Books

The Tao of Network Security Monitoring: Beyond Intrusion Detection

Average customer rating:

Jump into NSM
Great book
Great book to learn the Art of Network Monitoring!
Shows a disciplined approach to network security monitoring
One of a kind

The Tao of Network Security Monitoring: Beyond Intrusion Detection
Richard Bejtlich
Manufacturer: Addison-Wesley Professional
ProductGroup: Book
Binding: Paperback

General | Certification Central | Computers & Internet | Subjects | Books

Privacy | Business & Culture | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Look Inside Business Books | Trip | Specialty Stores | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

Qualifying Textbooks - Spring 2007 | Stores | Books
Similar Items:

Extrusion Detection: Security Monitoring for Internal Intrusions
Real Digital Forensics: Computer Security and Incident Response
File System Forensic Analysis
Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks
Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition) (The Radia Perlman Series in Computer Networking and Security)

ASIN: 0321246772

Book Description

"The book you are about to read will arm you with the knowledge you need to defend your network from attackers—both the obvious and the not so obvious....If you are new to network security, don't put this book back on the shelf! This is a great book for beginners and I wish I had access to it many years ago. If you've learned the basics of TCP/IP protocols and run an open source or commercial IDS, you may be asking 'What's next?' If so, this book is for you."

—Ron Gula, founder and CTO, Tenable Network Security, from the Foreword "Richard Bejtlich has a good perspective on Internet security—one that is orderly and practical at the same time. He keeps readers grounded and addresses the fundamentals in an accessible way."

—Marcus Ranum, TruSecure "This book is not about security or network monitoring: It's about both, and in reality these are two aspects of the same problem. You can easily find people who are security experts or network monitors, but this book explains how to master both topics."

—Luca Deri, ntop.org "This book will enable security professionals of all skill sets to improve their understanding of what it takes to set up, maintain, and utilize a successful network intrusion detection strategy."

—Kirby Kuehl, Cisco Systems Every network can be compromised. There are too many systems, offering too many services, running too many flawed applications. No amount of careful coding, patch management, or access control can keep out every attacker. If prevention eventually fails, how do you prepare for the intrusions that will eventually happen? Network security monitoring (NSM) equips security staff to deal with the inevitable consequences of too few resources and too many responsibilities. NSM collects the data needed to generate better assessment, detection, and response processes—resulting in decreased impact from unauthorized activities. In The Tao of Network Security Monitoring, Richard Bejtlich explores the products, people, and processes that implement the NSM model. By focusing on case studies and the application of open source tools, he helps you gain hands-on knowledge of how to better defend networks and how to mitigate damage from security incidents. Inside, you will find in-depth information on the following areas. The NSM operational framework and deployment considerations. How to use a variety of open-source tools—including Sguil, Argus, and Ethereal—to mine network traffic for full content, session, statistical, and alert data. Best practices for conducting emergency NSM in an incident response scenario, evaluating monitoring vendors, and deploying an NSM architecture. Developing and applying knowledge of weapons, tactics, telecommunications, system administration, scripting, and programming for NSM. The best tools for generating arbitrary packets, exploiting flaws, manipulating traffic, and conducting reconnaissance. Whether you are new to network intrusion detection and incident response, or a computer-security veteran, this book will enable you to quickly develop and apply the skills needed to detect, prevent, and respond to new and emerging threats.

Customer Reviews:

Jump into NSM.......2007-06-13

This book is a great introduction to the world of NSM (Network Security Monitoring). The basic idea is that security defenses will fail at some point and that to realistically improve the security posture of an organization NSM is needed.

The book starts with an introduction to risk analysis. It then describes how to build an NSM platform using open source tools, FreeBSD, and network taps / SPAN ports. It also includes some case studies and a lot of material on the operational aspects of running a NSM team.

I really like Richard's style such as his footnotes with related papers.

Be sure to check out the author's blog at http://taosecurity.blogspot.com/.

Great book.......2007-05-17

Cuts right to the chase. Worthy addition to any serious network security library.

Great book to learn the Art of Network Monitoring!.......2006-02-07

I am not sure how I was first introduced to the author, Mr. Bejtlich. I cannot remember if I first noticed his work via his excellent blog or this, his first book. Either way, after reading "The Tao of Network Security" by Richard Bejtlich, I feel he has prepared and educated me in a way unlike any other author. The first item you must recognize is the tone that this book dictates right from the outset. The book begins by citing many different authors, their books and their value. I knew immediately that I was in for a treat. And I was right!

I will not attempt to offer a full review as I feel one can gather from other reviews the value of this book. The book is basically broken up into 5 sections. The first 100 pages is an intro to Network Security Monitoring (NSM). The second part is dedicated to the different ways to monitor - I particularly like (and agree) with how the author broke up the different ways of cataloguing NSM - full content, session, and alert. The third section describers NSM processes and the fourth section describes NSM people.

The book, overall, is a superb resource. Not a page goes by without some screenshots of TCPDump, UNIX configs or diagrams. I have heard others' mention they have been given this book to read in their classroom study and I can see why.

I give this book 5 pings out of 5:
!!!!!

Shows a disciplined approach to network security monitoring .......2005-05-29

A problem with the approach many people take to network and security monitoring is that they expect it to be plug and play. Install the software and then stop attackers in their tracks. If only it was so easy. But one can't simply install monitoring software or an IDS, collect data and expect it all to correlate and correct itself.

The beauty of The Tao of Network Security Monitoring : Beyond Intrusion Detection is that it shows how network monitoring requires a strong discipline to truly have an effect on security.

The book is written for the person; primarily a system administrator or security engineer whom truly wants to use an IDS to manage and secure their network. This is not an introductory text, rather it is written for someone not scared of downloading and compiling code. If you are looking for an intro to IDS usage, this is not the book for you. This is a book about someone who has an IDS, and needs to find a way to use it and tune it for maximum usage.

The book has a near endless supply of network traffic capture and analysis tools, techniques and network topologies. Beyond simply providing a list of software tools, the book shows how to install and configure a variety of these tools. Rather than wasting pages and screen shots detailing how to download and install the software mentioned; the book shows how to use the tool in the context or Tao of security monitoring.

In addition, the author emphasizes the point that the people are a crucial aspect of effective network monitoring. The ultimate success of any IDS is directly tied to the analyst behind the console. They are the ones making the decision on how to respond to an incident, and if they are not appropriately trained, all of the hardware and software will only provide a fraction of it potential.

With that, The Tao of Network Security Monitoring should be considered required reading for anyone using an IDS or responsible for its use. If you have staff using an IDS, ensure that they have read The Tao of Network Security Monitoring as it will educate them in truly understanding how to monitor a network.

One of a kind.......2005-02-21

This book has everyting as it pertains to network security monitoring. If you read this book from cover-to-cover, then you can consider yourself prepared to deal with anything that comes at you. This book presents material that would normally take years to learn in an easy-to-follow format. This book is a must have for anyone who is serious about their job and wants to make the jump to becoming an expert.

Intrusion Detection: Network Security Beyond the Firewall

Average customer rating:

Buy the Northcutt book instead
Don't be fooled by the name of the book.
Jarringly unfocussed and inaccurate...
Rambling and fragmented - of little use to novice or expert
Valuable help to the data security professional.

