Location:  Home » Home » Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century  
Categories
Home
Subcategories
Paperback
Mass Market
Trade
Related Categories
• Textbook Buyback
Specialty Stores
Books
• Privacy
Business & Culture
Computers & Internet
Subjects
Books
• Network Security
Networking
Computers & Internet
Subjects
Books
• Paperback
Binding (binding)
Refinements
Books
• Printed Books
Format (feature_browse-bin)
Refinements
Books
• Amazon.com: Non-Seasonal Buyback
Special Features Stores
Self Service
Books
• Networking
Computer Science
New & Used Textbooks
Specialty Boutique
Books

Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century

Practical Intrusion Analysis: Prevention and Detection for the Twenty-First CenturyAuthor: Ryan Trost
Publisher: Addison-Wesley Professional
Category: Book

List Price: $54.99
Buy New: $40.65
as of 9/5/2010 18:48 EDT details
You Save: $14.34 (26%)


New (32) Used (13) from $38.66

Seller: supermoviedeals
Rating: 4.0 out of 5 stars 9 reviews
Sales Rank: 53413

Media: Paperback
Edition: 1
Pages: 480
Number Of Items: 1
Shipping Weight (lbs): 1.7
Dimensions (in): 9.1 x 6.9 x 1

ISBN: 0321591801
Dewey Decimal Number: 005.8
EAN: 9780321591807
ASIN: 0321591801

Publication Date: July 4, 2009
Availability: Usually ships in 1-2 business days
Also Available In:

  • Kindle Edition - Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century
Similar Items:

Editorial Reviews:

Product Description

Practical Intrusion Analysis provides a solid fundamental overview of the art and science of intrusion analysis.”

–Nate Miller, Cofounder, Stratum Security

The Only Definitive Guide to New State-of-the-Art Techniques in Intrusion Detection and Prevention

Recently, powerful innovations in intrusion detection and prevention have evolved in response to emerging threats and changing business environments. However, security practitioners have found little reliable, usable information about these new IDS/IPS technologies. In Practical Intrusion Analysis, one of the field’s leading experts brings together these innovations for the first time and demonstrates how they can be used to analyze attacks, mitigate damage, and track attackers.

Ryan Trost reviews the fundamental techniques and business drivers of intrusion detection and prevention by analyzing today’s new vulnerabilities and attack vectors. Next, he presents complete explanations of powerful new IDS/IPS methodologies based on Network Behavioral Analysis (NBA), data visualization, geospatial analysis, and more.

Writing for security practitioners and managers at all experience levels, Trost introduces new solutions for virtually every environment. Coverage includes

  • Assessing the strengths and limitations of mainstream monitoring tools and IDS technologies
  • Using Attack Graphs to map paths of network vulnerability and becoming more proactive about preventing intrusions
  • Analyzing network behavior to immediately detect polymorphic worms, zero-day exploits, and botnet DoS attacks
  • Understanding the theory, advantages, and disadvantages of the latest Web Application Firewalls
  • Implementing IDS/IPS systems that protect wireless data traffic
  • Enhancing your intrusion detection efforts by converging with physical security defenses
  • Identifying attackers’ “geographical fingerprints” and using that information to respond more effectively
  • Visualizing data traffic to identify suspicious patterns more quickly
  • Revisiting intrusion detection ROI in light of new threats, compliance risks, and technical alternatives

Includes contributions from these leading network security experts:

Jeff Forristal, a.k.a. Rain Forest Puppy, senior security professional and creator of libwhisker


Seth Fogie, CEO, Airscanner USA; leading-edge mobile security researcher; coauthor of Security Warrior

Dr. Sushil Jajodia, Director, Center for Secure Information Systems; founding Editor-in-Chief, Journal of Computer Security

Dr. Steven Noel, Associate Director and Senior Research Scientist, Center for Secure Information Systems, George Mason University

Alex Kirk, Member, Sourcefire Vulnerability Research Team



Customer Reviews:
Showing reviews 1-5 of 9
1 2 Next »



5 out of 5 stars A great book on a growing subject!   August 19, 2009
C. Irvin (Birmingham, aL)
1 out of 1 found this review helpful

When I first began reading Practical Intrusion Analysis by Ryan Trost, I was a little put-off. He begins the book with an overview of IP Addressing, subnetting, and packets. This is a touchy way to begin any book as you will either lose your audience if they are new to this subject, or annoy them if they are already familiar. Ryan was able to expand on this subject without going too far in to the weeds, and provide a backbone that makes the next chapters easier to understand.

The following chapters are the real meat of the book and I really got a lot out of them. Ryan covers the entire area of intrusion detection and prevention solutions from the end-point to geographic-based. I'd recommend this book to any IT Professional who deals with network security, as it helps simplify a fairly complicated subject.


5 out of 5 stars A Pleasure to Read!!!   July 14, 2009
Tom Haskins (Mountain View, CA)
The author undertook a sizable endeavor as each of those chapter topics could arguably have entire books written about them. A primary reason why I enjoyed the book is it introduced me to subject matter material I wouldn't have previously read (physical security and visualization!) I did, however, skip the first 3 chapters as I've been working in InfoSec for a lifetime and if I read another thing about Snort I'll start pwning my own servers -- but I do understand that IT books need to cater to the masses and are forced to include some level of elementary material.

The chapters bring to light many of the security industry's "popular" topics and provides an accurate fundamental understanding of the topic and some of the latest approaches. But if you're a SME on a certain topic, after reading that topic's chapter, it's likely you'll learn a couple new things but it's not going to provide a new life changing vantage point.

I picked up the book for the Geospatial chapter and the NetFlow chapter. The NetFlow chapter gave me a better understanding of the technology and answered why I've been hearing so much about "NetFlow is going to soon replace signature IDS". I can see the advantages of NetFlow but until a NetFlow product is as mainstream as the S word [Snort], I don't anticipate that will happen for a very long long time!

The Geospatial chapter is simply a refreshing new approach to a mature (worn) topic. Truthfully, I'm not 100% sold on the geolocation of alerts but I was swayed enough that I've since reached out to a friend at NGA to discuss further.

Overall, I really enjoyed the book!


5 out of 5 stars Well rounded and worth the read   August 13, 2009
GOVSOC
1 out of 2 found this review helpful

I really enjoyed the book :: cover to cover. I also enjoyed that the book didn't focus on hardware/OS specific examples. One of my pet peeves of other IT books is the authors find the most atypical network-specific examples to use that I can't accurately translate it into my network. The book focused more on the concepts and used common examples when necessary (building signatures), etc. Also...I did really enjoy that chapter but found that the screen captures of the packet captures were of poor quality. Luckily some Googling lead me to the chapter datastreams/image downloads -- [...]

I also enjoyed the Visualization chapter...enough that I'm planning on catching Tufte's seminar next time he's in the area.

I recommend the book to both beginners and even the more technical audience.



4 out of 5 stars Took me 3 days to read -- so good enough to keep my attention   August 13, 2009
Sam Wong (Denver, CO)
1 out of 1 found this review helpful

...which actually is a lot to say since I've been diagnosed with ADHD for the better part of my life! I've been in security for 8 years and don't consider myself to be an expert but enough to be dangerous. I enjoyed learning about the different subjects that I'm not exposed to through my daily routine. I agree with the one reviewer...I wish there was a better documentation source on Bro (Robin/Vern -- spread the wealth!)!

I really enjoyed the geospatial IDS chapter. I saw the author speak at DefCon last year and enjoyed the topic then as well. The chapter provided a lot more background and insight than his presentation. The 'outside the box' thinking is innovative!!

I felt the chapters did a great job of explaining the intrusion strategies -- writing signatures (nearly beaten to death in previous documents but just enough before I started to get 'turned off'), dataflows, geospatial IDS, ROI, visualization, wireless, WAF, etc.

