- Series: Landmark (New Riders)
- Paperback: 450 pages
- Publisher: New Riders Publishing; 2nd edition (September 22, 2000)
- Language: English
- ISBN-10: 0735710082
- ISBN-13: 978-0735710085
- Product Dimensions: 9 x 7 x 1 inches
- Shipping Weight: 1.6 pounds (View shipping rates and policies)
- Average Customer Review: 50 customer reviews
- Amazon Best Sellers Rank: #3,073,003 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Network Intrusion Detection: An Analyst's Handbook (2nd Edition) 2nd Edition
Use the Amazon App to scan ISBNs and compare prices.
"Neverworld Wake" by Marisha Pessl
Read the absorbing new psychological suspense thriller from acclaimed New York Times bestselling author Marisha Pessl. Learn more
Frequently bought together
Customers who viewed this item also viewed
A collection of after-action reports on a variety of network attacks, Network Intrusion Detection enables you to learn from others' mistakes as you endeavor to protect your networks from intrusion. Authors Stephen Northcutt and Judy Novak document real attacks on systems, and highlight characteristics that you--you being a network communications analyst or security specialist--can look for on your own machines. The authors mince no words, and advise you on the detection tools to use (they like and use Snort, as well as Shadow, Tripwire, TCP Wrappers, and others) and how to use them. This second edition of the book includes less about year-2000 preparation and more about the latest in attacks, countermeasures, and the growing community of white-hat hackers who share information to keep systems safe.
In teaching their readers about the attacks that exploit a particular protocol or service, the authors typically present a TCPdump listing that shows an attack, and then comment upon it. They tell you what the attackers did, how successful they were, and how the attack might have been detected and shut down. To cite one example, there's a very detailed analysis of Kevin Mitnick's famous attack (a SYN flood, combined with TCP hijacking) on one of Tsutomu Shimomura's machines. By following the advice in this book, you'll likely do well in protecting your machines against people whom the authors call "script kiddies" --small-time hackers who follow published recipes (or run prewritten routines). Also, you'll be about as prepared as you can be against more skilled attackers who make up their attacks on their own. This is great reading for anyone who's involved in developing filters to ward off attacks or monitoring network communications for suspicious activity. It's also a valuable resource for someone who's evaluating network countermeasures in preparation for deployment. --David Wall
Topics covered: Analysis of TCP/IP traffic, with an eye toward detecting and halting malicious activity, both manually and automatically. Subjects include tools for finding weaknesses and initiating attacks, and the signatures that identify these tools. There's discussion of the vulnerabilities that exist in services, such as IMAP and Domain Name System (DNS).
From the Inside Flap
"The 2nd Edition of Network Intrusion Detection fortifies its position as the primary manual for front-line intrusion detectors. One of this book's major achievements is that it succinctly and thoroughly addresses the training needs of personnel operating sophisticated Intrusion Detection Systems. No other published volume gives hands-on analysts the tools to separate false positives from true alerts on a daily basis.
Buy this book if your job involves intrusion detection, incident response, or computer security in general. You will walk away wiser and better prepared to face the wiles of the Internet, and your company will benefit from an improved security posture."
-Captain Richard Bejtlich, Intrusion Technician, Air Force Computer Emergency Response Team
"This is the ONLY book addressing effective network intrusion detection and response. The content comes directly from daily "front-line" experience, and the material represents the best consensus from a variety of expert practitioners. There is not a resource out there which has more relevant than this book. I am rewriting my filters today based on what I have read." -Andy Johnston, Distributed System Manager, Office of Information Technology, University of Maryland, Baltimore County
"I love the writing style. Conversational with just enough humor to keep it interesting. Points like "seasoned administrators can skip this chapter" and "this point is important to understanding the rest of the chapter" are great guides to helping the reader work their way through the material."
-Chris Brenton, Senior Research Engineer at Dartmouth's Institute for Security Technology Studies
"I was particularly impressed by the suggested presentations to managers for laying out a cost-benefit analysis of the overall benefits of purchasing a host-based intrusion detection system and appropriate training for analysts. Intrusion Detection Systems can be extremely costly and may seem like "money pits" to people who do not understand the need for monitoring networks. This book would be extremely useful for anyone wishing to approach corporate managers on both of these issues."
-John Furlong, Security Consultant
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
The book has pages literally not glued in and they're falling out in perfect condition like they're looseleaf paper.
If you already know the Layer 3/Layer 4 protocols, there's not a lot here that isn't already widely known in the IDS community. The chapters on Snort are extremely outdated. No discussion of the extremely complex Flowbits option, and no discussion of the numerous sophisticated payload navigation options such as Byte Jump and Byte Test. This is after being subjected to a lecture elsewhere in the book that payload inspection is important.
Also, the attacks described in this book are pretty much ancient history. More discussions of spyware attacks such as 2020search and 180solutions are vital to keep this book up to date.
Frankly, I don't see how this book is useful for anyone except rank beginners who need an introduction. In that capacity it definitely will be helpful.
This is a bits & bytes book; it assumes some knowledge of TCP/IP and security concepts, but it accomodates non-specialists. It is useful for readers of varying levels of familiarity with Internet protocols. Northcutt provides an excellent introduction to the specific mechanisms of the most common network attacks, and offers the most cogent description I've seen of the [purported] Mitnick attack on Shimomura.
I especially enjoyed his efforts at providing neophyte intrusion analysts with political advice. His insight that host-based IDS is technically superior to network-based, but politically impractical is a gem of organizational wisdom.
The author has "been there, done that" which gives him a perspective unavailable to professional technical authors who write about Java one month, CORBA the next, will be assigned a firewall book next.
This book will be useful to people responsible for intrusion detection, people who manage them, and to people who need to understand attack techniques and the forensic tools needed to detect and document them. Highly recommended; it's in the same class as Cheswick & Bellovin's classic _Firewalls and Internet Security_.
The only down side to this book is that not enough attention is paid to exploring the gory details of networking like Ethernet frames, IP/TCP/UDP/etc. packets. This is an important topic for security people to understand.
It describes the TCP/IP in detail and shows how it work and how to recognize strange network traffic by monitoring the network using tcpdump.
I recommend it for seasoned network administrators and for beginners.