterpart. This mistake is crucial elsewhere in the book. (3) The editors call a clear example of round-trip-time determination a "half-open DNS scan." It's ok for certification students to make judgement errors, but SANS editors should explain why that view isn't correct. (4) A very questionable "SYN flood" trace in ch. 10 doesn't match the "reproduction" of the same trace in the question-and-answer appendix -- that one's missing a crucial packet! (5) A "spoofed FTP request" in ch.11 looks like an active FTP data attempt to me. That concept is explained on p. 329, but the authors don't apply the same reasoning to ch.11's example. Why?
On the positive side, I was impressed by Mark Cooper's work on buffer overflows and ICMP redirects. Some of the student work is also first-rate, but it may be tough for new readers to make the necessary distinctions.
The authors owe it to the target audience (new analysts) to deliver accurate explanations. Different interpretations are expected, but errors like those listed require scrutiny. The work is sincere -- I just can't recommend this book to inexperienced intrusion detectors.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


5.0 out of 5 stars Includes review questions with throughout the book, May 19 2001
Ce commentaire est de: Intrusion Signatures and Analysis (Paperback)
A must-have for the serious network security professional, Intrusion Signatures And Analysis opens with an introduction into the format of some of the more common sensors and then begins a tutorial into the unique format of the signatures and analyses used in the book. Readers will find page after page of signatures, in order by categories as well as a case study section on how attacks have shut down the networks and web sites of Yahoo, and E-bay and what those attacks looked like. As an added feature, the collaborative authors Stephen Northcutt; Mark Cooper; Matt Fearnow; and Karen Frederick included review questions with throughout the book to help readers be sure they comprehend the traces and material that has been covered. Intrusion Signatures And Analysis is a recommended resource for the SANS Institute GIAC certification program. 448 pp.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4.0 out of 5 stars Analysis in practice, April 5 2001
Ce commentaire est de: Intrusion Signatures and Analysis (Paperback)
This is the second release from some of the key SANS GIAC folk and is a fine addition as it extends on the data from "Network Intrusion Detection : An Analysts Handbook", to give intrusion detection practitioners some interesting detects from the GIAC graduates.
Included in these detects are some of the more unique pieces of analysis that have been performed at GIAC, with detailed write-ups of the analysis process and the logic applied in defining the conditions in which the events occured.
Once again, this is easy and interesting reading which will appeal to intrusion analyists of all levels. Further, this book gives neophytes a real sense of what can be monitered and how important intrusion detection is in security layering.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


3.0 out of 5 stars Decent companion to Network Intrusion Detection, 2nd Ed., Feb. 5 2001
By 
Erik Fichtner (Oakton, VA United States) - See all my reviews
Ce commentaire est de: Intrusion Signatures and Analysis (Paperback)
"Intrusion Signatures and Analysis" is a handy companion volume to "Network Intrusion Detection, 2nd Ed." that gives the reader many more examples of intrusion attempts and scans across a wide variety of network devices that a real-world analyst will be required to use, and gives the reader access to more real-world events to learn from before they encounter them on their own networks.
This book also serves well as a style guide for writing up incidents in your organization, or to submit to an incident response center.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


5.0 out of 5 stars A Great Title For Security Geeks to Learn Packet Forensics, July 10 2001
By 
R. Esser (Forest Grove, OR) - See all my reviews
(REAL NAME)   
Ce commentaire est de: Intrusion Signatures and Analysis (Paperback)
I read this book out of general interest and a need to dig deeper into the technical aspects of security, and intrusion detection in particular. For that, this title is perfect!
It's great to learn intrusion detection, packet analysis, forensics, attack methodologies, attack recognition, and similar topics. And oh, by the way, if you have any interest at all in certification, Intrusion Signatures and Analysis is the study guide for one of the hottest new certs there is: SANS GIAC Intrusion Detection In Depth.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4.0 out of 5 stars High tech High words, Feb. 2 2001
By A Customer
Ce commentaire est de: Intrusion Signatures and Analysis (Paperback)
This book is pretty good, but you'll need vast experience as a techie to get into it real good. lots of experience is required.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


Most Helpful First | Newest First

This product

Intrusion Signatures and Analysis
Intrusion Signatures and Analysis by Mark Cooper (Paperback - Jan. 19 2001)
CDN$ 41.99 CDN$ 26.45
Usually ships in 1 to 2 months
Add to cart Add to wishlist
Only search this product's reviews