Added the book to my company's InfoSec library.



4 out of 5 stars Modern Intrusion Analysis   September 4, 2009
Jeyaprakash Kopula (San Jose, CA, USA)
1 out of 1 found this review helpful

My search for one book that gives me a bird's eye view of enterprise Intrusion detection and preventions systems process ends with this book. Any one who climbs up the ladder from different back ground in Information Security can easily understand the `ABCD' of Intrusion Prevention/Detection Analysis by reading this book. The author explained everything from the ground up. For e.g. when he writes about Network Intrusion Analysis, he started to explain from basic OSI reference model and TCP/IP model and goes on explaining how to capture data at various levels of the network.

This book starts with explaining how Enterprise IT infrastructure looks like and explained in brief what each technology mean for the reader. Another good outcome of reading this book is to understand the management aspect of handling Intrusion detection/ Prevention systems and process.

Let me briefly describe how this book is structured in terms of chapters and technology implementations. First the author went ahead and described two open source IDS/IPS platforms namely Snort and Bro. He then analyzed and compared (Apple to Orange) both tools to give us an idea which one is best. Obviously snort came out as winner. The reason quoted is that Bro is not a simple solution to implement. You have to define what is normal so that you can trigger abnormal if some intrusion happens. Second, Vulnerability lifecycle which describes how vulnerability goes through a cycle from detection to patching the systems. Other Chapters are arranged in this order to provide a holistic approach to Intrusion Analysis. Prevention techniques, Anomaly detection using NetFlows, Web APP Firewall techniques, Wireless IDS/IPS, Physical Intrusion Detection for IT, Geospatial Intrusion detection and finally ROI factors for business justification.


To the best of my knowledge the Snort/Bro type of implementations are merely secondary types in any enterprise security. Big IT organization today needs some one to take responsibility of the security vulnerability exposures. Hiring such a professional is costlier than paying support cost for maintaining Vendor products. But if you are really looking for crash course on IPS/IDS, I certainly recommend this book.

Advanced Examples given in Chapte 4, "Life Cycle of vulnerability" opens up a new horizon for Infosec professionals who are starting their career in network security. Author took diversified examples to attract all sorts of industry audience. For example SCADA is mostly used in process industries, Bitmap vulnerability targets PC users and DNS vulnerability targets Internet Industry. Author also provides some helpful tools and websites for your reference.

Analytical approach to proactive intrusion prevention and response is another favorite subject of mine. Author explains how an IT security analyst can use attack graphs to prevent any unforeseen incidents. Anomaly detection techniques using Network Flows are described in Chapter 6. Author weighed Multi-Vendor products which support Netflow technology is"must know" information.

Some of the important Chapter I liked was Web Application Firewall. Author goes on explaining various security models that one can apply according to their need and environment. Author also emphasizes on Physical intrusion detection that are mostly ignored in enterprise security. In analyzing ROI, author describes importance of cost/ benefit analysis and goes on explaining various mandatory compliance obligations to be taken in to consideration. He also introduced MSSP model and analysis the Pro's and Con's of outsourcing security operations. Finally, various insurance options are discussed in order to mitigate huge liability in case of any security breach.

Overall, the author covered the whole nine yards of Intrusion Prevention techniques. I highly recommend this book for all Security Analysts and anyone who oversees security operations. This book can also be a very good reference point for CISSP and CISM certifications. At the end, as network security professional, I would like to have this as one of the companion in my INFOSEC library.









Showing reviews 1-5 of 9
1 2 Next »


CERTAIN CONTENT THAT APPEARS ON THIS SITE COMES FROM AMAZON SERVICES LLC. THIS CONTENT IS PROVIDED ‘AS IS’ AND IS SUBJECT TO CHANGE OR REMOVAL AT ANY TIME.
Powered by Associate-O-Matic