Network Intrusion Detection: An Analyst's Handbook (2nd Edition) - Softcover

About the Author

Judy Novak is a Senior Security Analyst for the Army Research Laboratory. She is one of the founding members of the three year old Computer and Security Incident Response Team which is highly regarded among the military. She has assisted in deploying intrusion detection tools and monitoring at many different military and government sites. She is an author and speaker for the SANS Institute on TCP/IP and using the Shadow intrusion detection tool for network analysis.

From the Back Cover

Intrusion detection is one of the hottest growing areas of network security. As the number of corporate, government, and educational networks grow and as they become more and more interconnected through the Internet, there is a correlating increase in the types and numbers of attacks to penetrate those networks. Intrusion Detection, Second Edition is a training aid and reference for intrusion detection analysts. This book is meant to be practical. The authors are literally the most recognized names in this specialized field, with unparalleled experience in defending our country's government and military computer networks. People travel from all over the world to hear them speak, and this book will be a distillation of that experience. The book's approach is to introduce and ground topics through actual traffic patterns. The authors have been through the trenches and give you access to unusual and unique data.

From the Inside Flap

"The 2nd Edition of Network Intrusion Detection fortifies its position as the primary manual for front-line intrusion detectors. One of this book's major achievements is that it succinctly and thoroughly addresses the training needs of personnel operating sophisticated Intrusion Detection Systems. No other published volume gives hands-on analysts the tools to separate false positives from true alerts on a daily basis.

Buy this book if your job involves intrusion detection, incident response, or computer security in general. You will walk away wiser and better prepared to face the wiles of the Internet, and your company will benefit from an improved security posture."

-Captain Richard Bejtlich, Intrusion Technician, Air Force Computer Emergency Response Team

"This is the ONLY book addressing effective network intrusion detection and response. The content comes directly from daily "front-line" experience, and the material represents the best consensus from a variety of expert practitioners. There is not a resource out there which has more relevant than this book. I am rewriting my filters today based on what I have read." -Andy Johnston, Distributed System Manager, Office of Information Technology, University of Maryland, Baltimore County

"I love the writing style. Conversational with just enough humor to keep it interesting. Points like "seasoned administrators can skip this chapter" and "this point is important to understanding the rest of the chapter" are great guides to helping the reader work their way through the material."

-Chris Brenton, Senior Research Engineer at Dartmouth's Institute for Security Technology Studies

"I was particularly impressed by the suggested presentations to managers for laying out a cost-benefit analysis of the overall benefits of purchasing a host-based intrusion detection system and appropriate training for analysts. Intrusion Detection Systems can be extremely costly and may seem like "money pits" to people who do not understand the need for monitoring networks. This book would be extremely useful for anyone wishing to approach corporate managers on both of these issues."

-John Furlong, Security Consultant