Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Implementing Intrusion Detection Systems", Tim Crothers

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKIMPIDS.RVW 20030909 Implementing Intrusion Detection Systems , Tim Crothers, 2003, 0-7645-4949-9, U$40.00/C$62.95/UK#29.95 %A Tim Crothers %C 5353
    Message 1 of 1 , Oct 31, 2003
    • 0 Attachment
      BKIMPIDS.RVW 20030909

      "Implementing Intrusion Detection Systems", Tim Crothers, 2003,
      0-7645-4949-9, U$40.00/C$62.95/UK#29.95
      %A Tim Crothers
      %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
      %D 2003
      %G 0-7645-4949-9
      %I John Wiley & Sons, Inc.
      %O U$40.00/C$62.95/UK#29.95 416-236-4433 fax: 416-236-4448
      %O http://www.amazon.com/exec/obidos/ASIN/0764549499/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0764549499/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/0764549499/robsladesin03-20
      %P 316 p.
      %T "Implementing Intrusion Detection Systems"

      The preface implies that this book is a professional reference for
      building and maintaining intrusion detection systems (IDSs). I'd say
      it has a fair way to go before it could make that claim.

      Chapter one is an overview of intrusion detection. The basic concepts
      are all included, but it is often difficult to understand the point
      that the author is making. Net-based IDS gets a somewhat limited
      review in chapter two, alongside a very brief introduction to TCP/IP.
      There are lots of printouts of event and audit logs in chapter three
      but very little explanation of the basic ideas behind host-based IDS.
      Chapter four is supposed to tell us how to handle alerts, but the long
      listings of packet traffic related to specific attacks (and not
      interpreted particularly well) do not really provide any useful advice
      on incident response. Chapters five and six raise a number of issues
      to consider when planning and maintaining an IDS, but the collection
      of information is neither organized nor exhaustive in terms of the
      factors which need to be dealt with. Supposedly about tuning, chapter
      seven is mostly about analysis of logs for an example attack. The
      scripts involved in installing Snort on Linux are listed in chapter
      eight.

      This work is vague, unstructured, and incomplete. Yes, it would help
      you get an intrusion detection system running, but it has neither the
      conceptual depth of either of the two "Intrusion Detection"s, by
      Amoroso (cf. BKINTDET.RVW) or Bace (cf. BKNTRDET.RVW), the detail of
      "Intrusion Signatures and Analysis" (cf. BKINSIAN.RVW), nor even the
      practicality of Koziol's "Intrusion Detection with Snort" (cf.
      BKINDTSN.RVW).

      copyright Robert M. Slade, 2003 BKIMPIDS.RVW 20030909


      ======================
      rslade@... slade@... rslade@...
      Computer Security Day, November 30 http://www.computersecurityday.com/
      victoria.tc.ca/techrev/mnbksc.htm sun.soci.niu.edu/~rslade/secgloss.htm
    Your message has been successfully submitted and would be delivered to recipients shortly.