Intrusion Detection Systems", Tim Crothers,
2003, 0-7645-4949-9, U$40.00/C$62.95/UK#29.95
%A Tim Crothers
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%I John Wiley & Sons, Inc.
%O U$40.00/C$62.95/UK#29.95 416-236-4433 fax: 416-236-4448
%P 316 p.
%T "Implementing Intrusion Detection Systems"
preface implies that this book is a professional
building and maintaining intrusion detection systems
(IDSs). I'd say
it has a fair way to go before it could make that claim.
one is an overview of intrusion detection. The basic
are all included, but it is often difficult to understand
that the author is making. Net-based IDS gets a somewhat
review in chapter two, alongside a very brief introduction
There are lots of printouts of event and audit logs
in chapter three
but very little explanation of the basic ideas behind
Chapter four is supposed to tell us how to handle alerts,
but the long
listings of packet traffic related to specific attacks
interpreted particularly well) do not really provide
any useful advice
on incident response. Chapters five and six raise a
number of issues
to consider when planning and maintaining an IDS, but
of information is neither organized nor exhaustive
in terms of the
factors which need to be dealt with. Supposedly about
seven is mostly about analysis of logs for an example
scripts involved in installing Snort on Linux are listed
work is vague, unstructured, and incomplete. Yes,
it would help
you get an intrusion detection system running, but
it has neither the
conceptual depth of either of the two "Intrusion
Amoroso (cf. BKINTDET.RVW) or Bace (cf.
the detail of"
Intrusion Signatures and Analysis" (cf.
nor even the
practicality of Koziol's "Intrusion Detection
with Snort" (cf.
copyright Robert M. Slade, 2003 BKIMPIDS.RVW 20030909