Intrusion Detection: Network Security Beyond the Firewall
Terry Escamilla
Manufacturer: Wiley
ProductGroup: Book
Binding: Paperback

General | Certification Central | Computers & Internet | Subjects | Books

Privacy | Business & Culture | Computers & Internet | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Look Inside Business Books | Trip | Specialty Stores | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

General | Software Books | Custom Stores | Stores | Software
Similar Items:

Hacking Exposed

ASIN: 0471290009

Amazon.com

This superior text on computer security is extremely rich in information, based on experience, and a pleasure to read. In addition, the author is donating part of his royalties from this book to various charities--initially, a foundation that fights child abuse.

Escamilla begins by exploring intrusion prevention systems--firewalls, user authentication routines, and access controls--and telling how to properly set up such systems. He then describes mechanisms that identify and minimize damage caused by electronic break-ins once they occur. The author covers both system-level and network-level intrusion-detection systems, describing tools that attempt to catch not only outsiders who have broken in, but also legitimate system users who are up to no good.

Escamilla details several anti-intruder tools, including packet sniffers and vulnerability scanners. He describes a lot of Unix hacks and tells what you can do to prevent them from taking place on your systems. Other chapters focus on intrusions in Windows NT environments and what to do when your system is under attack. Escamilla closes with references to other sources. --David Wall

Book Description

A complete nuts-and-bolts guide to improving network security using today's best intrusion detection products

Firewalls cannot catch all of the hacks coming into your network. To properly safeguard your valuable information resources against attack, you need a full-time watchdog, ever on the alert, to sniff out suspicious behavior on your network. This book gives you the additional ammo you need. Terry Escamilla shows you how to combine and properly deploy today's best intrusion detection products in order to arm your network with a virtually impenetrable line of defense. He provides:
* Assessments of commercially available intrusion detection products: what each can and cannot do to fill the gaps in your network security
* Recommendations for dramatically improving network security using the right combination of intrusion detection products
* The lowdown on identification and authentication, firewalls, and access control
* Detailed comparisons between today's leading intrusion detection product categories
* A practical perspective on how different security products fit together to provide protection for your network

The companion Web site at www.wiley.com/compbooks/escamilla features: White papers
* Industry news
* Product information

Customer Reviews:

Buy the Northcutt book instead.......2000-01-30

This is just not a useful book. Half of the book is not about intrusion detection at all--it consists of an uninspiring general introduction to computer security.

The author apparently has no actual experience in the subject. It is filled with innaccuracies. Confusing 'hash value' with 'digital signature' is a common rookie mistake, but it is typical of the inexcusable lack of precision in this text.

Besides being misleading, off-subject, and out-of-date, it is deadly boring. If you want a hands-on book, get the Northcutt text. If you want an academic and useful theoretical approach, get Amoroso's book. If you want an introductory text on information security, why would you buy a book on IDS?

It is apparent that Wiley badly wanted to publish a book on intrusion detection, and the author was all too willing to squeeze his existing square peg of a security text into an ill-fitting IDS round hole.

Don't be fooled by the name of the book........1999-10-20

Look for somewhere else if you are serious about network security. The content of the whole book is just too superficial !

Jarringly unfocussed and inaccurate..........1999-08-13

I wanted to like this book, seeing as how I've made intrusion detection an important part of my career (the book spends a few pages discussing a paper I wrote), and there are no good offline resources on the subject. Unfortunately, I found little to appreciate in this book, which could have benefited greatly from better technical editing, a sharper concept of what its audience is, and (unfortunately) a better grounding in the subject matter.

The most important problem with this book will be obvious to most readers. Escamilla doesn't address the subject of intrusion detection until midway through the book, opting instead to fill the first half of the book with background information about computer security. This information is presented poorly (and with glaring inaccuracies). Almost all of it is covered better in other books, which readers unfamiliar with network security will need to buy anyways to make the intrusion detection concepts discussed in the latter half of the book accessible.

Unfortunately, the relevant half of the book isn't much better. A confused mish-mash of technologies are presented under the banner of I-D (I know of very few people in the security industry who consider security scanners to be I-D systems), and the most widely used forms of I-D are given scant coverage.

Worse still, the author profiles real commercial I-D systems (towards the end of the book). Apart from the fact that this information was unsalvageably outdated before the book made it to the press, it's also biased. Descriptions of one system span 3 pages, while another merits a single paragraph. Many important systems (which were widely known at the time of this book's release) are not covered at all. And, predictably, most of the details about the commercial systems covered read like marketing material, with almost no comparisons to the other systems covered.

Although this book is a mess, it's not an unrecoverable one. The authors descriptions of Do-It-Yourself intrusion detection on Unix systems is competant, if not revolutionary, and is almost reminiscent of Cheswick and Bellovin's work in _Firewalls_and_Internet_Security_. A better informed, more coherent second revision of this book would be worth looking at.

Unfortunately, there's very little to recommend this book. A critical and informed reader might get some value out of it, but nothing that couldn't be obtained more easily from the Internet. At its worst, however, this book can be misleading, and is thus an inappropriate introduction to its subject. Overall, a deeply flawed book. Steer clear.

Rambling and fragmented - of little use to novice or expert.......1999-04-16

Computer security is a subject that one either loves or loathes. To the lover, it is a stimulating, intellectual challenge. To the loather, it is based on boring, complicated maths with the sole aim of preventing users doing their job.

In such a world, any author of a book needs to decide whether to write their work at the techies, thus jumping straight in at the deep end, or the novice, offering a gentle primer that attracts the reader into the subject. The very best computer security books (Schneier; Stoll; Garfinkel and Spafford) have clearly attacked one path. The worst have headed off somewhere in between.

Escamilla has chosen the latter - with the usual, dire consequences. Aimed at `any computer literate person' the book is notionally divided into two parts, one to introduce basic concepts of computer security, and another to describe intrusion detection systems. However, neither part meets it aim. The first occupies more than 150 rambling and often inaccurate pages. Moreover, it strays into territory well beyond `any' person. For instance, ten pages are devoted to the Kerberos authentication protocol. Indeed, so long is the `introduction' that the author, almost apologetically, has to keep reminding the user that the book is about intrusion detection.

The second part fares little better. It forages around scanners, network sniffers, covert channels, Unix and NT adminstration, again under the apologetic guise of intrusion detection. Some intrusion detection systems are described - RealSecure, NetRanger and so on - but in a brief and fragmented manner, which offers little in the way of practical, consumer guidance. Possibly the worst aspect of the treatment is that no coverage is given to what a typical audit log looks like - which would at least help justify why intrusion detection systems are needed.

The most useful piece of advice offered in the book is not to consider buying an intrusion detection system if you haven't invested in more basic tools like a firewall. The most useful piece of advice that can be offered about the book is not to consider buying it.

Valuable help to the data security professional........1999-04-08

This is a book with a lot of content, capable to give valuable help to the data security professional. As often happens today, the title is somehow misleading, being in this case reductive in relation with the actual content. In fact, the first of the three parts the book is made of (half of the total 348 pages) is a good recap of traditional protection models. Identification, authentication, access control and auditing are covered, both conceptually and with reference to market available tools. The idea is to let the reader have a sound grasp of traditional devices before showing, in the second and third part, how Intrusion Detection Systems (IDS) are a complementary must to the traditional protection models. Both UNIX (various flavours) and NT operating systems are taken in account. The second part introduces IDS both working philosophy and practical usage. They are divided in three main categories: vulnerability assessment scanners, system level devices and network sniffers. Also in this case UNIX and NT scenarios are considered and several market leader tools are devised with a certain detail. Integration of IDS with traditional security functions (discussed in part 1) is covered. Despite all your accuracy in deploying a protection system (including IDS), you could be hit! The third part of the book introduces you in the incidents handling phase of the story, giving you advises about what to do and not to do in such not desirable event.

