On intrusion detection and prevention
As technology keeps expanding in the security sector, cyber
criminals find newer and more sophisticated techniques for attacking networks.
Intrusion Detection & Prevention offers to help security officers
in understanding ways in which to enhance their existing security systems and
prevent attacks both from within and outside.
A crash course in IDS and IPS for
personnel dealing with security, both at the audit and administration
The IT industry is known to be afloat with buzzwordsand books written
on them. This book is an apt example of the same. The title of this 394-pager
can easily and rightly be called A crash course in IDS and IPS for personnel
dealing with security, both at the audit and administration level. This
is defined in the introduction itself, thus making it clear who the book is
targeted at, an early sign of the accuracy to come ahead in the book.
Earlier on in the text, the authors describe the basics of
intrusion detection and prevention, and the systems used to counter-attack any
attempt to intrude the network. The history of detection and prevention is also
mentioned here so that the reader gets an idea of earlier developments in the
technology. Right at the outset the authors manage to tell the reader about
the different abnormal traffic patterns in networks, and how they can or should
||Intrusion Detection & Prevention
||Carl Endorf, Eugene Schultz, Jim
In chapter 1 itself, the pros and cons of IDS (intrusion detection
systems) and IPS (intrusion prevention systems) are mentioned. However, at a
glance, the reader may be made to feel that the authors consider IPS to be of
secondary importance. The fundamentals of TCP/IP are discussed in the next chapter.
In part 2 of the book, the various IDS and IPS architectures are briefly mentioned,
and the advantages of agents are also spoken about. Chapter 7, i.e. IDS and
IPS Internals, manages to showcase vulnerabilities and how they are exploited.
Here the authors also mention ways in which malicious code can be detected.
It can be noticed again that the prevention aspect takes a backseat.
In the later chapters, various vendors and their IDS and IPS systemsRealSecure,
Cisco Secure, Snort and NFRare discussed. Again, stress is laid on IDS
products. IPS products are merely mentioned as smaller parts of the chapters.
This does not do complete justice to the books title.
Chapter 14 tells the reader how to go about implementing policies regarding
the installed systems. This, if not more important, is at least as important
as getting the hardware in place. Examples of system security templates are
provided in this chapter.
The next chapter is also very helpful as it gives an understanding of the various
legal systems. The authors also mention the various challenges that cyber-laws
may face because of the physical restrictions they have.
In the final chapter of the book too, stress is laid on the future of detection
rather than prevention.
To conclude, the authors summarise each chapter so that the reader knows and
remembers the important points discussed therein. Diagrams and tables give a
visual appeal to the book. It could have been called a must-read for security
officers only if the IPS systems were discussed in greater detail. One expects
that the upcoming editions of the book will rectify this error and make sure
that the reader is given knowledge on how to prevent an attack and not just