The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'Intrusion Detection: Network Security Beyond the Firewall'

Cover of Intrusion Detection: Network Security Beyond the Firewall
TitleIntrusion Detection: Network Security Beyond the Firewall
Author(s)Terry Escamilla
ISBN0471290009
LanguageEnglish
PublishedSeptember 1998
PublisherJohn Wiley & Sons
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer networks
Back to shelf Computer security
Amazon.com info for Intrusion Detection: Network Security Beyond the Firewall

Score:

Vote for this book

The Virtual Bookcase Reviews of 'Intrusion Detection: Network Security Beyond the Firewall':

Reviewer amazon.com wrote:
This superior text on computer security is extremely rich in information, based on experience, and a pleasure to read. In addition, the author is donating part of his royalties from this book to various charities--initially, a foundation that fights child abuse. Escamilla begins by exploring intrusion prevention systems--firewalls, user authentication routines, and access controls--and telling how to properly set up such systems. He then describes mechanisms that identify and minimize damage caused by electronic break-ins once they occur. The author covers both system-level and network-level intrusion-detection systems, describing tools that attempt to catch not only outsiders who have broken in, but also legitimate system users who are up to no good. Escamilla details several anti-intruder tools, including packet sniffers and vulnerability scanners. He describes a lot of Unix hacks and tells what you can do to prevent them from taking place on your systems. Other chapters focus on intrusions in Windows NT environments and what to do when your system is under attack. Escamilla closes with references to other sources.
Reviewer Rob Slade wrote:
Maybe my perception is skewed from having been involved with physical security as well as the computer kind, but I see intrusion detection as being part of security. There is no security system that cannot be penetrated or bypassed, and so detection is, in my view, simply a fact of security life. Isn't that what auditing, one of the main pillars of data security, all about? So I find the attempt to sell the idea of intrusion detection somewhat redundant. Then there is the emphasis on reviewing commercial Intrusion Detection Systems (IDS). Part one looks at what happens before intrusion detection: the traditional role and model of computer security. Chapter one provides a brief, but reasonably sound, overview of this classic paradigm, concentrating on defining most of the theoretical terms used. Some identification and authentication details from both UNIX and Windows NT start our chapter two, which then meanders through a few examples of password cracking, and finally ends with a look at ticket granting systems and other authentication improvements. A similar look at access control is provided by chapter three. Given the complexity of networking and network security, the number of topics covered in chapter four is unsurprising. Part two looks at intrusion detection by extending the traditional security design. Chapter five is fairly pivotal, as evidenced by the title "Intrusion Detection and Why You Need It." The "why" part comes first, with a rather weak example showing that security systems can have loopholes if you don't configure or program everything properly. Intrusion detection then seems to be defined as the usual game of find vulnerability-fix-repeat, only in automated form. A number of possible attacks are mentioned in chapter six, and then a promotion of the addition of an IDS layer to a system, without a corresponding reiteration of the warning, from chapter four, that layers in a system increase the possibility of loopholes. I was rather astonished that SATAN [Security Administrator's Tool for Analyzing Networks] was not included with the vulnerability scanners mentioned in chapter seven. Two more sophisticated products are reviewed in chapter eight. Chapter nine looks at the possibility of catching intruders by traffic analysis, although "catch" seems to be too strong a term to use here. Since most of the foregoing deals with UNIX, chapter ten looks at similar products for NT, although most of the material seems to concentrate on NT's own audit logs. Part three looks at dealing with an intrusion once you have detected it. Chapter eleven recommends being prepared well, detecting early, analyzing thoroughly, and deciding judiciously. In one useful piece of advice, it recommends against an attack on a system you may think is hitting on yours. Chapter twelve is a quick summary of the book. As the author admits, in the final chapter, that intrusion detection systems are not the final word in computer security, I am inescapably reminded of the battles in the antiviral field over the relative strengths of scanners, activity monitors, and change detection systems. What works best? A combination approach, of course. The price of a secure system is more budget for administration time and tools. This book does not present any radically new approach or technique for system security. In fact, with the emphasis on proprietary commercial products, the work will date quite quickly. For those who are looking to add an automated IDS to their current network, the volume could act as a kind of incomplete buyer's guide. copyright Robert M. Slade, 1999
Add my review for Intrusion Detection: Network Security Beyond the Firewall

Book description:

A complete nuts-and-bolts guide to improving network security using today's best intrusion detection products Firewalls cannot catch all of the hacks coming into your network. To properly safeguard your valuable information resources against attack, you need a full-time watchdog, ever on the alert, to sniff out suspicious behavior on your network. This book gives you the additional ammo you need. Terry Escamilla shows you how to combine and properly deploy today's best intrusion detection products in order to arm your network with a virtually impenetrable line of defense. * Industry news * Product information

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2009 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement