The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site

Book details of 'Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response'

Cover of Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response
TitleIntrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response
Author(s)Edward G. Amoroso
PublishedFebruary 1999
PublisherIntrusion.Net Books
Web links for this book
Search at
Wikipedia booksources
Shop for this book
As an Amazon Associate I earn from qualifying purchases

Back to shelf Computer networks
Back to shelf Computer security


Vote for this book

The Virtual Bookcase Reviews of 'Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response':

Reviewer Rob Slade wrote:
This is not (very much not) to be confused with the identically named, and almost equally recent, book by Escamilla (see reviews). Where Escamilla's is basically a large brochure for various commercial systems, Amoroso has specifically chosen to avoid products, concentrating on concepts, and not a few technical details. The text is based on material for an advanced course in intrusion detection, but is intended for administrators and system designers with a security job to do. Chapter one, after demonstrating that the term means different things to different people, gives us an excellent, practical, real world definition of intrusion detection. This is used as the basis for an examination of essential components and issues to be dealt with as the book proceeds. Five different processes for detecting intrusions are discussed in chapter two. Each method spawns a number of "case studies," which, for Amoroso, means looking at how specific tools can be used. (This style is far more useful than the normal business case studies that are long on who did what and very short on how.) Intrusion detection architecture is reviewed in chapter three, enlarging the conceptual model to produce an overall system. Chapter four defines intrusions in a way that may seem strange, until you realize that it is a very functional description for building detection rules. The problem of determining identity on a TCP/IP internetwork is discussed in chapter five, but while the topic is relevant to intrusion detection, few answers are presented. Correlating events is examined in chapter six. Chapter seven looks at setting traps, primarily from and information gathering perspective. The book ends with a look at response in chapter eight. The bibliography is, for once, annotated. While I do not always agree with Amoroso's assessments; I think he tends to give the benefit of the doubt to some who primarily deliver sensation; the materials are generally high quality resources from the field. Books and online texts are included, although the emphasis is on journal articles and conference papers. The content is readable and, although it seems odd to use the word in relation to a security work, even fun. I suppose, though, that I must point out that your humble "worst copy editor in the entire world" reviewer found a significant number of typographic errors. (And some that can't be put down to typos: I think you'll find that it's "berferd" rather than "berford.") This book works on a great many levels. It provides an overall framework for thinking about security. It thoroughly explains the concepts behind intrusion detection. And it gives you some very practical and useful advice for system protection for a variety of operating systems and using a number of tools. I can recommend this to anyone interested in security, with the only proviso being that you are going to get the most out of it if you are, indeed, responsible for designing network protection. copyright Robert M. Slade, 1999

Add my review for Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response

Book description:

The new book - Intrusion Detection - by best selling computer security author Edward Amoroso introduces a fascinating security technique for catching Internet crackers in real time. The book outlines critical issues in intrusion detection including techniques for Internet surveillance, correlation, trace back, honey pot traps, and incident response. The book includes hundreds of illustrations and provides case studies from popular commercial systems. An annotated biliography and index is included.

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (120)
Cars and driving (53)
Cartoons (45)
Children's books (180)
Computer (475)
Computer history/fun (113)
Computer networks (382)
Computer programming (215)
Computer security (272)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (71)
History (138)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (85)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (56)
Technology (14)
Travel guides (308)
War and weapons (29)
World Wide Web (213)
Zen (5)
Other books (89)

The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail
Site credits
Copyright © 2000-2020 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement