Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your email address or mobile phone number.

Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century 1st Edition

4 out of 5 stars 15 customer reviews
ISBN-13: 978-0321591807
ISBN-10: 0321591801
Why is ISBN important?
ISBN
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Sell yours for a Gift Card
We'll buy it for $11.85
Learn More
Trade in now
Have one to sell? Sell on Amazon
Buy used On clicking this link, a new layer will be open
$35.64 On clicking this link, a new layer will be open
Buy new On clicking this link, a new layer will be open
$39.99 On clicking this link, a new layer will be open
More Buying Choices
18 New from $39.99 22 Used from $26.00
Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


Top 20 lists in Books
Top 20 lists in Books
View the top 20 best sellers of all time, the most reviewed books of all time and some of our editors' favorite picks. Learn more
$39.99 FREE Shipping. Only 9 left in stock (more on the way). Ships from and sold by Amazon.com. Gift-wrap available.

Frequently Bought Together

  • Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
  • +
  • Snort IDS and IPS Toolkit (Jay Beale's Open Source Security)
  • +
  • Information Security Intelligence: Cryptographic Principles & Applications
Total price: $159.28
Buy the selected items together

Editorial Reviews

From the Back Cover

""Practical Intrusion Analysis "provides a solid fundamental overview of the art and science of intrusion analysis." -Nate Miller, Cofounder, Stratum Security The Only Definitive Guide to New State-of-the-Art Techniques in Intrusion Detection and Prevention Recently, powerful innovations in intrusion detection and prevention have evolved in response to emerging threats and changing business environments. However, security practitioners have found little reliable, usable information about these new IDS/IPS technologies. In "Practical Intrusion Analysis," one of the field's leading experts brings together these innovations for the first time and demonstrates how they can be used to analyze attacks, mitigate damage, and track attackers. Ryan Trost reviews the fundamental techniques and business drivers of intrusion detection and prevention by analyzing today's new vulnerabilities and attack vectors. Next, he presents complete explanations of powerful new IDS/IPS methodologies based on Network Behavioral Analysis (NBA), data visualization, geospatial analysis, and more. Writing for security practitioners and managers at all experience levels, Trost introduces new solutions for virtually every environment. Coverage includes
  • Assessing the strengths and limitations of mainstream monitoring tools and IDS technologies
  • Using Attack Graphs to map paths of network vulnerability and becoming more proactive about preventing intrusions
  • Analyzing network behavior to immediately detect polymorphic worms, zero-day exploits, and botnet DoS attacks
  • Understanding the theory, advantages, and disadvantages of the latest Web Application Firewalls
  • Implementing IDS/IPS systems that protect wireless data traffic
  • Enhancing your intrusion detection efforts by converging with physical security defenses
  • Identifying attackers' "geographical fingerprints" and using that information to respond more effectively
  • Visualizing data traffic to identify suspicious patterns more quickly
  • Revisiting intrusion detection ROI in light of new threats, compliance risks, and technical alternatives
Includes contributions from these leading network security experts: Jeff Forristal, a.k.a. Rain Forest Puppy, senior security professional and creator of libwhisker
Seth Fogie, CEO, Airscanner USA; leading-edge mobile security researcher; coauthor of "Security Warrior" Dr. Sushil Jajodia, Director, Center for Secure Information Systems; founding Editor-in-Chief, "Journal of Computer Security" Dr. Steven Noel, Associate Director and Senior Research Scientist, Center for Secure Information Systems, George Mason University Alex Kirk, Member, Sourcefire Vulnerability Research Team

About the Author

Ryan Trost is the Director of Security and Data Privacy Officer at Comprehensive Health Services where he oversees all the organization’s security and privacy decisions. He teaches several Information Technology courses, including Ethical Hacking, Intrusion Detection, and Data Visualization at Northern Virginia Community College. This enables him to continue exploring his technical interests among the endless managerial meetings. In his spare time, Ryan works to cross-pollinate network security, GIS, and data visualization. He is considered a leading expert in geospatial intrusion detection techniques and has spoken at several conferences on the topic, most notably DEFCON 16. Ryan participated as a RedTeamer in the first annual Collegiate Cyber Defense Competition (CCDC) and now fields a team of students in the annual event. Ryan has been a senior security consultant for several government agencies before transitioning over to the private sector. In 2005, Ryan received his masters of science degree in computer science from George Washington University where he developed his first geospatial intrusion detection tool.

NO_CONTENT_IN_FEATURE



Product Details

  • Paperback: 480 pages
  • Publisher: Addison-Wesley Professional; 1 edition (July 4, 2009)
  • Language: English
  • ISBN-10: 0321591801
  • ISBN-13: 978-0321591807
  • Product Dimensions: 6.9 x 1 x 9 inches
  • Shipping Weight: 1.7 pounds (View shipping rates and policies)
  • Average Customer Review: 4.0 out of 5 stars  See all reviews (15 customer reviews)
  • Amazon Best Sellers Rank: #691,309 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Top Customer Reviews

Format: Paperback
I must start this review by stating the lead author lists me in the Acknowledgments and elsewhere in the book, which I appreciate. I also did consulting work years ago for the lead author's company, and I know the lead author to be a good guy with a unique eye for applying geography to network security data. Addison-Wesley provided me a review copy.

