Detection", Rebecca Gurley Bace, 2000, 1-57870-185-6,
%A Rebecca Gurley Bace
%C 201 W. 103rd Street, Indianapolis, IN 46290
%I Macmillan Computer Publishing (MCP)
%O U$50.00/C$74.95 800-858-7674 317-581-3743 http://www.mcp.com
%P 339 p.
%T "Intrusion Detection"
take on this topic (and title) provides a solid and
comprehensive background for anyone pursuing the subject.
Concentrating on a conceptual model the book is occasionally
regard to practical implementation, but more than makes
up for this
textual deficiency with a strong sense of historical
developmental approaches, and references to specific
that the practitioner may research separately.
guys, can we give the reviewers a break here and work
variation in the title?)
one presents a history of intrusion detection starting
system accounting, through audit systems, to the most
and experimental systems. The definitions and concepts
broad security theory to specific intrusion detection
variants in chapter two. Intrusion detection requires
system and other information, and chapter three describes
for this data. Chapter four may be somewhat disappointing
managers in that the discussion of analysis is academic
weak in tone, even though real systems are used as illustrations.
review of possible responses, in chapter five, includes
against inappropriate overreactions. Vulnerability analysis,
including a close look at controversial tools like COPS,
ISS, is dealt with in chapter six.
seven talks about technical issues that are still to
addressed. (The organization of this chapter is a bit
some sections, such as those on reliability and analysis,
overlap material.) Real world challenges are the topic
eight, along with examples of attacks and intrusion detection
(IDS) design considerations. This section seems to reprise
the content of the vulnerabilities chapter. Dealing with
issues, evidence, and privacy in chapter nine it is nice
to see some
newer examples than the old "berferd" and "wiley
Chapter ten's review of intrusion detection systems,
and actions to
take if penetrated, addresses the informed user. Security
administrators and strategists, at the executive level,
with everything from the need for security goals to globalization
chapter eleven. Designers get a few general guidelines
twelve, along with comments from those who have been
exemplary systems. Chapter thirteen is a realistic look
developments in attacks and defence.
the other "Intrusion Detection" books,
Terry Escamilla's (cf.
BKINTRDT.RVW) is simply not in the same league, being
promotional brochure. "Network Intrusion Detection," by
Northcutt (cf. BKNTINDT.RVW), is likewise not as clever
as it thinks
it is. Edward G. Amoroso (cf.
BKINTDET.RVW) is very close
quality and usefulness, and possibly has the edge in
although his book is a bit narrower in focus. Bace provides
comprehensive overview and conceptual background that
will ensure this
text becomes a basic security reference.
copyright Robert M. Slade, 2000 BKNTRDET.RVW 20000202