Average customer rating:

Handbook of Computational Statistics
J.E. Gentle , and Wolfgang HSrdle
Manufacturer: Springer
ProductGroup: Book
Binding: Hardcover

Bioinformatics | Biological Sciences | Science | Subjects | Books

General | Science | Subjects | Books

General | Mathematics | Science | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

Look Inside Science Books | Trip | Specialty Stores | Books

All Amazon Upgrade | Amazon Upgrade | Stores | Books

Computers & Internet | Amazon Upgrade | Stores | Books

Professional & Technical | Amazon Upgrade | Stores | Books

Science | Amazon Upgrade | Stores | Books

Qualifying Textbooks - Spring 2007 | Stores | Books
Similar Items:

Monte Carlo Strategies in Scientific Computing
A Handbook of Statistical Analyses Using R

ASIN: 3540404643

Book Description

The Handbook of Computational Statistics - Concepts and Methods is divided into 4 parts. It begins with an overview of the field of Computational Statistics, how it emerged as a seperate discipline, how it developed along the development of hard- and software, including a discussion of current active research.

The second part presents several topics in the supporting field of statistical computing. Emphasis is placed on the need for fast and accurate numerical algorithms, and it discusses some of the basic methodologies for transformation, data base handling and graphics treatment.

The third part focuses on statistical methodology. Special attention is given to smoothing, iterative procedures, simulation and visualization of multivariate data.

Finally a set of selected applications like Bioinformatics, Medical Imaging, Finance and Network Intrusion Detection highlight the usefulness of computational statistics.

Extrusion Detection: Security Monitoring for Internal Intrusions

Average customer rating:

super
I learned a lot
Excellent Book
Excellent Book!
nice usages of a sink hole

Extrusion Detection: Security Monitoring for Internal Intrusions
Richard Bejtlich
Manufacturer: Addison-Wesley Professional
ProductGroup: Book
Binding: Paperback

Privacy | Business & Culture | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Databases | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Look Inside Business Books | Trip | Specialty Stores | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

General | Software Books | Custom Stores | Stores | Software
Similar Items:

The Tao of Network Security Monitoring: Beyond Intrusion Detection
Real Digital Forensics: Computer Security and Incident Response
Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks
File System Forensic Analysis
Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition) (The Radia Perlman Series in Computer Networking and Security)

ASIN: 0321349962

Customer Reviews:

super.......2007-03-08

Thanks a lot, we are very happy to have this book in our library!

I learned a lot.......2006-11-15

This is a solid book and a detailed read. I was on the fence about giving it 4 or 5 stars; if I could I'd give it 4.5. While it didn't blow my socks off, I would suggest it to anybody interested in security monitoring in general. In terms of monitoring internal threats specifically it also has some useful information.

Excellent Book .......2006-07-20

Richard Bejtlich done great job again. Tao of Network security and this one are best companion. Well written. Extrusion topic is mostly companies preferred to spend budget or time and ignore. Although NSM methodologies are repeated but fun to read again. Traffic threat assessment, designing defensive network, and incident response are well written,

Excellent Book!.......2006-07-16

I have had the pleasure of reading Extrusion Detection: Security Monitoring for Internal Intrusions by Richard Bejtlich. Richard Bejtlich picks up where he last left off with his first book Tao of Network Security Monitor: Beyond Intrusion Detection. His new book deals with a subject that many businesses don't wish to think about, and what over 50% of attacks come from, Security breaches that come from the inside an organization. It is very unfortunate that this fact was not taken into consideration in Microsoft's XP SP2 firewall.

Richard starts with a short review of network definitions. One concept I really like is the Defensible Network which he states is not necessarily a secure network, "quite accurate".

Richard includes a listing networking monitoring tools with where you can go to obtain them; Full Content Data, Session Data, and Statistical.

This book includes good illustrations, explained pieces of code (more toward the second half of the book), and includes pictures of familiar hardware.

A new definition for me was "the sink hole", that redirects unknown traffic away from the customers.

This book is a good read and a very good book to keep in one's reference library. I will be obtaining Richard Bejtlich's Tao of Network Security Monitor: Beyond Intrusion Detection and I suspect this will be just as good.

nice usages of a sink hole.......2006-04-06

This book is a fine complement to Bejtlich's Tao of Network Security Monitoring. At first, one might think there would be considerable overlap between the two. After all, both concern crackers attacking a company's network that sits on the Internet. Yet the author takes pains to point out key differences. Tao was about an external attacker going at your servers, where these might be web or database [or other types of] servers.

The current text describes a qualitatively different game. Where a typical scenario might be one of your users, at her machine which is inside your network, surfing the Web. An attacker might try to target bugs in her browser, in order to install malware on her machine. This malware might then surveil that machine and others on the network, and hence ring home to the attacker's website. So extrusion detection involves at the very least defending your client machines, instead of your servers.

Bejtlich gives detailed examples of how to use various tools, typically open source, to monitor your internal traffic, looking for tell tale signs of extrusion.

Along the way, there is a nice description of two ways to use a sink hole. One is by an ISP, who is facing a Denial of Service attack against one of its customer's addresses. For this, a sink hole can be configured to divert those incoming packets, and protect the ISP's other customers. In a recent book, "Internet Denial of Service" by Mirkovic et al, various anti-DoS methods were cited, and this usage of a sink hole is an excellent example of another such method. While DoS is not an internal attack, it is still a very serious problem, and it is helpful to see a clear description of how to use a sink hole against it.

The other method of using a sink hole involves configuring it to attract traffic from internal machines that have been subverted. Here, this is entirely in keeping with the book's remit.

Network Intrusion Detection (3rd Edition)

Average customer rating:

A well done work
Lots of good info here!
a classic case of lack of objectivity in review
Many elements are valid for beginners, but are othewise outdated
Excellent book at TCP/IP analysis

Network Intrusion Detection (3rd Edition)
Stephen Northcutt , and Judy Novak
Manufacturer: Sams
ProductGroup: Book
Binding: Paperback

General | Certification Central | Computers & Internet | Subjects | Books

Privacy | Business & Culture | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Look Inside Business Books | Trip | Specialty Stores | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

jp-unknown1 | Specialty Stores | Books

Qualifying Textbooks - Spring 2007 | Stores | Books

General | Software Books | Custom Stores | Stores | Software
Similar Items:

Intrusion Signatures and Analysis
Inside Network Perimeter Security (2nd Edition) (Inside)
Snort 2.1 Intrusion Detection, Second Edition
The Tao of Network Security Monitoring: Beyond Intrusion Detection
Network Security Architectures

ASIN: 0735712654

Amazon.com

Network Intrusion Detection: An Analyst's Handbook explains some of what you need to know to prevent unauthorized accesses of your networked computers and minimize the damage intruders can do. It emphasizes, though, proven techniques for recognizing attacks while they're underway. Without placing too much emphasis (or blame, for that matter) on any operating system or other software product, author Stephen Northcutt explains ways to spot suspicious behavior and deal with it, both automatically and manually.

The case studies, large and small, are the best part of this book. Northcutt opens with a technical brief on the methods used by Kevin Mitnick in his attack upon Tsutomu Shimomura's server. In documenting that famous attack, Northcutt explains SYN flooding and TCP hijacking with clarity and detail: readers get a precise picture of what Mitnick did and how Shimomura's machine reacted. A former security expert for the U.S. Department of Defense, Northcutt explains how a system administrator would detect and defeat an attack like Mitnick's. Another case study appears later in the book, this one in the form of a line-by-line analysis of a .history file that shows how a bad guy with root privileges attacked a Domain Name System (DNS) server. Reading Northcutt's analysis is like reading a play-by-play account of a football match. Network Intrusion Detection is one of the most readable technical books around. --David Wall

Topics covered: Catching intruders in the act by recognizing the characteristics of various kinds of attacks in real time, both manually and with the use of filters and other automated systems; techniques for identifying security weaknesses and minimizing false security alarms.

Book Description

The Chief Information Warfare Officer for the entire United States teaches you how to protect your corporate network. This book is a training aid and reference for intrusion detection analysts. While the authors refer to research and theory, they focus their attention on providing practical information. The authors are literally the most recognized names in this specialized field, with unparalleled experience in defending our country's government and military computer networks. New to this edition is coverage of packet dissection, IP datagram fields, forensics, and snort filters.

Customer Reviews:

A well done work.......2007-06-27

The book's very good,it's very helpful for those who work with network,specially in security field.The authors are very experienced in networking.
It describes the TCP/IP in detail and shows how it work and how to recognize strange network traffic by monitoring the network using tcpdump.
I recommend it for seasoned network administrators and for beginners.

Lots of good info here!.......2007-04-11

Very nice! Wow this book gets into detail, down to sequence numbers anomalies, I mean after reading this you can read tcpdumps and just be able to see whats going on - kind of like that scene in the matrix with being able to look at code and see the woman in the red.
Well maybe Im going overboard a bit, but it does give you really nice detail of how the protocol works, how it can be attacked, how DNS/FTP/email/telnet etc work and can be used maliciously - so that way you know how to pick up on attacks. Not bad at all. Combine this book with another one focusing purely on a specific IPS/IDS and maybe one more purely focusing on hacking tools, and Id say you are well armed.

Of course I would recommend real life lab-time usage of all discussed :)

a classic case of lack of objectivity in review.......2006-05-27

If you read through the reviews, you would think that there is no other better book on the exposition of IDS systems than this one. The fact is that the quality of presentation of material is very poor, and the book reads like a collection of newsgroup replies and a few cut and paste web articles. So why this discussion ? It happens that Stephen Northcutt is an author and evaluator at GIAC and SANS, private organizations trying to hype up their brand name "certifications". It helps to be in the good looks of SANS when it comes to the "certification" and "advertising" arena. The bottom line: read between the lines (there is one proper review in the list before this one) and hope for a more objective approach when it comes to book reviews. Until then, if you do not trust this review, you have to risk it and buy it ! Flamers, you are welcome to go ahead and get into the good books of Northcutt.

Many elements are valid for beginners, but are othewise outdated.......2006-05-16

A book like this is always aiming at a moving target. I work at a company that focuses on up-to-the-minute IDS and IPS technologies, based substantially on the same code and techniques involved in this book. Unfortunately, having passed the beginner stage, I found this book outdated.

If you already know the Layer 3/Layer 4 protocols, there's not a lot here that isn't already widely known in the IDS community. The chapters on Snort are extremely outdated. No discussion of the extremely complex Flowbits option, and no discussion of the numerous sophisticated payload navigation options such as Byte Jump and Byte Test. This is after being subjected to a lecture elsewhere in the book that payload inspection is important.

Also, the attacks described in this book are pretty much ancient history. More discussions of spyware attacks such as 2020search and 180solutions are vital to keep this book up to date.

Frankly, I don't see how this book is useful for anyone except rank beginners who need an introduction. In that capacity it definitely will be helpful.

Excellent book at TCP/IP analysis.......2006-02-06

"Network Intrusion Detection" 3rd Edition, by Northcutt and Novak does an excellent job at teaching the protocols, tools and analysis required to become a network analysis. I have been impressed with other books by Stephen Northcutt and this book also does not disappoint.

The book is broken up into 5 sections. The first section discusses TCP/IP (service ports, using TCPdump, fragmentation, the mechanics of ICMP, etc.). When newbie network admins have asked `Where do I start to have a greater appreciation of TCP/IP?" I have recommended the first 75 pages many times. I feel this is a great `primer', rather than dedicating the time to read Stevens' "TCP/IP Illustrated".

The 2nd section deals with traffic analysis - and this is the real beauty of the book. Packet dissemination and header dissection is thoroughly explored. I particularly liked the discussion of an `Insertion Attack' on page 144. The 3rd section discusses filters and rules for network monitoring. Some other books deal with the same info, but this is a one-stop-shop book. The forth and fifth sections deal with intrusion infrastructure and various exploits, and DoS.

The authors have contributed to SANS courses (Northcutt is the CEO of SANS). Their experience from years of teaching have helped create an excellent book on TCP/IP analysis. The only downside to the book is that the fluidity is somewhat staggered, and there is some rambling (kind of like what you expect a professor to do when reminiscing). I also think the last two sections can be sliced out, and more pages dedicated to packet analysis. Still, this is one of the best books on the market for TCP/IP analysis (see my reviews for others).

I give this book 4 pings out of 5:
!!!.!

Guide to Firewalls and Network Security: Intrusion Detection and VPNs

Average customer rating:

Would be good toilet paper, but the pages are too stiff
Students and newbies beware!
Major Disappointment
Don't waste your $$$

Guide to Firewalls and Network Security: Intrusion Detection and VPNs
Greg Holden
Manufacturer: Course Technology
ProductGroup: Book
Binding: Paperback

General | Certification Central | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

Qualifying Textbooks - Spring 2007 | Stores | Books

General | Software Books | Custom Stores | Stores | Software
Similar Items:

Guide to Disaster Recovery
Guide to Computer Forensics and Investigations, Second Edition
Guide to Operating Systems Security
Cisco(R) PIX (TM) Firewalls
Principles of Information Security

ASIN: 0619130393

Book Description

Provides comprehensive overview of building and maintaining firewalls in a business environment, and maps to the objectives of CheckPoint?s CCSA certification.

Customer Reviews:

Would be good toilet paper, but the pages are too stiff.......2006-06-17

This book is used as the text book for my college course. The examples are ridiculous, the exercises are nuts, and the definitions are strange. "This book is not intended to be read in sequence, from beginning to end." (from the book's introduction) Maybe the book isn't meant to be read at all. There is better information from O'Reilly and Cisco. Search for "firewall" on O'Reilly's site and you'll get better information than whats in this book and you'll save $75. Get "The Best Damn Firewall Book Period" instead of this, Amazon sells it for $37 and it gets 4 stars.

Students and newbies beware!.......2006-04-20

If I could put negative stars for this book I would.I am reading this book as a requirement for a network security course. This book by far has to be the most poorly written misleading book I've ever read. In the first chapter there is technically wrong information: The OSI reference model has a wrong layer numbered. I am surprised that colleges even bother to use it as a study guide\text book. The end of chapter questions are very misleading.

Major Disappointment.......2005-01-15

This book was required for a Computer Forensics related class. There are many errors, not just typographical, but in concepts and technical information. At times it is filled with a mind-numbing number of details, much of which will be obsolete by the time you read this. In other areas it skips over important concepts leaving you lost.

If you're hoping to learn more about network security you're better off looking elsewhere.

Don't waste your $$$.......2004-07-19

After browsing it twice, I finally put it down.

