The Practical Intrusion Detection Handbook

Rather than emphasize the characteristics of attacks on computers and networks, The Practical Intrusion Detection Handbook places its focus on the tools, resources, and policies that should be in place to help security administrators do their jobs. It deals with preventing attacks, detecting and stopping them when they occur, and assessing--after the fact--the damage they cause. Throughout, the importance of record keeping is emphasized, particularly that accurate and unmuddled log files are necessary to back up legal charges or support certain firing decisions, if necessary. The business environment beyond the security officer's cubicle is also explored, including how to justify security expenditures to organizational decision makers.

This isn't exactly an academic text, but it's a step removed from the sorts of play-by-play descriptions of attacks and defenses you'll find in Stephen Northcutt's security books--reference is made to those books, as a matter of fact. This hardback volume explains the appearance of various kinds of attacks in broad terms, and shows how intrusion detection systems (IDS) can spot and record the clues (Windows NT security log entries are often used as examples). The text is conversational and liberally studded with bulleted definitions, boxed case studies, and references to Web sites and paper documents. While a working security administrator would probably want to back this book with one of Northcutt's texts and other more detailed books, The Practical Intrusion Detection Handbook makes an excellent choice for a student of business management who wants to be more than minimally informed about the operation of corporate information systems, so as to make better decisions about those systems. --David Wall

Topics covered: Intrusion detection systems (IDS) for whole networks as well as for individual computers, with emphasis on how intrusion detection works and how to configure it for maximum effectiveness and minimum false alarms. Establishing policies and setting procedures, and ways to choose IDS products and justify their purchase to management.