Customer Reviews

The Practical Intrusion Detection Handbook

5 star:		(4)
4 star:		(1)
3 star:		(1)
2 star:		(0)
1 star:		(0)

 

 

In general, Mr. Proctor`s book is well done. Unfortunately, the autor uses many definitions which are not primarily used among ID specialists. These definitions are straight from the handbooks of Cybersafe Centrax, an IDS developed by the author (e.g. Network Node Intrusion Detection; the unique definitions of realtime/batched modes...). Additionally, Mr. Proctors seems to believe that only commercial IDSs are worthy of the professionel ID analyst. He wrongly describes Snort, an OpenSource NIDS published under GPL, as shareware and mentiones it very briefly in 3 sentences. Currently, 80-90% of all detects published on lists like Incidents are detected by Snort sensors ! Since Centrax is a first rate HIDS and only a second rate NIDS, the autor seems to be a very strong supporter of HIDS. This shows clearly through the whole book. The book gives a good overview over todays ID techniques combined with excellent examples. If Mr. Proctor had desisted from placing more or less hidden product advertisement in his book he would have done all readers a big favor.

I am the officer technical lead for a 50-person military intrusion detection operation. Paul spoke at the SANS 2000 Technical Conference on 25 March 2000, right before I gave my own presentation. Even though Paul emphasized a host-based ID view, and I have network-based lineage, I found his insight and experience impressive. His new book demonstrates those qualities in spades. Chapter 6, "Intrusion Detection Myths," is particularly helpful, and his statement that "There is no such thing as a false positive" rings true.

An outstanding feature of the book is Paul's discussion of operational models for intrusion detection. Too many organizations (including my own military unit) believe intrusion detection involves little more than deploying and monitoring sensors. Paul encourages the reader to develop policy, requirements, expectations, legal considerations, and other facets of operation before spending a penny on intrusion detection products.

The main negatives for this book involve a rushed-to-production look in some places. For example, Appendix B: Commercial Intrusion Detection Vendors, is labelled on pages 338 - 346 as "Chapter 1: Fundamentals of Vibration Damping, 1.1 Introduction". Minor errors appear elsewhere. They do not detract from the book's content, and I believe the next printing should correct these typos.

This book has earned its place as the second "must-have" intrusion detection book, in my opinion. The first remains "Network Intrusion Detection" by Northcutt and Novak. While Paul's book is not a manual for front-line operatives, it will help transform your intrusion detection mission into a world-class operation.

The Practical Intrusion Detection Handbook offers a highly readable and comprehensive presentation of intrusion detection.

Security is a holistic endeavor, requiring coordination of many different components, including technology, policy, practice, behavior, and so on. This trait of security makes the topic hard to grasp, and even harder to explain to non-experts, most of whom think of security as being conferred by a single object, whether a firewall, security policy, or chief security officer. The most impressive accomplishment of this book is that helps the reader apprehend all the different aspects of intrusion detection and how they interrelate.

The book helped me organize my own thinking about intrusion detection, providing not only an overview of approaches and technologies, but presenting the organizational, operational, policy, and financial aspects of intrusion detection.

The book is an excellent complement to other books on intrusion detection, such as Network Intrusion Detection: An Analyst's Handbook by Stephen Northcutt, and Intrusion Detection by Rebecca Gurley Bace.

This is a book that is required for my masters degree. It appears to be well organized and written in easy to understand manner.

Mr. Proctor,s Intrusion Detection Handbook, has proved to be an excellent blueprint. I highly recommend keeping it handy. It has added value to my efforts in understanding "best fit" requirements in selection of an IDS solution. Very readable! A good guide for the novice as well as the seasoned professional.

This book is comprehensive and very readable. The information is excellent. Mr. Proctor's experience helps show how intrusion detection systems are used in real life through a lot of examples. My company implemented network-based IDS last year and this book really helped us understand host-based IDS. In fact it's the only book I've read on IDS that pays any significant attention to host-based IDS.

On the down side there are a few typos and the product section is a dated because several of the products mentioned have been acquired by other companies but this didn't take away from the really useful information.

I've read the other books on intrusion detection and if you've got Northcutt's book and this one you'll have all the information you need.