Loading ...
Sorry, an error occurred while loading the content.

[techbooks] REVIEW: "Intrusion Detection", Edward G. Amoroso

Expand Messages
  • Rob Slade, doting grandpa of Ryan and Tr
    BKINTDET.RVW 990423 Intrusion Detection , Edward G. Amoroso, 1999, 0-9666700-7-8, U$49.95 %A Edward G. Amoroso eamoroso@mail.att.net %C P. O. Box 78,
    Message 1 of 1 , Jun 17, 1999
      BKINTDET.RVW 990423

      "Intrusion Detection", Edward G. Amoroso, 1999, 0-9666700-7-8, U$49.95
      %A Edward G. Amoroso eamoroso@...
      %C P. O. Box 78, Sparta, NJ 07871
      %D 1999
      %G 0-9666700-7-8
      %I Intrusion.Net Books
      %O U$49.95 973-448-1866 fax: 973-448-1868 order@...
      %P 218 p.
      %T "Intrusion Detection"

      This is not (very much not) to be confused with the identically named,
      and almost equally recent, book by Escamilla (cf. BKINTRDT.RVW).
      Where Escamilla's is basically a large brochure for various commercial
      systems, Amoroso has specifically chosen to avoid products,
      concentrating on concepts, and not a few technical details. The text
      is based on material for an advanced course in intrusion detection,
      but is intended for administrators and system designers with a
      security job to do.

      Chapter one, after demonstrating that the term means different things
      to different people, gives us an excellent, practical, real world
      definition of intrusion detection. This is used as the basis for an
      examination of essential components and issues to be dealt with as the
      book proceeds. Five different processes for detecting intrusions are
      discussed in chapter two. Each method spawns a number of "case
      studies," which, for Amoroso, means looking at how specific tools can
      be used. (This style is far more useful than the normal business case
      studies that are long on who did what and very short on how.)
      Intrusion detection architecture is reviewed in chapter three,
      enlarging the conceptual model to produce an overall system. Chapter
      four defines intrusions in a way that may seem strange, until you
      realize that it is a very functional description for building
      detection rules. The problem of determining identity on a TCP/IP
      internetwork is discussed in chapter five, but while the topic is
      relevant to intrusion detection, few answers are presented.
      Correlating events is examined in chapter six. Chapter seven looks at
      setting traps, primarily from and information gathering perspective.
      The book ends with a look at response in chapter eight.

      The bibliography is, for once, annotated. While I do not always agree
      with Amoroso's assessments; I think he tends to give the benefit of
      the doubt to some who primarily deliver sensation; the materials are
      generally high quality resources from the field. Books and online
      texts are included, although the emphasis is on journal articles and
      conference papers.

      The content is readable and, although it seems odd to use the word in
      relation to a security work, even fun. I suppose, though, that I must
      point out that your humble "worst copy editor in the entire world"
      reviewer found a significant number of typographic errors. (And some
      that can't be put down to typos: I think you'll find that it's
      "berferd" rather than "berford.")

      This book works on a great many levels. It provides an overall
      framework for thinking about security. It thoroughly explains the
      concepts behind intrusion detection. And it gives you some very
      practical and useful advice for system protection for a variety of
      operating systems and using a number of tools. I can recommend this
      to anyone interested in security, with the only proviso being that you
      are going to get the most out of it if you are, indeed, responsible
      for designing network protection.

      copyright Robert M. Slade, 1999 BKINTDET.RVW 990423

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      On the other hand, you have different fingers.
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade


      eGroups.com home: http://www.egroups.com/group/techbooks
      http://www.egroups.com - Simplifying group communications
    Your message has been successfully submitted and would be delivered to recipients shortly.