A complete nuts-and-bolts guide to improving network security using today's best intrusion detection products

Firewalls cannot catch all of the hacks coming into your network. To properly safeguard your valuable information resources against attack, you need a full-time watchdog, ever on the alert, to sniff out suspicious behavior on your network. This book gives you the additional ammo you need. Terry Escamilla shows you how to combine and properly deploy today's best intrusion detection products in order to arm your network with a virtually impenetrable line of defense. He provides:
* Assessments of commercially available intrusion detection products: what each can and cannot do to fill the gaps in your network security
* Recommendations for dramatically improving network security using the right combination of intrusion detection products
* The lowdown on identification and authentication, firewalls, and access control
* Detailed comparisons between today's leading intrusion detection product categories
* A practical perspective on how different security products fit together to provide protection for your network

The companion Web site at www.wiley.com/compbooks/escamilla features: White papers
* Industry news
* Product information

Average Customer Review: ( 9 customer reviews )
Write an online review and share your thoughts with other customers.

The most important problem with this book will be obvious to most readers. Escamilla doesn't address the subject of intrusion detection until midway through the book, opting instead to fill the first half of the book with background information about computer security. This information is presented poorly (and with glaring inaccuracies). Almost all of it is covered better in other books, which readers unfamiliar with network security will need to buy anyways to make the intrusion detection concepts discussed in the latter half of the book accessible.

Unfortunately, the relevant half of the book isn't much better. A confused mish-mash of technologies are presented under the banner of I-D (I know of very few people in the security industry who consider security scanners to be I-D systems), and the most widely used forms of I-D are given scant coverage.

Worse still, the author profiles real commercial I-D systems (towards the end of the book). Apart from the fact that this information was unsalvageably outdated before the book made it to the press, it's also biased. Descriptions of one system span 3 pages, while another merits a single paragraph. Many important systems (which were widely known at the time of this book's release) are not covered at all. And, predictably, most of the details about the commercial systems covered read like marketing material, with almost no comparisons to the other systems covered.

Although this book is a mess, it's not an unrecoverable one. The authors descriptions of Do-It-Yourself intrusion detection on Unix systems is competant, if not revolutionary, and is almost reminiscent of Cheswick and Bellovin's work in _Firewalls_and_Internet_Security_. A better informed, more coherent second revision of this book would be worth looking at.

Unfortunately, there's very little to recommend this book. A critical and informed reader might get some value out of it, but nothing that couldn't be obtained more easily from the Internet. At its worst, however, this book can be misleading, and is thus an inappropriate introduction to its subject. Overall, a deeply flawed book. Steer clear.

15 of 16 found the following review helpful:

Buy the Northcutt book insteadJan 30, 2000
By J. G. Heiser
This is just not a useful book. Half of the book is not about intrusion detection at all--it consists of an uninspiring general introduction to computer security.

The author apparently has no actual experience in the subject. It is filled with innaccuracies. Confusing 'hash value' with 'digital signature' is a common rookie mistake, but it is typical of the inexcusable lack of precision in this text.

Besides being misleading, off-subject, and out-of-date, it is deadly boring. If you want a hands-on book, get the Northcutt text. If you want an academic and useful theoretical approach, get Amoroso's book. If you want an introductory text on information security, why would you buy a book on IDS?

It is apparent that Wiley badly wanted to publish a book on intrusion detection, and the author was all too willing to squeeze his existing square peg of a security text into an ill-fitting IDS round hole.

10 of 10 found the following review helpful:

Rambling and fragmented - of little use to novice or expertApr 16, 1999

Computer security is a subject that one either loves or loathes. To the lover, it is a stimulating, intellectual challenge. To the loather, it is based on boring, complicated maths with the sole aim of preventing users doing their job.

In such a world, any author of a book needs to decide whether to write their work at the techies, thus jumping straight in at the deep end, or the novice, offering a gentle primer that attracts the reader into the subject. The very best computer security books (Schneier; Stoll; Garfinkel and Spafford) have clearly attacked one path. The worst have headed off somewhere in between.

Escamilla has chosen the latter - with the usual, dire consequences. Aimed at `any computer literate person' the book is notionally divided into two parts, one to introduce basic concepts of computer security, and another to describe intrusion detection systems. However, neither part meets it aim. The first occupies more than 150 rambling and often inaccurate pages. Moreover, it strays into territory well beyond `any' person. For instance, ten pages are devoted to the Kerberos authentication protocol. Indeed, so long is the `introduction' that the author, almost apologetically, has to keep reminding the user that the book is about intrusion detection.

The second part fares little better. It forages around scanners, network sniffers, covert channels, Unix and NT adminstration, again under the apologetic guise of intrusion detection. Some intrusion detection systems are described - RealSecure, NetRanger and so on - but in a brief and fragmented manner, which offers little in the way of practical, consumer guidance. Possibly the worst aspect of the treatment is that no coverage is given to what a typical audit log looks like - which would at least help justify why intrusion detection systems are needed.

The most useful piece of advice offered in the book is not to consider buying an intrusion detection system if you haven't invested in more basic tools like a firewall. The most useful piece of advice that can be offered about the book is not to consider buying it.

12 of 13 found the following review helpful:

Don't be fooled by the name of the book.Oct 20, 1999

Look for somewhere else if you are serious about network security. The content of the whole book is just too superficial !

1 of 1 found the following review helpful:

Superb coverage for ID strategy and deploymentNov 24, 1998

If you're responsible for protecting your company's information assets, this book is for you. As a security professional at a mid-sized firm, I found Escamilla's frank assessments of commercially available intrusion detection products invaluable. Given the author's obvioulsly immense research on the classic security model and today's leading intrusion detection products, I am now very confident about the right steps to take to fill the gaps in my organization's network security. Escamillia provides a thorough explanation of security problems and then explains how classic security products address these problems and why intrusion detection is needed beyond I&A, access control, and network security products such as firewalls. As the author states, the book is intended for the reader to know "precisely what a product can and cannot do." If you're a security officer, or simply have an interest on the growing need for computer security, prepare to think critically about how intrusion detection products work and why you need them. Buy this book!

See all 9 customer reviews on Amazon.com