Practical Intrusion Detection Handbook - Softcover

About the Author

PAUL E. PROCTOR is the Director of Technology at Cybersafe Corporation and Chief Technology Officer of the firm's Centrax Division. Proctor has worked in intrusion detection for nearly 15 years and developed many commercial intrusion detection technologies. He sat on the Intrusion Detection Subgroup of the President's National Security Telecommunications Advisory Committee (NSTAC), has been an invited speaker at the CIA, and has been personally involved in several of the world's most significant intruder "take-downs." Sorry, but he can't tell you which ones!

From the Back Cover

The definitive guide to understanding, selecting, and deploying intrusion detection in the enterprise!

• Product selection, planning, and operations
• Filled with real-life cases and stories of intrusion detection systems in action
• Covers host-based and network-based intrusion detection

Foreword by Dorothy Denning, author of Cryptography and Data Security andInformation Warfare and Security

Technical Edit by Ira Winkler, author of Corporate Espionage

In The Practical Intrusion Detection Handbook, one of the field's leading experts shows exactly how to detect, deter, and respond to security threats using intrusion detection systems. Using real-world case studies and practical checklists, Paul E. Proctor shows what intrusion detection software can achieve, and how to integrate it into a comprehensive strategy for protecting information and e-commerce assets. No other guide to intrusion detection offers all this:

• Practical coverage of host-based, network-based, and hybrid solutions
• Detailed selection criteria and sample RFPs
• Key factors associated with successful deployment
• Intrusion detection in action: response, surveillance, damage assessment, data forensics, and beyond
• Six myths of intrusion detection and the realities

Whether you're a senior IT decision-maker, system administrator, or infosecurity specialist, intrusion detection is a key weapon in your security arsenal. Now, there's a start-to-finish guide to making the most of it:The Practical Intrusion Detection Handbook by Paul E. Proctor.

"Intrusion detection has gone from a theoretical concept to a practical solution, from a research dream to a major product area, from an idea worthy of study to a key element of the national plan for cyber defense. . . Nobody brought that about more than Paul Proctor. . . Paul brings his considerable knowledge and experience with commercial intrusion detection products to this first-of-a-kind book."
From the Foreword by Dorothy Denning

From the Inside Flap

Preface

In the mid 1990s, Neil was an auditor for a major government agency in Canada. An inside embezzler had taken his agency for several million dollars and Neil was asked to help pick up the pieces. For over 6 months, Neil poured over transaction logs to trace the money, and figure out how it was done. A substantial amount of the money was never recovered.

On February 9, 2000 Amazon, E-Trade, and other pioneering ecommerce companies got hit with a distributed denial of service attack that collectively cost several million dollars. This electronic "Waterloo" changed the face of electronic commerce forever by highlighting the importance of effective detection and response in any successful on-line business.

In 1986, Dorothy Denning wrote a paper that set the stage for the development of commercial technologies that would provide detection, response, deterrence, and damage assessment. Intrusion detection, often misunderstood, provides the best chance for peace in an otherwise turbulent on-line world.

I've spent my career trying to get intrusion detection out of the research lab and into operational environments. I worked in intrusion detection research in 1988 to do a state of the art study for the U.S. Navy with the intent of deploying a system in an operational Navy environment. Then in 1990, I started work on generic testing paradigms to quantify the value of intrusion detection. In 1992, I designed the Computer Misuse Detection System (CMDS) at SAIC, one of the first commercial intrusion detection systems. CMDS saw real action and enjoyed some very large deployments starting in the mid 1990s. In 1997, I left SAIC to co-found Centrax Corporation and bring Intrusion Detection to the Windows NT masses. At Cybersafe I helped develop one of the first hybrid intrusion detection systems combining both network and host-based technologies.

I've researched systems, developed systems, deployed systems, sold systems, given seminars, and assisted investigations. This book was the next logical step. It was simple in concept: Write down everything I know about intrusion detection, make it understandable, and help businesses deploy operational systems.

You hold the results in your hands. This book will explain intrusion detection, dispel common myths, provide guidance on requirements and even help you acquire an intrusion detection system and operate it effectively throughout the entire project lifecycle. The format is designed to be readable. Anecdotes appear throughout to connect the information with the real world. Important points are punctuated and called out separately for emphasis and to make it easy to scan the text.

The book is divided roughly into thirds. The first third describes technology, the second effective operation, and the third project lifecycle. Near the end I provide a chapter on commercial products because this book is about using intrusion detection. These are your tools. This book is your manual.Paul E. Proctor
February 12, 2000
35,000 Feet, Somewhere Over the Pacific Ocean