The Practical Intrusion Detection Handbook [Paperback]

Paul E. Proctor (Author)

Book Description

Publication Date: August 19, 2000 | ISBN-10: 0130259608 | ISBN-13: 978-0130259608 | Edition: 1

Intrusion detection systems are increasingly recognized as a key weapon in the war against computer crime. In The Practical Intrusion Detection Handbook, one of the field's leading experts shows exactly how to use them to detect, deter, and respond to security threats. This is the only intrusion detection book to present practical advice for the entire lifecycle: choosing products, planning, deployment, operations, and beyond. Full of checklists and real-world case studies, The Practical Intrusion Detection Handbook demonstrates exactly how to integrate intrusion detection into a total strategy for protecting your information and e-commerce assets. Paul E. Proctor introduces each approach to intrusion detection, including host-based, network-based, and hybrid solutions; then offers practical selection criteria; and reviews the key factors associated with successful deployment. You'll watch today's best intrusion detection systems in action, through response, surveillance, damage assessment, and data forensics. Finally, Proctor addresses the future of intrusion detection -- from standards and interoperability to law and ethics.

Editorial Reviews

Amazon.com Review

Rather than emphasize the characteristics of attacks on computers and networks, The Practical Intrusion Detection Handbook places its focus on the tools, resources, and policies that should be in place to help security administrators do their jobs. It deals with preventing attacks, detecting and stopping them when they occur, and assessing--after the fact--the damage they cause. Throughout, the importance of record keeping is emphasized, particularly that accurate and unmuddled log files are necessary to back up legal charges or support certain firing decisions, if necessary. The business environment beyond the security officer's cubicle is also explored, including how to justify security expenditures to organizational decision makers.

This isn't exactly an academic text, but it's a step removed from the sorts of play-by-play descriptions of attacks and defenses you'll find in Stephen Northcutt's security books--reference is made to those books, as a matter of fact. This hardback volume explains the appearance of various kinds of attacks in broad terms, and shows how intrusion detection systems (IDS) can spot and record the clues (Windows NT security log entries are often used as examples). The text is conversational and liberally studded with bulleted definitions, boxed case studies, and references to Web sites and paper documents. While a working security administrator would probably want to back this book with one of Northcutt's texts and other more detailed books, The Practical Intrusion Detection Handbook makes an excellent choice for a student of business management who wants to be more than minimally informed about the operation of corporate information systems, so as to make better decisions about those systems. --David Wall

Topics covered: Intrusion detection systems (IDS) for whole networks as well as for individual computers, with emphasis on how intrusion detection works and how to configure it for maximum effectiveness and minimum false alarms. Establishing policies and setting procedures, and ways to choose IDS products and justify their purchase to management.

From the Publisher

So, you think your computer systems are safe? Well, maybe they are; maybe they are not. Sooner or later, however, something is going to happen. It is sort of like those California earthquakes: they eventually happen. No matter how good your computer security measures, something is likely to happen.

The last six months have seen a lot of front page news focusing on computer security failures: denial of service attacks, viruses, etc. And how many companies have been intruded, but can't make the intrusion public? How many employees do damage to systems from within the company?

My point is that computer security breaches are common. The point isn't so much what to do to prevent them-although that is, certainly, important-but what to do to detect them quickly and fix them-or fix the damage that occurs quickly.

This is what Paul Proctor's book focuses on. Paul is a pioneer of the intrusion detection field, and a foremost leader in the field. Well, don't take my word for it. After all I'm the publisher of the book. Read what Dorothy Denning said about Paul:

"Intrusion detection has gone. . .from an idea worthy of study to a key element of the national plan for cyber defense. . . . Nobody brought that about more than Paul Proctor. . . ."

Paul has developed numerous commercial technologies, has worked for the US President's National Security Telecommunications Advisory Committee and other agencies, and has been personally involved in several of the world's most significant intruder "take-downs". Sorry, but I can't tell you which ones. Paul would have to kill me.

Paul's book is designed to walk you through the issues that you need to consider and the practical steps you can take to come up with a workable and implementable plan for your company's or government agency's needs.

You will find it cleary written and clear-headed, as did the reviewers. And you will find an authorial voice that is sensible, logical, crisp and ready to teach: just like Paul. I hope you enjoy it, and that it helps you find the right solution for your situation.

