The Internet Protocol Journal - Volume 3, No. 4

Book Reviews

Book Review

Network Intrusion Detection?An Analyst?s Handbook, by Stephen Northcutt, ISBN 0735708681, New Riders Publishers, 1999.

Network security and the ability to detect intrusion attempts has become extremely important in today?s networks, regardless of size. I was looking for a book that would get technical on the details in these matters. Laura Chappell, the guru of packet-level information (www.packet-level.com ), recommended this book to me. I should have realized what I was getting into at that point. I purchased the book, which was a bit expensive for its size at $39.99, and eagerly began reading it.

Mr. Northcutt starts out with a good discussion on how Kevin Mitnick conducted his famous attack. The book presents some very good information on a variety of topics, intermixed with personal observations and opinion. This made for an enjoyable read. If you are considering getting an Intrusion Detection System (IDS), then this book will provide you with some valuable insight and guidelines to consider from a recognized industry expert in this field. Mr. Northcutt is affiliated with The System Administration, Networking, and Security (SANS) Institute (www.sans.org ).

Be aware that this book is not for the faint of heart. You will dive into the depths of packets and intrusion detection rather quickly, and never look back. This is both good and bad. I prefer an easy-to-read technical book, but the level of technical knowledge required to make sense of many of the examples is rather extensive. This includes how the many trace examples are presented in rather specialized fashion; in addition, the touted "detailed" explanations varied in usefulness quite a bit.

The book was marketed as a training aid; however, I suspect most readers need to be quite experienced to benefit from it. I admit I had to read many sections more than once in order to grasp the finer points being conveyed. I am confident that many readers have already echoed this sentiment to the author and publisher, since the second edition of this book was published in September 2000 and the page count has doubled, with only a modest price increase. I put it on my Christmas list!

?Tom Thomas, Mentor Technologies Group tothomas@mentortech.com


Would You Like to Review a Book for IPJ?

We receive numerous books on computer networking from all the major publishers. If you?ve got a specific book you are interested in reviewing, please contact us and we will make sure a copy is mailed to you. The book is yours to keep if you send us a review. We accept reviews of new titles, as well as some of the "networking classics." Contact us at ipj@cisco.com for more information.