The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'Defense and Detection Strategies against Internet Worms'

Cover of Defense and Detection Strategies against Internet Worms
TitleDefense and Detection Strategies against Internet Worms
Author(s)Jose Nazario
ISBN1580535372
LanguageEnglish
PublishedNovember 2003
PublisherArtech House
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer networks
Back to shelf Computer security
Amazon.com info for Defense and Detection Strategies against Internet Worms

Score:

Vote for this book

The Virtual Bookcase Reviews of 'Defense and Detection Strategies against Internet Worms':

Reviewer Rob Slade wrote:
The preface states that the book is intended for security professionals, security researchers, and academics in the field of computer science. It is obvious that the author has attempted to write the material in a scholastic tone, but the necessary rigour and structure of thought is missing. Chapter one, an introduction of sorts, provides random information of questionable utility, such as the table listing the discovery of vulnerabilities compared against the time that elapsed before those loopholes were first released in active worms: no particular pattern seems to be indicated. Part one is supposed to be a background and taxonomy. Chapter two provides us with a definition. Nazario has obviously taken the Cohenesque definition of viruses (as attaching to files) and then assumed that a worm is any self-replicating program that does *not* so bind. The definition therefore appears to include almost all current viruses, and yet the author also attempts to ascribe certain characteristics to worms, such as control and construction of a network, and communication with other worm nodes. His later examples of worms, however, include a number that do not contain any of these aspects. He lists a number of components of worms, and yet the communications, command, and intelligence elements are not inherently part of much of modern malware, usually existing simply as specialized payloads. A simplistic growth pattern (and the fact that worms can generate network traffic) is presented in chapter three, but the actual traffic patterns examined do not fully correspond to the projected graph. The history and taxonomy given in chapter four has numerous errors: even the fictional representative, the tapeworm from Brunner's "The Shockwave Rider," is introduced erroneously, since it didn't shut down the network in the book, but rather opened it. Workstations affected by the infamous Xerox PARC worm could be restarted, and a vaccine was not needed or produced. The Morris Worm was an enormous nuisance, but it hardly "crashed the Internet." (And Loveletter did the rounds in 2000, not 2001.) There is a quick precis of a number of lesser known worms, and this may be helpful as a reference, but the analysis is very limited. The construction of a worm is described in chapter five, but the outline is often at odds with that given in chapter two. Part two reviews worm trends. Chapter six reworks some of the material from five in a facile listing of infection patterns (and presents an artificial "Shockwave Rider" pattern that does not seem to have any correspondence to reality). "Targets of attack," in chapter seven, simply enumerates network connected devices. Nazario does attempt to bring in abstract concepts related to network topologies, but these have little practical bearing on worms in reality. The possible futures for worms, as expressed in chapter eight, deals mostly with existing and already used technologies. There is some effort made to model effects, but these are not fully analyzed. Part three turns to detection. Chapter nine looks at traffic analysis, but only in terms of network based intrusion detection with rudimentary appraisal. Honeypots and "dark networks" (ranges of unused IP addresses) are said to be ways to detect and trap worms, but the explanation and dissection of the topic in chapter ten is very narrow. Signature based detection, in chapter eleven, revisits network based intrusion detection, and adds a brief mention of file scanning. Part four looks at defences. Chapter twelve's review of host based defence deals primarily with system hardening, antivirus scanners, and the concept of throttling. Nazario seems very loath, in his discussion of firewalls in chapter thirteen, to admit that this is simply another type of signature. The use of scanning within application level proxies is examined in chapter fourteen, although there seems to be some confusion with circuit level proxies at points. Chapter fifteen, entitled "Attacking the Worm Network," outlines a number of active measures: except for the idea of "sticky" tarpits (after the LaBrea program model) all of them require extensive specific knowledge of individual worms. A concluding chapter is provided in sixteen. Nazario's work does address the often neglected topic of worms, and he does break away from the mass of virus books that are locked into the traditional "file and boot infectors" model. His examples are drawn from more recent events, and he does attempt to analyze network effects and complications, rather than simply looking at systems in isolation. While he is to be commended for all this, his definition is too broad to provide for serious new modelling of the problem, and his analysis fails to provide a basis for future work. Still, for those who need a more complete picture of the malware threat, this work should be considered. It does provide new information, and does attempt to address the difference between worms, viruses, and other forms of malware. In this regard, it is a significant improvement over such lackluster spacefillers as Skoudis "Malware" (see reviews), the "E-mail Virus Protection Handbook" (see reviews), Dunham's "Bigelow's Virus Troubleshooting Pocket Reference" (see reviews), Schmauder's "Virus Proof" (see reviews), and even Grimes' somewhat better "Malicious Mobile Code" (see reviews). copyright Robert M. Slade, 2003
Add my review for Defense and Detection Strategies against Internet Worms

Book description:

This is the first book focused exclusively on Internet worms, offering you solid worm detection and mitigation strategies for your work in the field. This ground-breaking volume enables you to put rising worm trends into perspective with practical information in detection and defense techniques utilizing data from live networks, real IP addresses, and commercial tools. The book helps you understand the classifications and groupings of worms, and offers a deeper understanding of how they threaten network and system security. After examining how a worm is constructed and how its major life cycle steps are implemented, the book scrutinizes targets that worms have attacked over the years, and the likely targets of the immediate future. Moreover, this unique reference explains how to detect worms using a variety of mechanisms, and evaluates the strengths and weaknesses of three approaches—traffic analysis, honeypots and dark network monitors, and signature analysis. The book concludes with a discussion of four effective defenses against network worms, including host-based defenses, network firewalls and filters, application layer proxies, and a direct attack on the worm network itself.

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement