Archives || Search || About Us || Advertise || Feedback || Subscribe-
-
Issue of September 2006 
-

[an error occurred while processing this directive]

  -  
 
 Home > Readerware
 Print Friendly Page ||  Email this story

On intrusion detection and prevention

As technology keeps expanding in the security sector, cyber criminals find newer and more sophisticated techniques for attacking networks. Intrusion Detection & Prevention offers to help security officers in understanding ways in which to enhance their existing security systems and prevent attacks both from within and outside.

A crash course in IDS and IPS for personnel dealing with security, both at the audit and administration level

The IT industry is known to be afloat with buzzwords—and books written on them. This book is an apt example of the same. The title of this 394-pager can easily and rightly be called ‘A crash course in IDS and IPS for personnel dealing with security, both at the audit and administration level.’ This is defined in the introduction itself, thus making it clear who the book is targeted at, an early sign of the accuracy to come ahead in the book.

Earlier on in the text, the authors describe the basics of intrusion detection and prevention, and the systems used to counter-attack any attempt to intrude the network. The history of detection and prevention is also mentioned here so that the reader gets an idea of earlier developments in the technology. Right at the outset the authors manage to tell the reader about the different abnormal traffic patterns in networks, and how they can or should be monitored.

Title : Intrusion Detection & Prevention
Author : Carl Endorf, Eugene Schultz, Jim Mellander
Publisher : Tata McGraw-Hill
Pages : 394
Price : Rs 495

In chapter 1 itself, the pros and cons of IDS (intrusion detection systems) and IPS (intrusion prevention systems) are mentioned. However, at a glance, the reader may be made to feel that the authors consider IPS to be of secondary importance. The fundamentals of TCP/IP are discussed in the next chapter.

In part 2 of the book, the various IDS and IPS architectures are briefly mentioned, and the advantages of agents are also spoken about. Chapter 7, i.e. IDS and IPS Internals, manages to showcase vulnerabilities and how they are exploited. Here the authors also mention ways in which malicious code can be detected. It can be noticed again that the prevention aspect takes a backseat.

In the later chapters, various vendors and their IDS and IPS systems—RealSecure, Cisco Secure, Snort and NFR—are discussed. Again, stress is laid on IDS products. IPS products are merely mentioned as smaller parts of the chapters. This does not do complete justice to the book’s title.

Chapter 14 tells the reader how to go about implementing policies regarding the installed systems. This, if not more important, is at least as important as getting the hardware in place. Examples of system security templates are provided in this chapter.

The next chapter is also very helpful as it gives an understanding of the various legal systems. The authors also mention the various challenges that cyber-laws may face because of the physical restrictions they have.

In the final chapter of the book too, stress is laid on the future of detection rather than prevention.

To conclude, the authors summarise each chapter so that the reader knows and remembers the important points discussed therein. Diagrams and tables give a visual appeal to the book. It could have been called a must-read for security officers only if the IPS systems were discussed in greater detail. One expects that the upcoming editions of the book will rectify this error and make sure that the reader is given knowledge on how to prevent an attack and not just detect it.

Rishiraj Verma

 
     
- <Back to Top>-  
Untitled Document
 
Indian Express - Business Publications Division

Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.