Intrusion Detection [Paperback]

Rebecca Gurley Bace (Author)

Book Description

Publication Date: January 1, 2000

With the number of intrusion and hacking incidents around the world on the rise, the importance of having dependable intrusion detection systems in place is greater than ever. Offering both a developmental and technical perspective on this crucial element of network security, Intrusion Detection covers: practical considerations for selecting and implementing intrusion detection systems; methods of handling the results of analysis, and the options for responses to detected problems, data sources commonly used in intrusion detection and how they influence the capabilities of all intrusion detection systems; legal issues surrounding detection and monitoring that affect the design, development, and operation of intrusion detection systems. More than just an overview of the technology, Intrusion Detection presents real analysis schemes and responses, as well as a detailed discussion of the vulnerabilities inherent in many systems, and approaches to testing systems for these problems.

Editorial Reviews

Review

Security books, quite frankly, are pretty much a dime a dozen, most of which are written by people in IT field security. What immediately separates this book from the rest is the background of the author. Ms. Bace is an ex-government employee, spending 12 years in everyone's favorite spook organization, the National Security Agency. ...For those with functioning brains who have vested interests in InfoSec and protecting their organization from people who wish to do harm, and getting real security info ...then pick this book up. -- Slashdot.org, 1/27/2000

What differentiates Bace as an author is her purist's passion for intellectual honesty and generosity. She pays homage to the many computer security folks who preceded her, who do important, innovative work in this area, but seldom get singled out. Reading Bace's opening chapter on the history of intrusion detection is a pleasure...(Throughout the book) the technical-theoretical is balanced by real examples and real-world challenges. Her chapter dealing with legal issues should be read by every in-house attorney whose companies have hard/software components. Outside computer security firms hoping for "consulting" fees will probably memorize large chunks from the book in order to appear knowledgeable. -- CyberWire Dispatch, 1/4/2000

From the Inside Flap

What we're hearing from reviewers about Intrusion Detection... "People have been working on computer intrusion detection systems for nearly 20 years. As a researcher, I am bothered that other scientists aren't familiar with the good work that has already been done, and as a consumer, I am disconcerted that I don't have better commercial products to defend my systems. Becky Bace has been there, done that, read about it, thought about it a lot, and now written it all down. Everyone who works in intrusion detection can gain something by reading this book. You can, too." -- Eugene H. Spafford, Professor and Director of the Purdue University Center for Education and Research in Information and Security (CERIAS)

"This book serves as a fantastic reference for the history of commercial and research intrusion detection tools. Even for practitioners of intrusion detection, this book can be an eye-opener.

"Becky's book grounds the intrusion detection discussion in a way that is readable, informative, and practical." -- Gene Kim, Chief Technology Officer, Tripwire Security Systems, Inc.

"I cannot imagine a consulting expert in this field who will want to be without a copy of Becky's book. Corporate managers, directors, and legal counsel need to digest these arguments as well." -- Fred Chris Smith, Attorney, Santa Fe, New Mexico.

" There is plenty here to point the needful System Administrator in the direction of an intrusion detection system appropriate for his current envisioned needs. But this book does much more: It provides solid perspective in a field where empty claims often dominate, and it will provide insights needed to cope with situations where existing products fall short or fail altogether to protect a system. I am certain that this book will become an industry standard in intrusion detection as a discipline." -- Marvin Schaefer, Chief Scientist, Vice-President, Arca Systems

"This book bridges a critical gap in the reference market. It encompasses both the principles of intrusion detection and a wealth of specific examples, enabling the reader to form a sound basis for understanding and evaluating what is happening in the field. This book demystifies intrusion detection without oversimplifying the problem" -- Ruth Nelson, President, Information System Security

See all Editorial Reviews

Product Details

• Paperback: 368 pages
• Publisher: Sams; 1 edition (January 1, 2000)
• Language: English
• ISBN-10: 1578701856
• ISBN-13: 978-1578701858
• Product Dimensions: 9.4 x 7.6 x 1.1 inches
• Shipping Weight: 1.7 pounds (View shipping rates and policies)
• Average Customer Review: 4.4 out of 5 stars  See all reviews (5 customer reviews)
• Amazon Best Sellers Rank: #125,893 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

35 of 36 people found the following review helpful:

4.0 out of 5 stars An excellent textbook, but not an implementor's handbook, April 6, 2000

By 

J. G. Heiser (Sunninghill, Berks) - See all my reviews
(REAL NAME)   

This review is from: Intrusion Detection (Paperback)

This is a well-researched and well-written text. It is an excellent complement to Northcutt's book, which is more concrete and oriented to the hands-on practitioner. Those hoping to just buy an off-the-shelf IDS and turn it on may find Bace's book somewhat abstract. Although it reads well, it has a very strong academic flavor (this is probably inevitable in any book that uses the word 'etiology' twice in the first chapter). If Amoroso's book is a graduate-level text, then this is an appropriate book for undergrads.

