"Intrusion Detection", Rebecca Gurley Bace, 2000, 1-57870-185-6,
%A Rebecca Gurley Bace
%C 201 W. 103rd Street, Indianapolis, IN 46290
%I Macmillan Computer Publishing (MCP)
%O U$50.00/C$74.95 800-858-7674 317-581-3743 http://www.mcp.com
%P 339 p.
%T "Intrusion Detection"
Bace's take on this topic (and title) provides a solid and
comprehensive background for anyone pursuing the subject.
Concentrating on a conceptual model the book is occasionally weak in
regard to practical implementation, but more than makes up for this
textual deficiency with a strong sense of historical background,
developmental approaches, and references to specific implementations
that the practitioner may research separately.
(Look, guys, can we give the reviewers a break here and work on *some*
variation in the title?)
Chapter one presents a history of intrusion detection starting with
system accounting, through audit systems, to the most recent research
and experimental systems. The definitions and concepts focus from
broad security theory to specific intrusion detection principles and
variants in chapter two. Intrusion detection requires analysis of
system and other information, and chapter three describes the sources
for this data. Chapter four may be somewhat disappointing to security
managers in that the discussion of analysis is academic and possibly
weak in tone, even though real systems are used as illustrations. The
review of possible responses, in chapter five, includes warnings
against inappropriate overreactions. Vulnerability analysis,
including a close look at controversial tools like COPS, SATAN, and
ISS, is dealt with in chapter six.
Chapter seven talks about technical issues that are still to be
addressed. (The organization of this chapter is a bit loose, with
some sections, such as those on reliability and analysis, seeming to
overlap material.) Real world challenges are the topic of chapter
eight, along with examples of attacks and intrusion detection system
(IDS) design considerations. This section seems to reprise much of
the content of the vulnerabilities chapter. Dealing with legal
issues, evidence, and privacy in chapter nine it is nice to see some
newer examples than the old "berferd" and "wiley hacker" standards.
Chapter ten's review of intrusion detection systems, and actions to
take if penetrated, addresses the informed user. Security
administrators and strategists, at the executive level, are presented
with everything from the need for security goals to globalization in
chapter eleven. Designers get a few general guidelines in chapter
twelve, along with comments from those who have been implementing
exemplary systems. Chapter thirteen is a realistic look at future
developments in attacks and defence.
Of the other "Intrusion Detection" books, Terry Escamilla's (cf.
BKINTRDT.RVW) is simply not in the same league, being basically a
promotional brochure. "Network Intrusion Detection," by Stephen
Northcutt (cf. BKNTINDT.RVW), is likewise not as clever as it thinks
it is. Edward G. Amoroso (cf. BKINTDET.RVW) is very close in both
quality and usefulness, and possibly has the edge in practical terms,
although his book is a bit narrower in focus. Bace provides a
comprehensive overview and conceptual background that will ensure this
text becomes a basic security reference.
copyright Robert M. Slade, 2000 BKNTRDET.RVW 20000202
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
To the man who only has a hammer, everything he encounters begins
to look like a nail. - Abraham H. Maslow