by Stephen Northcutt
Publisher:New Riders Pub
Network Intrusion Detection: An Analyst's Handbook explains some of what you need to know in order to prevent unauthorised accesses of your networked computers and minimise the damage intruders can do. It emphasises, though, proven techniques of recognising attacks while they're underway. Without placing too much emphasis (or blame, for that matter) on any operating system or other software product, author Stephen Northcutt explains ways to spot suspicious behaviour and deal with it, both automatically and manually.
The case studies, large and small, are the best part of this book. Northcutt opens with a technical brief on the methods used by Kevin Mitnick in his attack upon Tsutomu Shimomura's server. In documenting that famous attack, Northcutt explains SYN flooding and TCP hijacking with clarity and detail: Readers get a precise picture of what Mitnick did, and how Shimomura's machine reacted. A former security expert for the US Department of Defense, Northcutt goes on to explain how a system administrator would go about detecting and defeating an attack like Mitnick's. Another case study appears later in the book, this one in the form of a line-by-line analysis of a history file that shows how a bad guy with root privileges attacked a Domain Name System (DNS) server. Reading Northcutt's analysis is like reading a play-by-play account of a football match. Network Intrusion Detection is one of the most readable technical books around. --David Wall, Amazon.com
Topics covered: Catching intruders in the act by recognising the characteristics of various kinds of attacks in real-time, both manually and with the use of filters and other automated systems; techniques for identifying security weaknesses and minimising false security alarms.
Search under way...