It's very introductive, simple and not well-written to a newbie.
It doesn't cover that much on Checkpoint...
The rest you can get it from the Internet.

Managing Security with Snort and IDS Tools

Average customer rating:

Snort made easy!
Excellent!
One of the better discourses on Snort
Excellent description of Snort
educate yourself in IDS

Managing Security with Snort and IDS Tools
Christopher Gerg
Manufacturer: O'Reilly Media, Inc.
ProductGroup: Book
Binding: Paperback

General | Computers & Internet | Subjects | Books

Network Administration | O'Reilly | By Publisher | Books

Internet Security | O'Reilly | By Publisher | Books

Look Inside Computer Books | Trip | Specialty Stores | Books
Similar Items:

Snort Cookbook
Snort 2.1 Intrusion Detection, Second Edition
Network Security Assessment: Know Your Network
Network Security Hacks: Tips & Tools for Protecting Your Privacy (Hacks)
Nessus Network Auditing (Jay Beale's Open Source Security) (Jay Beale's Open Source Security)

ASIN: 0596006616

Book Description

Intrusion detection is not for the faint at heart. But, if you are a network administrator chances are you're under increasing pressure to ensure that mission-critical systems are safe--in fact impenetrable--from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is a vital but daunting challenge. Because of this, a plethora of complex, sophisticated, and pricy software solutions are now available. In terms of raw power and features, SNORT, the most commonly used Open Source Intrusion Detection System, (IDS) has begun to eclipse many expensive proprietary IDSes. In terms of documentation or ease of use, however, SNORT can seem overwhelming. Which output plugin to use? How do you to email alerts to yourself? Most importantly, how do you sort through the immense amount of information Snort makes available to you? Many intrusion detection books are long on theory but short on specifics and practical examples. Not Managing Security with Snort and IDS Tools. This new book is a thorough, exceptionally practical guide to managing network security using Snort 2.1 (the latest release) and dozens of other high-quality open source other open source intrusion detection programs. Managing Security with Snort and IDS Tools covers reliable methods for detecting network intruders, from using simple packet sniffers to more sophisticated IDS (Intrusion Detection Systems) applications and the GUI interfaces for managing them. A comprehensive but concise guide for monitoring illegal entry attempts, this invaluable new book explains how to shut down and secure workstations, servers, firewalls, routers, sensors and other network devices. Step-by-step instructions are provided to quickly get up and running with Snort. Each chapter includes links for the programs discussed, and additional links at the end of the book give administrators access to numerous web sites for additional information and instructional material that will satisfy even the most serious security enthusiasts. Managing Security with Snort and IDS Tools maps out a proactive--and effective--approach to keeping your systems safe from attack.

Customer Reviews:

Snort made easy!.......2006-03-10

O'Reilly's "Managing Security with Snort and IDS Tools" by Cox and Greg is a practical book that succinctly describes the basic functionality and utility of implanting Snort. The book does an excellent job at discussing the different configuration parameters when deploying Snort.

In particular, I was impressed by:
* Page 35 - A 5-page list detailing the different options available via the command-line.
* Page 69 - Details some of the techniques used to evade IDSs.
* Chapter 5's description of preprocessor configurations was a valuable tool to a newbie of UNIX.
* Chapter 10 description of ACID as a Snort IDS Management Console.

The only area I wish the authors expanded on was in Chapter 7 "Creating Your Own Rules". This area can easily be supplemented from documentation on the web.

The book has a natural bias toward elevating open source tools (I am fan of open source tools). Appreciating that fact, I must admit I have used this book when I have been describing the value of open source tools. Overall, I think "Managing Security with Snort and IDS Tools" is a valuable addition to anyone's Snort arsenal.

I give this book 4 pings out of 5:
!!!.!

Excellent!.......2005-02-28

Managing Security with Snort and IDS Tools is just a great book.

Don't even try to use Snort without reading this book first.

One of the better discourses on Snort.......2004-12-28

This is basically a book about intrusion detection using all open source tools. It starts with an introductory chapter that explains the problem of defining an intrusion and why it is becoming more and more of a problem. It follows up with a chapter on network traffic analysis including packet sniffing and using tcpdump and ethereal. Then comes the meat of the text - installing Snort. Of course to really understand how to use Snort you have to understand how attacks occur and the common methods used. The authors provide a really nice chapter on this subject. After that come five chapters on configuring, deploying, and managing Snort rules, intrusion prevention strategies, and tuning. Once Snort is up and running the authors examine the use of ACID and SnortCenter as Snort IDS management consoles. Either of these products drastically decreases the burden of analyzing what has happened and is happening on the intrusion detection forefront. The book ends with additional tools for Snort IDS management and implementation strategies for high-bandwidth situations.

There are other very good books on Snort but one of the things that makes this one particularly valuable is that it also looks at other open source tools and provides a good basic background on intrusion detection theory. Managing Security with Snort and IDS Tools is highly recommended for those in charge of intrusion detection and prevention in a network environment and planning to implement a system their self.

Excellent description of Snort.......2004-10-10

Up to this point, I've only use simple firewalls for my home network. Not that I think there's anything really worth hacking on my home network, but I thought I'd spend a little time learning about intrusion detection. This book is great for several reasons. First, it is well put together and easy to follow. Second, it describes in detail the open source project Snort. Finally, it satisfied my curiosity about IDS (Intrusion detection systems) - I'm not an expert, but I now understand the concepts.

Even though the book did not mention OS X specifically, it was easy to get snort compiled and installed on my Mac. There were a few tweaks I had to do, but if you're familiar with "configure; make; make install", it should be a snap. (Likewise, fink or darwinports can get you going with Snort as well). Any other flavor of Unix/Linux would be that much easier to install.

Beyond just describing how to install and configure Snort, the book does go into some detail about how networks are attacked and how Snort goes about alerting you to possible intrusive behavior. There are also numerous reference to web sites and other books to find more information. It also goes into detail on various other tools that augment and complement Snort.

Very well done.

educate yourself in IDS.......2004-09-01

Welcome to Snort! More broadly, this book works well as a practical explanation of the general field of Intrusion Detection Systems. Key affiliated tools are covered, like tcpdump and Ethereal. Which are also free and open source, just like Snort. There is a general and I think understandable bias in this book towards such tools. The authors claim, and you must have heard this before, that such tools are often more likely to be bug free and mature than proprietary tools.

If you work your way through the chapters, then you can get a good education in the main ideas like setting up prevention strategies and how to look for evidence of attacks. Instantiated via using Snort. But if you're smart, you can generalise this. Plus, keep an eye out for any useful techniques that Snort currently lacks. If you find these, perhaps you can build a high value tool off them? Don't take Snort as the last word in these matters.

Stealing the Network: How to Own a Shadow (Stealing the Network) (Stealing the Network)

Average customer rating:

The SQL Injection Adventures of Pawn
Author "review"
One of the better installments when it comes to plot and pacing...
Entertaining way to learn
Best One Yet

Stealing the Network: How to Own a Shadow (Stealing the Network) (Stealing the Network)
Johnny Long , Tim Mullen , and Ryan Russell
Manufacturer: Syngress
ProductGroup: Book
Binding: Paperback

General | Certification Central | Computers & Internet | Subjects | Books

Hacking | Business & Culture | Computers & Internet | Subjects | Books

Security | Business & Culture | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Mystery & Thrillers | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

Look Inside Mystery & Thriller Books | Trip | Specialty Stores | Books
Similar Items:

Stealing the Network: How to Own an Identity (Stealing the Network) (Stealing the Network)
Stealing the Network: How to Own the Box
Stealing the Network: How to Own a Continent
Hacker's Challenge 3
Hack the Stack: Using Snort and Ethereal to Master the 8 Layers of an Insecure Network

ASIN: 1597490814

Book Description

The best-selling Stealing the Network series reaches its climactic conclusion as law enforcement and organized crime form a high-tech web in an attempt to bring down the shadowy hacker-villain known as Knuth in the most technically sophisticated Stealing book yet.

