"Implementing Intrusion Detection Systems", Tim Crothers, 2003,
%A Tim Crothers
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%I John Wiley & Sons, Inc.
%O U$40.00/C$62.95/UK#29.95 416-236-4433 fax: 416-236-4448
%P 316 p.
%T "Implementing Intrusion Detection Systems"
The preface implies that this book is a professional reference for
building and maintaining intrusion detection systems (IDSs). I'd say
it has a fair way to go before it could make that claim.
Chapter one is an overview of intrusion detection. The basic concepts
are all included, but it is often difficult to understand the point
that the author is making. Net-based IDS gets a somewhat limited
review in chapter two, alongside a very brief introduction to TCP/IP.
There are lots of printouts of event and audit logs in chapter three
but very little explanation of the basic ideas behind host-based IDS.
Chapter four is supposed to tell us how to handle alerts, but the long
listings of packet traffic related to specific attacks (and not
interpreted particularly well) do not really provide any useful advice
on incident response. Chapters five and six raise a number of issues
to consider when planning and maintaining an IDS, but the collection
of information is neither organized nor exhaustive in terms of the
factors which need to be dealt with. Supposedly about tuning, chapter
seven is mostly about analysis of logs for an example attack. The
scripts involved in installing Snort on Linux are listed in chapter
This work is vague, unstructured, and incomplete. Yes, it would help
you get an intrusion detection system running, but it has neither the
conceptual depth of either of the two "Intrusion Detection"s, by
Amoroso (cf. BKINTDET.RVW) or Bace (cf. BKNTRDET.RVW), the detail of
"Intrusion Signatures and Analysis" (cf. BKINSIAN.RVW), nor even the
practicality of Koziol's "Intrusion Detection with Snort" (cf.
copyright Robert M. Slade, 2003 BKIMPIDS.RVW 20030909
rslade@... slade@... rslade@...
Computer Security Day, November 30 http://www.computersecurityday.com/