See all Editorial Reviews

Product Details

• Paperback: 384 pages
• Publisher: Prentice Hall; 1 edition (August 19, 2000)
• Language: English
• ISBN-10: 0130259608
• ISBN-13: 978-0130259608
• Product Dimensions: 9.3 x 6.7 x 0.8 inches
• Shipping Weight: 1 pounds (View shipping rates and policies)
• Average Customer Review: 4.5 out of 5 stars  See all reviews (6 customer reviews)
• Amazon Best Sellers Rank: #884,216 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

22 of 24 people found the following review helpful:

3.0 out of 5 stars Hidden product advertisement, May 9, 2001

By 

Matthias Hofherr "Sicherheitsberater" (München) - See all my reviews
(REAL NAME)   

This review is from: The Practical Intrusion Detection Handbook (Paperback)

In general, Mr. Proctor`s book is well done. Unfortunately, the autor uses many definitions which are not primarily used among ID specialists. These definitions are straight from the handbooks of Cybersafe Centrax, an IDS developed by the author (e.g. Network Node Intrusion Detection; the unique definitions of realtime/batched modes...). Additionally, Mr. Proctors seems to believe that only commercial IDSs are worthy of the professionel ID analyst. He wrongly describes Snort, an OpenSource NIDS published under GPL, as shareware and mentiones it very briefly in 3 sentences. Currently, 80-90% of all detects published on lists like Incidents are detected by Snort sensors ! Since Centrax is a first rate HIDS and only a second rate NIDS, the autor seems to be a very strong supporter of HIDS. This shows clearly through the whole book. The book gives a good overview over todays ID techniques combined with excellent examples. If Mr. Proctor had desisted from placing more or less hidden product advertisement in his book he would have done all readers a big favor.

15 of 16 people found the following review helpful:

4.0 out of 5 stars Paul Proctor "gets it" -- and you should get this book!, September 17, 2000

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: The Practical Intrusion Detection Handbook (Paperback)

I am the officer technical lead for a 50-person military intrusion detection operation. Paul spoke at the SANS 2000 Technical Conference on 25 March 2000, right before I gave my own presentation. Even though Paul emphasized a host-based ID view, and I have network-based lineage, I found his insight and experience impressive. His new book demonstrates those qualities in spades. Chapter 6, "Intrusion Detection Myths," is particularly helpful, and his statement that "There is no such thing as a false positive" rings true.

An outstanding feature of the book is Paul's discussion of operational models for intrusion detection. Too many organizations (including my own military unit) believe intrusion detection involves little more than deploying and monitoring sensors. Paul encourages the reader to develop policy, requirements, expectations, legal considerations, and other facets of operation before spending a penny on intrusion detection products.

The main negatives for this book involve a rushed-to-production look in some places. For example, Appendix B: Commercial Intrusion Detection Vendors, is labelled on pages 338 - 346 as "Chapter 1: Fundamentals of Vibration Damping, 1.1 Introduction". Minor errors appear elsewhere. They do not detract from the book's content, and I believe the next printing should correct these typos.

This book has earned its place as the second "must-have" intrusion detection book, in my opinion. The first remains "Network Intrusion Detection" by Northcutt and Novak. While Paul's book is not a manual for front-line operatives, it will help transform your intrusion detection mission into a world-class operation.

5 of 5 people found the following review helpful:

5.0 out of 5 stars comprehensive and readable, October 25, 2000

By 

Michael D. Scudder (New York, New York USA) - See all my reviews

This review is from: The Practical Intrusion Detection Handbook (Paperback)

The Practical Intrusion Detection Handbook offers a highly readable and comprehensive presentation of intrusion detection.

Security is a holistic endeavor, requiring coordination of many different components, including technology, policy, practice, behavior, and so on. This trait of security makes the topic hard to grasp, and even harder to explain to non-experts, most of whom think of security as being conferred by a single object, whether a firewall, security policy, or chief security officer. The most impressive accomplishment of this book is that helps the reader apprehend all the different aspects of intrusion detection and how they interrelate.

The book helped me organize my own thinking about intrusion detection, providing not only an overview of approaches and technologies, but presenting the organizational, operational, policy, and financial aspects of intrusion detection.

The book is an excellent complement to other books on intrusion detection, such as Network Intrusion Detection: An Analyst's Handbook by Stephen Northcutt, and Intrusion Detection by Rebecca Gurley Bace.