Loading ...
Sorry, an error occurred while loading the content.

[techbooks] REVIEW: "Intrusion Detection", Rebecca Gurley Bace

Expand Messages
  • Rob Slade, doting grandpa of Ryan and Tr
    BKNTRDET.RVW 20000202 Intrusion Detection , Rebecca Gurley Bace, 2000, 1-57870-185-6, U$50.00/C$74.95 %A Rebecca Gurley Bace %C 201 W. 103rd Street,
    Message 1 of 1 , Mar 10, 2000
    • 0 Attachment
      BKNTRDET.RVW 20000202

      "Intrusion Detection", Rebecca Gurley Bace, 2000, 1-57870-185-6,
      %A Rebecca Gurley Bace
      %C 201 W. 103rd Street, Indianapolis, IN 46290
      %D 2000
      %G 1-57870-185-6
      %I Macmillan Computer Publishing (MCP)
      %O U$50.00/C$74.95 800-858-7674 317-581-3743 http://www.mcp.com
      %P 339 p.
      %T "Intrusion Detection"

      Bace's take on this topic (and title) provides a solid and
      comprehensive background for anyone pursuing the subject.
      Concentrating on a conceptual model the book is occasionally weak in
      regard to practical implementation, but more than makes up for this
      textual deficiency with a strong sense of historical background,
      developmental approaches, and references to specific implementations
      that the practitioner may research separately.

      (Look, guys, can we give the reviewers a break here and work on *some*
      variation in the title?)

      Chapter one presents a history of intrusion detection starting with
      system accounting, through audit systems, to the most recent research
      and experimental systems. The definitions and concepts focus from
      broad security theory to specific intrusion detection principles and
      variants in chapter two. Intrusion detection requires analysis of
      system and other information, and chapter three describes the sources
      for this data. Chapter four may be somewhat disappointing to security
      managers in that the discussion of analysis is academic and possibly
      weak in tone, even though real systems are used as illustrations. The
      review of possible responses, in chapter five, includes warnings
      against inappropriate overreactions. Vulnerability analysis,
      including a close look at controversial tools like COPS, SATAN, and
      ISS, is dealt with in chapter six.

      Chapter seven talks about technical issues that are still to be
      addressed. (The organization of this chapter is a bit loose, with
      some sections, such as those on reliability and analysis, seeming to
      overlap material.) Real world challenges are the topic of chapter
      eight, along with examples of attacks and intrusion detection system
      (IDS) design considerations. This section seems to reprise much of
      the content of the vulnerabilities chapter. Dealing with legal
      issues, evidence, and privacy in chapter nine it is nice to see some
      newer examples than the old "berferd" and "wiley hacker" standards.
      Chapter ten's review of intrusion detection systems, and actions to
      take if penetrated, addresses the informed user. Security
      administrators and strategists, at the executive level, are presented
      with everything from the need for security goals to globalization in
      chapter eleven. Designers get a few general guidelines in chapter
      twelve, along with comments from those who have been implementing
      exemplary systems. Chapter thirteen is a realistic look at future
      developments in attacks and defence.

      Of the other "Intrusion Detection" books, Terry Escamilla's (cf.
      BKINTRDT.RVW) is simply not in the same league, being basically a
      promotional brochure. "Network Intrusion Detection," by Stephen
      Northcutt (cf. BKNTINDT.RVW), is likewise not as clever as it thinks
      it is. Edward G. Amoroso (cf. BKINTDET.RVW) is very close in both
      quality and usefulness, and possibly has the edge in practical terms,
      although his book is a bit narrower in focus. Bace provides a
      comprehensive overview and conceptual background that will ensure this
      text becomes a basic security reference.

      copyright Robert M. Slade, 2000 BKNTRDET.RVW 20000202

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      To the man who only has a hammer, everything he encounters begins
      to look like a nail. - Abraham H. Maslow
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.