Intrusion detection systems are increasingly recognized as a key weapon in the war against computer crime. In The Practical Intrusion Detection Handbook, one of the field's leading experts shows exactly how to use them to detect, deter, and respond to security threats. This is the only intrusion detection book to present practical advice for the entire lifecycle: choosing products, planning, deployment, operations, and beyond. Full of checklists and real-world case studies, The Practical Intrusion Detection Handbook demonstrates exactly how to integrate intrusion detection into a total strategy for protecting your information and e-commerce assets. Paul E. Proctor introduces each approach to intrusion detection, including host-based, network-based, and hybrid solutions; then offers practical selection criteria; and reviews the key factors associated with successful deployment. You'll watch today's best intrusion detection systems in action, through response, surveillance, damage assessment, and data forensics. Finally, Proctor addresses the future of intrusion detection -- from standards and interoperability to law and ethics. |
Average Customer Review:
 ( 6 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
22 of 24 found the following review helpful:
 Hidden product advertisementMay 09, 2001
By Matthias Hofherr
"Sicherheitsberater"
In general, Mr. Proctor`s book is well done. Unfortunately, the autor uses many definitions which are not primarily used among ID specialists. These definitions are straight from the handbooks of Cybersafe Centrax, an IDS developed by the author (e.g. Network Node Intrusion Detection; the unique definitions of realtime/batched modes...). Additionally, Mr. Proctors seems to believe that only commercial IDSs are worthy of the professionel ID analyst. He wrongly describes Snort, an OpenSource NIDS published under GPL, as shareware and mentiones it very briefly in 3 sentences. Currently, 80-90% of all detects published on lists like Incidents are detected by Snort sensors ! Since Centrax is a first rate HIDS and only a second rate NIDS, the autor seems to be a very strong supporter of HIDS. This shows clearly through the whole book. The book gives a good overview over todays ID techniques combined with excellent examples. If Mr. Proctor had desisted from placing more or less hidden product advertisement in his book he would have done all readers a big favor.
15 of 16 found the following review helpful:
 Paul Proctor "gets it" -- and you should get this book!Sep 17, 2000
By Richard Bejtlich
"TaoSecurity"
I am the officer technical lead for a 50-person military intrusion detection operation. Paul spoke at the SANS 2000 Technical Conference on 25 March 2000, right before I gave my own presentation. Even though Paul emphasized a host-based ID view, and I have network-based lineage, I found his insight and experience impressive. His new book demonstrates those qualities in spades. Chapter 6, "Intrusion Detection Myths," is particularly helpful, and his statement that "There is no such thing as a false positive" rings true. An outstanding feature of the book is Paul's discussion of operational models for intrusion detection. Too many organizations (including my own military unit) believe intrusion detection involves little more than deploying and monitoring sensors. Paul encourages the reader to develop policy, requirements, expectations, legal considerations, and other facets of operation before spending a penny on intrusion detection products. The main negatives for this book involve a rushed-to-production look in some places. For example, Appendix B: Commercial Intrusion Detection Vendors, is labelled on pages 338 - 346 as "Chapter 1: Fundamentals of Vibration Damping, 1.1 Introduction". Minor errors appear elsewhere. They do not detract from the book's content, and I believe the next printing should correct these typos. This book has earned its place as the second "must-have" intrusion detection book, in my opinion. The first remains "Network Intrusion Detection" by Northcutt and Novak. While Paul's book is not a manual for front-line operatives, it will help transform your intrusion detection mission into a world-class operation.
5 of 5 found the following review helpful:
 comprehensive and readableOct 25, 2000
By Michael D. Scudder
The Practical Intrusion Detection Handbook offers a highly readable and comprehensive presentation of intrusion detection. Security is a holistic endeavor, requiring coordination of many different components, including technology, policy, practice, behavior, and so on. This trait of security makes the topic hard to grasp, and even harder to explain to non-experts, most of whom think of security as being conferred by a single object, whether a firewall, security policy, or chief security officer. The most impressive accomplishment of this book is that helps the reader apprehend all the different aspects of intrusion detection and how they interrelate. The book helped me organize my own thinking about intrusion detection, providing not only an overview of approaches and technologies, but presenting the organizational, operational, policy, and financial aspects of intrusion detection. The book is an excellent complement to other books on intrusion detection, such as Network Intrusion Detection: An Analyst's Handbook by Stephen Northcutt, and Intrusion Detection by Rebecca Gurley Bace.
School BooksJan 30, 2007
By Lee
"Lee"
This is a book that is required for my masters degree. It appears to be well organized and written in easy to understand manner.
Must Have !Jul 26, 2000
By Lisa Swain-Morris
Mr. Proctor,s Intrusion Detection Handbook, has proved to be an excellent blueprint. I highly recommend keeping it handy. It has added value to my efforts in understanding "best fit" requirements in selection of an IDS solution. Very readable! A good guide for the novice as well as the seasoned professional.
See all 6 customer reviews on Amazon.com
|
based on 6 reviews
