Product Description

The Chief Information Warfare Officer for the entire United States teaches you how to protect your corporate network. This book is a training aid and reference for intrusion detection analysts. While the authors refer to research and theory, they focus their attention on providing practical information. The authors are literally the most recognized names in this specialized field, with unparalleled experience in defending our country's government and military computer networks. New to this edition is coverage of packet dissection, IP datagram fields, forensics, and snort filters.

Product Details

• Amazon Sales Rank: #611642 in Books
• Published on: 2002-09-04
• Original language: English
• Number of items: 1
• Binding: Paperback
• 512 pages

Amazon.co.uk Review
A collection of after-action reports on a variety of network attacks, Network Intrusion Detection enables you to learn from others' mistakes as you endeavour to protect your networks from intrusion. Authors Stephen Northcutt and Judy Novak document real attacks on systems, highlighting characteristics you--you being a network communications analyst or security specialist--can look for on your own machines. The authors mince no words, advising you which detection tools to use (they like and use Snort, as well as Shadow, Tripwire, TCP Wrappers and others) and how to use them. This second edition of the book includes less about Year 2000 preparation and more about the latest in attacks, countermeasures, and the growing community of white-hat hackers who share information to keep systems safe.

In teaching their readers about the attacks that exploit a particular protocol or service, the authors typically present a TCPdump listing that shows an attack, then comment upon it. They tell you what the attackers did, how successful they were, and how the attack might have been detected and shut down. To cite one example, there's a very detailed analysis of Kevin Mitnick's famous attack (a SYN flood combined with TCP hijacking) on one of Tsutomu Shimomura's machines. By following the advice in this book, you will likely do very well in protecting your machines against people the authors call "script kiddies"--small-time hackers who follow published recipes (or run pre-written routines). You will also be about as prepared as you can be against more skilled attackers who make up their attacks on their own. This is great reading for anyone involved in developing filters to ward off attacks or monitoring network communications for suspicious activity. It's also a valuable resource for someone evaluating network countermeasures in preparation for deployment. --David Wall

Amazon.co.uk Review
Network Intrusion Detection: An Analyst's Handbook explains some of what you need to know in order to prevent unauthorised accesses of your networked computers and minimise the damage intruders can do. It emphasises, though, proven techniques of recognising attacks while they're underway. Without placing too much emphasis (or blame, for that matter) on any operating system or other software product, author Stephen Northcutt explains ways to spot suspicious behaviour and deal with it, both automatically and manually.

The case studies, large and small, are the best part of this book. Northcutt opens with a technical brief on the methods used by Kevin Mitnick in his attack upon Tsutomu Shimomura's server. In documenting that famous attack, Northcutt explains SYN flooding and TCP hijacking with clarity and detail: Readers get a precise picture of what Mitnick did, and how Shimomura's machine reacted. A former security expert for the US Department of Defense, Northcutt goes on to explain how a system administrator would go about detecting and defeating an attack like Mitnick's. Another case study appears later in the book, this one in the form of a line-by-line analysis of a history file that shows how a bad guy with root privileges attacked a Domain Name System (DNS) server. Reading Northcutt's analysis is like reading a play-by-play account of a football match. Network Intrusion Detection is one of the most readable technical books around. --David Wall, Amazon.com

Topics covered: Catching intruders in the act by recognising the characteristics of various kinds of attacks in real-time, both manually and with the use of filters and other automated systems; techniques for identifying security weaknesses and minimising false security alarms.

From the Publisher
Indispensable for the security analyst and administrator
Get answers and solutions from someone who has been in the trenches with Network Intrusion Detection: An Analyst's Handbook. Author Stephen Northcutt, original developer of the Shadow intrusion detection system and former Director of the United States Navy's Information System Security Office at the Naval Security Warfare Center, lends his expertise to intrusion detection specialists, security analysts, and consultants responsible for setting up and maintaining an effective defense against network security attacks.

Customer Reviews

Northcutt hits the ball out of the park!
I am the chief of a 15 person intrusion detection team, with responsibility for centralized, around-the-clock monitoring of a global network. I believe I have enough experience to claim Steven's book is first rate and sorely needed. His reconstruction of a Christmas Eve system compromise and his analysis of Kevin Mitnick's TCP hijack of Tsutomu Shimomura's host are excellent case studies. His coverage of reset scans and other non-standard reconnaissance techniques prompted me to scour my traffic for the same events and write a paper on my findings. I do not agree with some of his conclusions on SYN ACK and reset scans, but his work made me investigate those topics. While I would have preferred slightly more explanation and examples of network traces (who wouldn't?), I hope this book begins a trend of sharing (sanitized) packet-level incident details within the IDS community. I recommended Steven's book to every analyst on my flight and every person in my unit, and I plan to build in-house training around it. I guarantee every person with a technical leaning and a position on the front line of intrusion detection will appreciate Steven's book. See you at SANS Network Security 99!

Ahh, nothing like the smell of IP in the morning!
While this is a book on intrusion detection, I bought it for another reason. A friend refered me to this book when I asked him about "sniffing". The book is a great introduction to network sniffing! I give it "only" four stars because it falls short of its primary goal IDS.

Poor in in deep technical content.... not meaty enought.
The book provide a good list and overview of most IDS tools out in the market. Unfortunatly if you are looking to go into greater detail about types of intrusion... it comes quite short in content. I found if you are looking to read this kind of subject is because you want to go in deep into the information and not very quick overview as per book.