Practical Intrusion Analysis and over one million other books are available for Amazon Kindle. Learn more
  • List Price: $59.99
  • Save: $36.23(60%)
Rented from apex_media
To Rent, select Shipping State from options above
Due Date: May 31, 2015
FREE return shipping at the end of the semester. Access codes and supplements are not guaranteed with rentals.
Condition: Used: Good
Access codes and supplements are not guaranteed with used items.
Qty:1
  • List Price: $59.99
  • Save: $18.34 (31%)
Only 15 left in stock (more on the way).
Ships from and sold by Amazon.com.
Gift-wrap available.
Sell yours for a Gift Card
We'll buy it for $2.00
Learn More
Trade in now
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century Paperback – July 4, 2009

ISBN-13: 978-0321591807 ISBN-10: 0321591801 Edition: 1st

Buy New
Price: $41.65
Rent
Price: $23.75 - $23.76
17 New from $37.61 28 Used from $23.95
Rent from Amazon Price New from Used from
Kindle
"Please retry"
Paperback
"Please retry"
$23.75
$41.65
$37.61 $23.95
Best%20Books%20of%202014

Frequently Bought Together

Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century + Snort IDS and IPS Toolkit (Jay Beale's Open Source Security) + Information Security Intelligence: Cryptographic Principles & Applications
Price for all three: $204.48

Buy the selected items together
NO_CONTENT_IN_FEATURE

Holiday Deals in Books
Holiday Deals in Books
Find deals for every reader in the Holiday Deals in Books store, featuring savings of up to 50% on cookbooks, children's books, literature & fiction, and more.

Product Details

  • Paperback: 480 pages
  • Publisher: Addison-Wesley Professional; 1 edition (July 4, 2009)
  • Language: English
  • ISBN-10: 0321591801
  • ISBN-13: 978-0321591807
  • Product Dimensions: 6.9 x 1 x 9 inches
  • Shipping Weight: 1.7 pounds (View shipping rates and policies)
  • Average Customer Review: 3.9 out of 5 stars  See all reviews (14 customer reviews)
  • Amazon Best Sellers Rank: #1,456,681 in Books (See Top 100 in Books)

Editorial Reviews

From the Back Cover

Practical Intrusion Analysisprovides a solid fundamental overview of the art and science of intrusion analysis.

   -Nate Miller, Cofounder, Stratum Security

 

The Only Definitive Guide to New State-of-the-Art Techniques in Intrusion Detection and Prevention

 

Recently, powerful innovations in intrusion detection and prevention have evolved in response to emerging threats and changing business environments. However, security practitioners have found little reliable, usable information about these new IDS/IPS technologies. InPractical Intrusion Analysis, one of the field's leading experts brings together these innovations for the first time and demonstrates how they can be used to analyze attacks, mitigate damage, and track attackers.

 

Ryan Trost reviews the fundamental techniques and business drivers of intrusion detection and prevention by analyzing today's new vulnerabilities and attack vectors. Next, he presents complete explanations of powerful new IDS/IPS methodologies based on Network Behavioral Analysis (NBA), data visualization, geospatial analysis, and more.

 

Writing for security practitioners and managers at all experience levels, Trost introduces new solutions for virtually every environment. Coverage includes

 

  • Assessing the strengths and limitations of mainstream monitoring tools and IDS technologies
  • Using Attack Graphs to map paths of network vulnerability and becoming more proactive about preventing intrusions
  • Analyzing network behavior to immediately detect polymorphic worms, zero-day exploits, and botnet DoS attacks
  • Understanding the theory, advantages, and disadvantages of the latest Web Application Firewalls
  • Implementing IDS/IPS systems that protect wireless data traffic
  • Enhancing your intrusion detection efforts by converging with physical security defenses
  • Identifying attackers' “geographical fingerprints and using that information to respond more effectively
  • Visualizing data traffic to identify suspicious patterns more quickly
  • Revisiting intrusion detection ROI in light of new threats, compliance risks, and technical alternatives

 

Includes contributions from these leading network security experts:

 

Jeff Forristal, a.k.a. Rain Forest Puppy, senior security professional and creator of libwhisker


Seth Fogie, CEO, Airscanner USA; leading-edge mobile security researcher; coauthor ofSecurity Warrior

 

Dr. Sushil Jajodia, Director, Center for Secure Information Systems; founding Editor-in-Chief,Journal of Computer Security

 

Dr. Steven Noel, Associate Director and Senior Research Scientist, Center for Secure Information Systems, George Mason University

 

Alex Kirk, Member, Sourcefire Vulnerability Research Team

 

About the Author

Ryan Trost is the Director of Security and Data Privacy Officer at Comprehensive Health Services where he oversees all the organization’s security and privacy decisions. He teaches several Information Technology courses, including Ethical Hacking, Intrusion Detection, and Data Visualization at Northern Virginia Community College. This enables him to continue exploring his technical interests among the endless managerial meetings. In his spare time, Ryan works to cross-pollinate network security, GIS, and data visualization. He is considered a leading expert in geospatial intrusion detection techniques and has spoken at several conferences on the topic, most notably DEFCON 16. Ryan participated as a RedTeamer in the first annual Collegiate Cyber Defense Competition (CCDC) and now fields a team of students in the annual event. Ryan has been a senior security consultant for several government agencies before transitioning over to the private sector. In 2005, Ryan received his masters of science degree in computer science from George Washington University where he developed his first geospatial intrusion detection tool.

See all Editorial Reviews

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

I highly recommend this book for all Security Analysts and anyone who oversees security operations.
Jeyaprakash Kopula
This is a touchy way to begin any book as you will either lose your audience if they are new to this subject, or annoy them if they are already familiar.
C. Irvin
This book is not really a book: it is a collection of papers about security and intrusion detection.
Dr Anton Chuvakin

Most Helpful Customer Reviews

20 of 21 people found the following review helpful By Richard Bejtlich on July 11, 2009
Format: Paperback
I must start this review by stating the lead author lists me in the Acknowledgments and elsewhere in the book, which I appreciate. I also did consulting work years ago for the lead author's company, and I know the lead author to be a good guy with a unique eye for applying geography to network security data. Addison-Wesley provided me a review copy.

I did not participate in the writing process for Practical Intrusion Analysis (PIA), but after reading it I think I know how it unfolded. The lead author had enough material to write his two main sections: ch 10, Geospatial Intrusion Detection, and ch 11, Visual Data Communications. He realized he couldn't publish a 115-page book, so he enlisted five contributing authors who wrote chapters on loosely related security topics. Finally the lead author wrote two introductory sections: ch 1, Network Overview, and ch 2, Infrastructure Monitoring. This publication-by-amalgamation method seldom yields coherent or helpful material, despite the superior production efforts of a company like Addison-Wesley. To put a point on PIA's trouble, there's only a single intrusion analyzed in the book, and it's in the lead author's core section. The end result is a book you can skip, although it would be good for chapters 4 and 10 to be published separately as digital "Short Cuts" on InformIT.

Chapters 1 and 2 are not needed. Anyone who needs to learn about networking can read a basic book already published. Ch 2 does mention that 802.1AE (if ever implemented) will hamper network traffic inspection, but you could read that online.

Ch 3 is odd because it begins by mentioning well-worn methods to evade network detection, followed by a discussion of the merits of Snort vs Bro.
Read more ›
1 Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
4 of 4 people found the following review helpful By Dr Anton Chuvakin on September 30, 2009
Format: Paperback
This book is not really a book: it is a collection of papers about security and intrusion detection. The book bears unfortunate, but noticeable signs of being written by multiple people who didn't talk to each other much.

I just finished reading the book and I can say I enjoyed it. It does have interesting ideas peppered in some places. Overall presentation consistency, however, is not lacking - it is absent. Also, the book is not terribly practical if you define practice as "protection of systems and networks from attacks." Many chapters are shallow and make the impression of being added to get the book to 450 pages threshold.

So, some chapters are fun and insightful ("Geospatial ID", "Physical IDS", the sections on signature tuning), some are funny (example: one chapter talks about SIEM, SIM and SEM, but errs about what "M" in those stands for... seriously!) and some are sad (example: the one that mentions IDMEF), while others are very shallow ("Wireless IDS/IPS"). The chapter on ROI made me fall under my desk; I experience an actual literal ROFL.

Here are some of the highlights. Ch3 has a lot of useful Bro NIDS tips; if you have never used Bro in production, give it a try. In Ch4, I liked vulnerability-based signature definition worklfow, which takes into account sig performance tuning. Ch5 was written by an academic, who doesn't get out much; if works great if you want to really know what the word "befuddled" means (it also mentioned IDMEF for extra punch :-)) Ch6 is fine if you never dealt with network flows; not a bad intro. Ch7 is a very shallow intro to web application firewalls, while ch8 is the same for wireless IDS/IPS. Ch9 deals with physical security and I loved; such information rarely shows in IT books and it was great to learn it.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
2 of 2 people found the following review helpful By C. Irvin on August 19, 2009
Format: Paperback
When I first began reading Practical Intrusion Analysis by Ryan Trost, I was a little put-off. He begins the book with an overview of IP Addressing, subnetting, and packets. This is a touchy way to begin any book as you will either lose your audience if they are new to this subject, or annoy them if they are already familiar. Ryan was able to expand on this subject without going too far in to the weeds, and provide a backbone that makes the next chapters easier to understand.

The following chapters are the real meat of the book and I really got a lot out of them. Ryan covers the entire area of intrusion detection and prevention solutions from the end-point to geographic-based. I'd recommend this book to any IT Professional who deals with network security, as it helps simplify a fairly complicated subject.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By Jeyaprakash Kopula on September 3, 2009
Format: Paperback
My search for one book that gives me a bird's eye view of enterprise Intrusion detection and preventions systems process ends with this book. Any one who climbs up the ladder from different back ground in Information Security can easily understand the `ABCD' of Intrusion Prevention/Detection Analysis by reading this book. The author explained everything from the ground up. For e.g. when he writes about Network Intrusion Analysis, he started to explain from basic OSI reference model and TCP/IP model and goes on explaining how to capture data at various levels of the network.

This book starts with explaining how Enterprise IT infrastructure looks like and explained in brief what each technology mean for the reader. Another good outcome of reading this book is to understand the management aspect of handling Intrusion detection/ Prevention systems and process.

Let me briefly describe how this book is structured in terms of chapters and technology implementations. First the author went ahead and described two open source IDS/IPS platforms namely Snort and Bro. He then analyzed and compared (Apple to Orange) both tools to give us an idea which one is best. Obviously snort came out as winner. The reason quoted is that Bro is not a simple solution to implement. You have to define what is normal so that you can trigger abnormal if some intrusion happens. Second, Vulnerability lifecycle which describes how vulnerability goes through a cycle from detection to patching the systems. Other Chapters are arranged in this order to provide a holistic approach to Intrusion Analysis.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Recent Customer Reviews


What Other Items Do Customers Buy After Viewing This Item?