Every specialized text on security seems to succumb to the temptation to flesh out the book with elementary security topics, and this one is no exception. Whether they are absolutely appropriate in a book like this or not, Bace does offer some very wise and useful advice and understandings on information security in general--some of which I was able to apply immediately by sharing with a client.

The author provides a comprehensive history of intrusion detection that is effective in creating an understanding of the reasons that specific techniques are used and what their shortcomings and strong points are--15 years worth of non-commercial intrusion detection systems are described and analyzed. While academic and government sponsored IDS initiatives are well-covered, those who are shopping for a commercial solution will probably be disappointed by the almost total lack of mention of currently available products. Discussion of commercial products consists of generalizations such as "Many products" or "some products" or "be aware of vendors that".

The chapter on legal issues is excellent and up-to-date, and it should be read by anyone implementing any form of monitoring system. The chapter 'For Strategists' is just a rehash of basic risk management concepts. It isn't particularly applicable to IDS and I disagree with the author on the prominence of ROI calculations in the security product implementation decision process. The bibliography is complete and very current. Although it lacks annotations, many of the sources are referenced within the book itself, so the reader interested in further research has plenty of guidance.

The weaknesses in this book are probably due to a lack of audience focus. It is aimed at Chief Security Officers, network and OS admins, college compsci students, and security systems designers.

Consultants and decision-makers should read this text, as should network engineers who want to expand their awareness of the tools they are purchasing and using. Given that this serves well as a reference book, the sturdy hard binding is appreciated, and the pages withstand highlighting without bleed through. It isn't a lot of verbiage for the price, but the quality is high.

5 of 6 people found the following review helpful:

5.0 out of 5 stars The most underappreciated intrusion detection book available, October 16, 2003

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Intrusion Detection (Paperback)

Three years ago, as a captain in the Air Force CERT, I didn't think I had time to read books on theory and definitions like Rebecca Bace's "Intrusion Detection." If a book didn't show packet captures, I didn't need it! Fast forward to 2003, as I research intrusion detection history and re-discover Bace's contribution to the field. Now, I consider her book so important that I consider most of it mandatory preparation for my own book. If you've got the time for "high level" monitoring concerns, check out "Intrusion Detection."

As a researcher, my favorite aspect of the book is Bace's readiness to "lay down the law" and provide numerous definitions for intrusion detection concepts. Most of them are so clear as to be considered definitive in my eyes. Like Paul Proctor's 2001 title "The Practical Intrusion Detection Handbook," I get the sense that Bace "gets it." She doesn't show packet traces, but what she says makes sense.

The best aspect of the book, for my purposes, is its historical nature. Bace covers several decades of intrusion detection concepts and products. She cites the players and their papers, and the themes prevalent as IDS moved from the lab to the front lines. I also found the legal issues chapter extremely valuable. IDS operators should know their products implement wiretaps or trap and trace/pen registers, for which legal cover should be sought. The legal chapter also featured two great case studies on capturing Kevin Mitnick and responding to the 1994 Rome Labs intrusion.

On the negative side, I offer a few disagreements and suggestions. First, vulnerability assessment products are not "a special case of intrusion detection" (ch. 6). This association clouds the issue and confuses the layman. Vulnerability assessment products identify vulnerabilities. Intrusion detection products identify threats. VA can work with IDS in an overall risk management strategy, or to provide context to improve IDS detection methods (e.g. Sourcefire RNA or Tenable NeVO), but VA is not IDS. I also disagree the a primary goal of IDS is real-time response. While this is a goal for science fiction writers, I still don't trust the removal of the human operator. Minor points include a lack of discussing Snort (created in 1998, popular by 1999) and an incorrect claim regarding "NSM" on p. 19 -- the acronym means "Network Security Monitor."

If you're looking for background on the history and purpose of IDS, I strongly recommend reading "Intrusion Detection." It's as relevant today as it was three years ago. I'm fortunate I didn't miss out by waiting so long!

1 of 1 people found the following review helpful:

4.0 out of 5 stars This is an academic book, July 15, 2008

By 

C. Langin - See all my reviews
(REAL NAME)   

This review is from: Intrusion Detection (Paperback)

This is one of at least three books you will need for academic research on intrusion detection. This book is appropriate for undergraduate students, but it also contains theory and references. For a graduate level presentation with theory and references, see Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response. The third book is Network Intrusion Detection (3rd Edition) (Voices (New Riders)) and contains practical advice on how intrusion detection is actually done. If you are non-academic and do not need theory and references, you probably only need the third book.