Detection", Edward G. Amoroso, 1999, 0-9666700-7-8,
%A Edward G. Amoroso firstname.lastname@example.org
%C P. O. Box 78, Sparta, NJ 07871
%I Intrusion.Net Books
%O U$49.95 973-448-1866 fax: 973-448-1868 email@example.com
%P 218 p.
%T "Intrusion Detection"
is not (very much not) to be confused with the identically
and almost equally recent, book by Escamilla (cf. BKINTRDT.RVW).
Where Escamilla's is basically a large brochure for
systems, Amoroso has specifically chosen to avoid products,
concentrating on concepts, and not a few technical details.
is based on material for an advanced course in intrusion
but is intended for administrators and system designers
security job to do.
one, after demonstrating that the term means different
to different people, gives us an excellent, practical,
definition of intrusion detection. This is used as the
basis for an
examination of essential components and issues to be
dealt with as the
book proceeds. Five different processes for detecting
discussed in chapter two. Each method spawns a number
studies," which, for Amoroso, means looking at how
specific tools can
be used. (This style is far more useful than the normal
studies that are long on who did what and very short
detection architecture is reviewed in chapter three,
enlarging the conceptual model to produce an overall
four defines intrusions in a way that may seem strange,
realize that it is a very functional description for
detection rules. The problem of determining identity
on a TCP/IP
internetwork is discussed in chapter five, but while
the topic is
relevant to intrusion detection, few answers are presented.
Correlating events is examined in chapter six. Chapter
seven looks at
setting traps, primarily from and information gathering
The book ends with a look at response in chapter eight.
bibliography is, for once, annotated. While I do not
with Amoroso's assessments; I think he tends to give
the benefit of
the doubt to some who primarily deliver sensation; the
generally high quality resources from the field. Books
texts are included, although the emphasis is on journal
content is readable and, although it seems odd to use
the word in
relation to a security work, even fun. I suppose, though,
that I must
point out that your humble "worst copy editor in
the entire world" reviewer
found a significant number of typographic errors. (And
that can't be put down to typos: I think you'll find
berferd" rather than "berford.")
book works on a great many levels. It provides an overall
framework for thinking about security. It thoroughly
concepts behind intrusion detection. And it gives you
practical and useful advice for system protection for
a variety of
operating systems and using a number of tools. I can
to anyone interested in security, with the only proviso
being that you
are going to get the most out of it if you are, indeed,
for designing network protection.
Robert M. Slade, 1999 BKINTDET.RVW 990423