I did not participate in the writing process for Practical Intrusion Analysis (PIA), but after reading it I think I know how it unfolded. The lead author had enough material to write his two main sections: ch 10, Geospatial Intrusion Detection, and ch 11, Visual Data Communications. He realized he couldn't publish a 115-page book, so he enlisted five contributing authors who wrote chapters on loosely related security topics. Finally the lead author wrote two introductory sections: ch 1, Network Overview, and ch 2, Infrastructure Monitoring. This publication-by-amalgamation method seldom yields coherent or helpful material, despite the superior production efforts of a company like Addison-Wesley. To put a point on PIA's trouble, there's only a single intrusion analyzed in the book, and it's in the lead author's core section. The end result is a book you can skip, although it would be good for chapters 4 and 10 to be published separately as digital "Short Cuts" on InformIT.

Chapters 1 and 2 are not needed. Anyone who needs to learn about networking can read a basic book already published. Ch 2 does mention that 802.1AE (if ever implemented) will hamper network traffic inspection, but you could read that online.

Ch 3 is odd because it begins by mentioning well-worn methods to evade network detection, followed by a discussion of the merits of Snort vs Bro.
Read more ›
1 Comment 21 of 22 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
This book is not really a book: it is a collection of papers about security and intrusion detection. The book bears unfortunate, but noticeable signs of being written by multiple people who didn't talk to each other much.

I just finished reading the book and I can say I enjoyed it. It does have interesting ideas peppered in some places. Overall presentation consistency, however, is not lacking - it is absent. Also, the book is not terribly practical if you define practice as "protection of systems and networks from attacks." Many chapters are shallow and make the impression of being added to get the book to 450 pages threshold.

So, some chapters are fun and insightful ("Geospatial ID", "Physical IDS", the sections on signature tuning), some are funny (example: one chapter talks about SIEM, SIM and SEM, but errs about what "M" in those stands for... seriously!) and some are sad (example: the one that mentions IDMEF), while others are very shallow ("Wireless IDS/IPS"). The chapter on ROI made me fall under my desk; I experience an actual literal ROFL.

Here are some of the highlights. Ch3 has a lot of useful Bro NIDS tips; if you have never used Bro in production, give it a try. In Ch4, I liked vulnerability-based signature definition worklfow, which takes into account sig performance tuning. Ch5 was written by an academic, who doesn't get out much; if works great if you want to really know what the word "befuddled" means (it also mentioned IDMEF for extra punch :-)) Ch6 is fine if you never dealt with network flows; not a bad intro. Ch7 is a very shallow intro to web application firewalls, while ch8 is the same for wireless IDS/IPS. Ch9 deals with physical security and I loved; such information rarely shows in IT books and it was great to learn it.
Read more ›
Comment 4 of 4 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
When I first began reading Practical Intrusion Analysis by Ryan Trost, I was a little put-off. He begins the book with an overview of IP Addressing, subnetting, and packets. This is a touchy way to begin any book as you will either lose your audience if they are new to this subject, or annoy them if they are already familiar. Ryan was able to expand on this subject without going too far in to the weeds, and provide a backbone that makes the next chapters easier to understand.

The following chapters are the real meat of the book and I really got a lot out of them. Ryan covers the entire area of intrusion detection and prevention solutions from the end-point to geographic-based. I'd recommend this book to any IT Professional who deals with network security, as it helps simplify a fairly complicated subject.
Comment 2 of 2 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
My search for one book that gives me a bird's eye view of enterprise Intrusion detection and preventions systems process ends with this book. Any one who climbs up the ladder from different back ground in Information Security can easily understand the `ABCD' of Intrusion Prevention/Detection Analysis by reading this book. The author explained everything from the ground up. For e.g. when he writes about Network Intrusion Analysis, he started to explain from basic OSI reference model and TCP/IP model and goes on explaining how to capture data at various levels of the network.

This book starts with explaining how Enterprise IT infrastructure looks like and explained in brief what each technology mean for the reader. Another good outcome of reading this book is to understand the management aspect of handling Intrusion detection/ Prevention systems and process.

Let me briefly describe how this book is structured in terms of chapters and technology implementations. First the author went ahead and described two open source IDS/IPS platforms namely Snort and Bro. He then analyzed and compared (Apple to Orange) both tools to give us an idea which one is best. Obviously snort came out as winner. The reason quoted is that Bro is not a simple solution to implement. You have to define what is normal so that you can trigger abnormal if some intrusion happens. Second, Vulnerability lifecycle which describes how vulnerability goes through a cycle from detection to patching the systems. Other Chapters are arranged in this order to provide a holistic approach to Intrusion Analysis.
Read more ›
Comment 1 of 1 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Most Recent Customer Reviews

Set up an Amazon Giveaway

Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
This item: Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Price: $39.99
Ships from and sold by Amazon.com

Want to discover more products? Check out this page to see more: computer security