Written to be both a training aid and a technical reference for intrusion detection analysts, Northcutt's book contains unparalleled, practical experience that can't be found anywhere else. With detailed explanations and illustrative examples from his own career, Northcutt covers the topic completely, from detect evaluation, analysis, and situation handling, through the theories involved in understanding hackers, intelligence gathering, and coordinated attacks, to an arsenal of preventive and aggressive security measures. Ideal for the serious security analyst, Network Intrusion Detection: An Analyst's Handbook is the tool that puts you in full control of your network's security.

Amazon.com® Reader Reviews (Ranked by Helpfulness)

Average Amazon.com® Rating:  Based on 49 Ratings

a classic case of lack of objectivity in review - 2006-05-26
Reviewer Rating:
If you read through the reviews, you would think that there is no other better book on the exposition of IDS systems than this one. The fact is that the quality of presentation of material is very poor, and the book reads like a collection of newsgroup replies and a few cut and paste web articles. So why this discussion ? It happens that Stephen Northcutt is an author and evaluator at GIAC and SANS, private organizations trying to hype up their brand name "certifications". It helps to be in the good looks of SANS when it comes to the "certification" and "advertising" arena. The bottom line: read between the lines (there is one proper review in the list before this one) and hope for a more objective approach when it comes to book reviews. Until then, if you do not trust this review, you have to risk it and buy it ! Flamers, you are welcome to go ahead and get into the good books of Northcutt.

Lots of good info here! - 2007-04-11
Reviewer Rating:
Very nice! Wow this book gets into detail, down to sequence numbers anomalies, I mean after reading this you can read tcpdumps and just be able to see whats going on - kind of like that scene in the matrix with being able to look at code and see the woman in the red.
Well maybe Im going overboard a bit, but it does give you really nice detail of how the protocol works, how it can be attacked, how DNS/FTP/email/telnet etc work and can be used maliciously - so that way you know how to pick up on attacks. Not bad at all. Combine this book with another one focusing purely on a specific IPS/IDS and maybe one more purely focusing on hacking tools, and Id say you are well armed.

Of course I would recommend real life lab-time usage of all discussed :)

Great book! - 2008-12-14
Reviewer Rating:
This is a great book for both someone new to intrusion detection and people who already have familiarity with the field. A great, easily approachable chapter on internet basics, followed by very clear descriptions and examples. Combines specific examples with discussion of the broader context, themes, and issues around intrusion detection. And there's also a fair bit of humor and "in the trenches" feel, making the book a lor more fun to read than I thought it would be. For my purposes, I found this book the "mother lode" giving me the information and perspective I needed.

Best for Practicing Professionals - 2008-07-16
Reviewer Rating:
This book is written for professionals who are practicing intrusion detection. If you need a graduate level presentation that contains theory and references, then see Intrusion Detection (MTP) and Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response, but you will still need this book to see how intrusion detection is actually done.

A well done work - 2007-06-27
Reviewer Rating:
The book's very good,it's very helpful for those who work with network,specially in security field.The authors are very experienced in networking.
It describes the TCP/IP in detail and shows how it work and how to recognize strange network traffic by monitoring the network using tcpdump.
I recommend it for seasoned network administrators and for beginners.

Browse Similar Topics

Top Level Categories:
Networking

Sub-Categories:
Networking > Intrusion Detection
Networking > Security