Stealing the Network: How to Own a Shadow is the final book in Syngress ground breaking, best-selling, Stealing the Network series. As with previous title, How to Own a Shadow is a fictional story that demonstrates accurate, highly detailed scenarios of computer intrusions and counter-strikes. In How to Own a Thief, Knuth, the master-mind, shadowy figure from previous books, is tracked across the world and the Web by cyber adversaries with skill to match his own. Readers will be amazed at how Knuth, Law Enforcement, and Organized crime twist and torque everything from game stations, printers and fax machines to service provider class switches and routers steal, deceive, and obfuscate. From physical security to open source information gathering, Stealing the Network: How to Own a Shadow will entertain and educate the reader on every page. The books companion Web site will also provide special, behind-the-scenes details and hacks for the reader to join in the chase for Knuth.

· The final book in the Stealing the Network series will be a must read for the 50,000 readers worldwide of the first three titles

· The companion Web site to the book will provide challenging scenarios from the book to allow the reader to track down Knuth

· Law enforcement and security professionals will gain practical, technical knowledge for apprehending the most supplicated cyber-adversaries

Customer Reviews:

The SQL Injection Adventures of Pawn.......2007-06-14

Did you enjoy the previous three Stealing the Network books? Are you looking for more? Then move along now, nothing to see here.
The prior books were interesting because they introduced the reader to new ideas or new angles on old ideas, then moved on without belaboring them. If you wanted more details, there were often URLs provided. The last two tied the stories together with the intriguing Knuth character. But the folks running the project chose to switch to a new format, with fewer characters and stories, not to mention fewer authors, and fewer ways to split the profits.
After three books with the same (proven) formula, it's understandable the authors would want to try something new. Alas, it's a disaster.

Welcome to "How to Own a Shadow," aka "The SQL Injection Adventures of Pawn." Pawn is one of the new characters in this volume, and is the first StN character I hoped would get shot to death by the cops in a mini-mall parking lot. Yes, he's that irritating. Particularly after reading 40 pages about his childhood as a high-functioning autistic (or something like that), and around 100 pages of him performing SQL injection attacks. Most of which is totally unrelated to Knuth. Note to the authors: SQL injection is interesting, but if you want to write a book about it, just write a book about it. I even gave you a title, what more do you want? You can even recycle much of this book, like you recycled part of the last one here.

Oh, you noticed the real subtitle of the book, "The Chase for Knuth." First, one chases _after_ fugitives, and hunts or searches _for_ them. Not that it matters, because there's not much chasing or hunting going on in this book. There isn't much Knuth, either. We see him in the first hundred pages, which is mostly about his son analyzing poker software. That's the last we see of either of them. Because, really, this is "The Biography of Pawn." We do get 50 pages of Knuth at the end of the book, but don't get excited: it's all from the last book, added as obvious filler.

Speaking of filler, there's a 17 page advertorial thrown in for BiDiBLAH, which is commercial software by SensePost. Oddly enough, they're listed as technical advisors for the book. I'm sure it's a fine app, but the authors have forgotten about Knuth again, since it has nothing to do with the story. If it had been relevant, it might have been a less obnoxious addition.

Not everything is bad. There's a brief bit about RFID, which of course turns into how to use RFID for SQL attacks. We get to meet Knuth's supposedly dead wife, and a charming shrew she is. All in all, though, this book isn't worth reading unless you're a truly devoted fan of the series, or SQL. I'm still a fan of the previous books, and I hope the authors can recapture what made them so intriguing for their next book. I won't be buying that one until I'm sure it's not Book Two of the Pawn Saga, however.

Author "review".......2007-04-13

Let me first say that I am one of the authors on this book. I don't think authors can objectively review their own work in a forum such as this, so I won't. This won't stop me from rating it five stars to help reinforce the law of averages. ;-)

I will, however, address a few reviews posted here. First and foremost, I am a huge fan of the Stealing series, and the authors that worked on each of the three previous books. But based on customer reviews and our own feelings on the matter, the authors unanimously agreed that boosting the story value of the book was a priority. After all, even security geeks deserve a good plot and decent characters if they take the time to read technical fiction. Books of this genre should also teach. By all fair reviews, this book does both. If you're interested in straight fiction, or straight tech, you'll find this book to only be half-good. If you're willing to be entertained, and are looking to learn something cool about hackers and how they operate, this is the book for you. And there I go, drifting into a review.

So let me address one other complaint: the lack of a "real" ending. Well, that's our fault. There's more to the series, and we know how it's going to end, but we adamantly refused to slip another deadline, so the book went to print with a cliffhanger ending. Now we're not out to sell more books or make your life miserable by leaving you hanging, but this book had to either wrap up where it did, or it would have been scrapped by the publisher, who had no real choice in the matter. As authors, we missed our deadlines, but we did it in order to improve the final product. I'm personally proud of the end result, and the reviews show that we have good reason to be proud.

So to long-time Stealing readers, this book is different because we grew in our craft, and our EXTREMELY capable story editor (Scott Pinzon) held us to the standard of mainstream fiction. Will we make the New York Times best-seller list because of our efforts? No. But this book isn't for those readers. It's for those in and around technology that have read one to many straight technical books.

So we would love to hear what you think. Post a review if you'd like, or if you just want to chat about the book, head over to the "book talk" section of my web site's forums (you know where to find it- Google is your friend). I'd love to hear from you.

j0hnny

One of the better installments when it comes to plot and pacing..........2007-04-05

It's nice when recreational reading overlaps with technical material, and the Stealing The Network series qualifies for that designation. The latest installment is Stealing the Network: How to Own a Shadow - The Chase For Knuth by Johnny Long, Timothy Mullen, Ryan Russell, and Scott Pinzon, and it's an enjoyable read that is heavy on the technical how-to while maintaining a decent plotline.

There's basically two story-lines here... The first involves Robert Knoll Jr. and his father, and is a continuation from the last book. All the police surveillance and investigations are taking a toll on Junior's life, so he decides to act on his father's cryptic message to head down to Mexico with nothing much more than the clothes on his back (and a large amount of cash). He is contacted by people who work for his father, and is taken down to Costa Rica where Senior runs an on-line poker site. Everything that Junior wants is provided (top of the line, too), and he starts doing some programming and network intel for his father. But he really doesn't have a clue as to what Senior is really up to...

The second story-line involves an autistic kid by the name of Paul Wilson. As he grows up, he starts gaining an interest in computer hacking and solving puzzles involving gaining access to various network sites. He's befriended by an on-line entity known as Rafa who is amazed at how Paul can pick up concepts almost immediately. It helps that he has a photographic memory and is wired such that these types of problems engage him. Rafa starts paying him for "research assignments", and Paul is thinking that he's actually doing legit security work. That, coupled with his intense interest in the martial arts, pretty much absorbs all his time. But he starts to understand a bit of what's really going on when he starts to hack a mysterious local business in order to help out a woman in his dojo. She has an ulterior motive for wanting to use his phenomenal hacking skills, but it may get them both arrested or killed.

From a plot pacing standpoint, I was pleasantly surprised. The other books tended to be a bit more "vignette" in nature, so the overall story suffered. At least here, the plot and technology actually supported each other. Again, it's not New York Times best-seller action-adventure, but it works for this type of approach. Paul seemed to be a bit over-the-top in his skills, but that element was supported by his autism. It stretched credibility at times, but not so much that you started to laugh (or at least I didn't). My biggest disappointment is that there was no plot resolution to either story-line, so it's a given that you'll need to read the next one to see how it turns out. The plotlines are converging, and the next book *should* be pretty good. Still, I would have liked a bit more payoff at the end.

Regardless, this is an interesting book about hacking techniques (complete with code) all wrapped up in an action/adventure plot. I'll be interested to see how they merge the story and carry it on in the next installment...

Entertaining way to learn.......2007-04-05

This book was excellent for someone interested in technology but has a hard time reading dull technical books. I have been interested in digital security for a while, but until recently hadn't played around with SQL injections. I was interested in learning more about them and pleased to see that this book offered an excellent primer on SQL injections in the form of a story, which held my interest. In addition there was a cool primer on RFID hacking which I really enjoyed. The supporting story was intriguing and kept me reading to find out what happened next.

There was a cliffhanger ending, and now I'm really looking forward to the next one.

Best One Yet.......2007-03-14

You can definately see the influence of the infamous Johny Long in the writing of this one. The book is incredible i was 150 pgs into it before I could take a bathroom break. :D get it and the rest.

Snort 2.1 Intrusion Detection, Second Edition

Average customer rating:

Snort 2.1
Good introductionto Snort
Snort is moving fast
Jay gets the job done
A thorough and "user-friendly" introduction

Snort 2.1 Intrusion Detection, Second Edition
Jay Beale
Manufacturer: Syngress
ProductGroup: Book
Binding: Paperback

General | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books
Similar Items:

Ethereal Packet Sniffing (Syngress)
Nessus Network Auditing (Jay Beale's Open Source Security) (Jay Beale's Open Source Security)
Managing Security with Snort and IDS Tools
Nessus, Snort, & Ethereal Power Tools: Customizing Open Source Security Applications (Jay Beale's Open Source Security Series)
Network Intrusion Detection (3rd Edition)

ASIN: 1931836043

Book Description

Called "the leader in the Snort IDS book arms race" by Richard Bejtlich, top Amazon reviewer, this brand-new edition of the best-selling Snort book covers all the latest features of a major upgrade to the product and includes a bonus DVD with Snort 2.1 and other utilities.

Written by the same lead engineers of the Snort Development team, this will be the first book available on the major upgrade from Snort 2 to Snort 2.1 (in this community, major upgrades are noted by .x and not by full number upgrades as in 2.0 to 3.0). Readers will be given invaluable insight into the code base of Snort, and in depth tutorials of complex installation, configuration, and troubleshooting scenarios. Snort has three primary uses: as a straight packet sniffer, a packet logger, or as a full-blown network intrusion detection system. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes. Snort uses a flexible rules language to describe traffic that it should collect or pass, a detection engine that utilizes a modular plug-in architecture, and a real-time alerting capability. A CD containing the latest version of Snort as well as other up-to-date Open Source security utilities will accompany the book.

Snort is a powerful Network Intrusion Detection System that can provide enterprise wide sensors to protect your computer assets from both internal and external attack.

* Completly updated and comprehensive coverage of snort 2.1
* Includes free CD with all the latest popular plug-ins
* Provides step-by-step instruction for installing, configuring and troubleshooting

Download Description

Written by the same lead engineers of the Snort Development team, this will be the first book available on the major upgrade from Snort 2 to Snort 2.1 (in this community, major upgrades are noted by .x and not by full number upgrades as in 2.0 to 3.0).

Customer Reviews:

Snort 2.1.......2006-02-23

The information in this book was invalueable but sometimes it was hard to follow because it was poorly written

Good introductionto Snort.......2005-11-28

Snort 2.1 Intrusion Detection (2nd Edition) is useful as a general introduction to intrusion detection and Snort. If you already have a good understanding of IDS technology you may find the IDS discussion to be a bit general in nature. For someone who only wants to review the basic IDS principals quickly and without a great deal of extra detail the IDS coverage in this book is sufficient. Much of the information on Snort felt like a retelling of Snort Users Manual from the Snort web site. Part of this feeling may be due to the fact that members of the Snort development team who undoubtedly had a hand in the user's manual wrote this book. This book does go into more detail on some subjects than the Snort Users Manual. There is a good step by step set of instructions for installing Snort and associated software on either a Windows or a Linux system. Overall this book seems to be a pretty good overview of Snort for someone looking to use only one resource, but I do not see anything that is not also available in other documentation available.

Snort is moving fast.......2005-03-08

At the time of this review, the latest version of Snort is 2.3. However, the newest books(about two out there) on Snort, including this one, only covers up to version 2.1. And according to the Product Description, "in this community, major upgrades are noted by .x and not by full number upgrades as in 2.0 to 3.0". This pretty much means that this book is already out-dated, and it's printed in 2004, less than a year ago. This reminds me of when Linux was starting to get popular. Red Hat Linux went from version 6.2 to version 9.0 in just two years. Not to mention there are tons of books supposely dedicated to all those versions of Linux in the short two year period. Linux saved businesses a lot of money, and provided stability that MS Windows counterpart didn't. Snort will eventually replace or be at the same level as the current commercial Intrusion Detection Systems(IDS).
I think this time the publishers are smarter, and recognized the pattern from their Linux frenzy publishing experience, lol. The old Linux books litter the thousands of bookstore shelves with nobody buying, lol. That's why at the moment there are very few books on Snort.

Jay gets the job done.......2005-02-28

this is a great book on snort!!!!

Very, very valuable

A thorough and "user-friendly" introduction .......2004-08-07

Now in an updated and expanded second edition Snort 2.1 Intrusion Detection offers completely up-to-date information and instruction ranging from the basics of installation, preprocessor configuraton, and optimization of the Snort software system. Enhanced with an accompanying CD-ROM, Snort 2.1 Intrusion Detection combines explict instructions for applying the software along with a wealth of sample code, tips, tricks, and techniques, and the option to participate in the Snort mailing list. A thorough and "user-friendly" introduction to a software option tailored especially guarding privacy and integrity in the digital age

Network Security Hacks: Tips & Tools for Protecting Your Privacy (Hacks)

Average customer rating:

Great bag of tricks for the network security professional
Not for beginners...
Power Tips and Tricks
Network Security Hacks
A good book for both Linux and Windows

Network Security Hacks: Tips & Tools for Protecting Your Privacy (Hacks)
Andrew Lockhart
Manufacturer: O'Reilly Media, Inc.
ProductGroup: Book
Binding: Paperback

General | Certification Central | Computers & Internet | Subjects | Books

Privacy | Business & Culture | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Hardware | Computers & Internet | Subjects | Books

Internet Security | O'Reilly | By Publisher | Books

Look Inside Business Books | Trip | Specialty Stores | Books

Look Inside Computer Books | Trip | Specialty Stores | Books
Similar Items:

Windows Server Hacks
Network Security Assessment: Know Your Network
Linux Server Hacks: 100 Industrial-Strength Tips and Tools
Linux Server Hacks, Volume Two: Tips & Tools for Connecting, Monitoring, and Troubleshooting (Hacks)
Linux iptables Pocket Reference

ASIN: 0596527632

Book Description

In the fast-moving world of computers, things are always changing. Since the first edition of this strong-selling book appeared two years ago, network security techniques and tools have evolved rapidly to meet new and more sophisticated threats that pop up with alarming regularity. The second edition offers both new and thoroughly updated hacks for Linux, Windows, OpenBSD, and Mac OS X servers that not only enable readers to secure TCP/IP-based services, but helps them implement a good deal of clever host-based security techniques as well.

This second edition of Network Security Hacks offers 125 concise and practical hacks, including more information for Windows administrators, hacks for wireless networking (such as setting up a captive portal and securing against rogue hotspots), and techniques to ensure privacy and anonymity, including ways to evade network traffic analysis, encrypt email and files, and protect against phishing attacks. System administrators looking for reliable answers will also find concise examples of applied encryption, intrusion detection, logging, trending and incident response.

In fact, this "roll up your sleeves and get busy" security book features updated tips, tricks & techniques across the board to ensure that it provides the most current information for all of the major server software packages. These hacks are quick, clever, and devilishly effective.

Customer Reviews:

Great bag of tricks for the network security professional.......2007-01-10

This second edition of Network Security Hacks is a collection of 125 powerful security techniques. This volume demonstrates effective methods for defending your servers and networks from a variety of devious and subtle attacks. Within this book are examples of how to detect the presence and track every keystroke of network intruders, methods for protecting your network and data using strong encryption, and even techniques for laying traps for would-be hackers. Many important security tools are presented, as well as interesting ways for using them to reveal useful information about your network's activity. There is mention in the beginning of the book about "code", but I haven't run across any yet. The closest thing I found to code were forms of command lines for various network tools and expected typical responses. So if you are not a programmer, don't be scared away. The following is the table of contents:

Chapter 1, Unix Host Security, demonstrates advanced techniques for hardening your Linux, FreeBSD, or OpenBSD server.

Chapter 2, Windows Host Security, covers many important steps that Windows administrators often overlook, including tightening down permissions, auditing all system activity, and eliminating security holes that are present in the default Windows installation.

Chapter 3, Privacy and Anonymity, discusses several ways to protect oneself online by offering solutions for encrypting email, remaining anonymous, and managing passwords for web sites.

Chapter 4, Firewalling, shows how to set up firewalls under various operating systems, such as Linux, OpenBSD, FreeBSD, and Windows. Different filtering and firewall testing techniques are also covered in this chapter.

Chapter 5, Encrypting and Securing Services, shows how provide secure services for SMTP, IMAP, POP3, Apache, and MySQL.

Chapter 6, Network Security, demonstrates some tools and techniques used to attack servers using the network itself, as well as methods for preventing these attacks.

Chapter 7, Wireless Security, includes only a handful of very useful hacks. Whether you want to share your network with others and still maintain a semblance of security, or lock down your wireless network with fine-grained authentication, this chapter has something for you.

Chapter 8, Logging, shows you how to balance the need for information with the need for brevity by automatically collecting, processing, and protecting your system logs.

Chapter 9, Monitoring and Trending, presents a number of tools and methods for watching your network and services over time, allowing you to recognize trends that will aid in future planning and enable you to tell at a glance when something just isn't right.

Chapter 10, Secure Tunnels, shows you how to implement powerful VPN technologies, including IPSec, PPTP, and OpenVPN. You will also find techniques for protecting services using SSL, SSH, and other strong encryption tools.

Chapter 11, Network Intrusion Detection, centers on the tremendously popular NIDS tool Snort and presents many techniques and add-ons that unleash this powerful tool's full potential. Also presented are methods for setting up your own "honeypot" network to attract and confuse would-be system crackers.

Chapter 12, Recovery and Response, contains suggestions on how to verify your system's integrity, preserve evidence for later analysis, and track down the human being at the other end of undesirable network traffic.

I would recommend this book to any network security professional. However, I think it is too advanced for someone who is just interested in the profession or someone who is tinkering with a home network on an amateur basis. There is no "beginner's material" to be found in this book, and it will likely be over your head if you are not already working in the field.

Not for beginners..........2006-12-26

"Network Security Hacks" Second Edition
by: Andrew Lockhart
O'Reilly Media, Inc. 2007
ISBN: 10: 0-596-52763-2

Network Security Hacks is more advanced than some of the other "Hacks series" books.
Explains the why and how of securing your Unix, Linux, or Windows servers. Protect your data and your users form outside threats, using the detailed examples in this book. Not for beginners, this book is intended for experienced administrators, already familiar with server configurations.

Power Tips and Tricks.......2006-11-20

O'Reilly's Hacks series have been hit or miss; mostly hits, and this second edition is no exception. Lockhart and friends bring together a set of tips and tricks in the classic O'Reilly form, and cover a scattershot of topics that people like to know.

There's over 100 hacks here, and I can't possibly cover them all. I'll pick and choose topics to illustrate why I think this book is a success. As other reviewers have noted, this book focuses on Linux and BSD security, but it does cover Windows in a decent amount. This probably reflects the community's choice of OSes (but does under represent some OS X specifics), and the availability of tools and techniques.

Chapter 1, covering 20-some hacks, covers UNIX host-level security. A lot of it is stuff you've seen before, but some of it is stuff that's hard to find (ie Systrace setups, sandboxing services), or so disparate that it's nice to have it all in one place. Chapter 2 covers over a dozen hacks for Windows that are similar, securing your Windows host.

The chapters on privacy (3), encrypting services (5), and tunneling (Chapter 10) are pretty good. They're tight, well written, and clear enough that an intermediate network or system administrator could do well. I liked that chapter 4 covered firewalling for PF on BSD, Linux's Netfilter, and the Windows firewall all similarly. The hacks on VPNs using various tools are great, they're clear in an amazingly short space.

Network and wireless security get a fair shake, and you can even learn how to scan the network for viruses, detect ARP attacks, deploy a captive portal, and assess your systems for vulnerabilities. Again, a nice spread of topics, most of them well covered in a short space.

NIDS topics get their own chapter, and things like Snort setup, maintenance, and even the basics of rule writing get covered. You'll even get an intro to Honeyd for your time.

I would have liked to have seen Chapter 12 on recovery and response get a lot more time and effort, I think it's sorely needed. Perhaps if everyone writes a hack for this chapter they'll add them to the third edition.

All in all a good book for a skilled, intermediate level system and network administrator. This book carries on the hacks series with style and skill, and delivers almost everything in a small package.

Network Security Hacks.......2006-08-18

The book is very well written in a professional form. I was able to learn a lot out of it. It should be in every IT security persons library. But it is not a book for beginners. Although all issues are well explained, a certain computer background is needed, and not basic knowledge only. The book is worth its price.

Werner Preining, captain, CPP, CAS

A good book for both Linux and Windows.......2006-03-17

First, I write software professionally. I write software, I am not a Sys Admin (which is hard work I might add; System Administration is for hardcore people.) This book saved me money by giving me answers to problems that would have taken me days to find the answers to by searching the internet.

I would have said 5 stars but this covers Unix, Windows and Linux and I was just looking for a Linux book. It is good none the less.

Time is money in this business and this book save both time and money.

Also the book is a "good" read. The authors write well and that keeps you reading. Not a dry manual.

If you are doing Linux for fun or work you need will need to buy this book. It allows you more time to sleep at night.

Books:

Books