Average Customer Review:
 ( 49 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
60 of 61 found the following review helpful:
 Best IDS book for hands-on implementorsJan 30, 2000
By J. G. Heiser
Of the 3 available intrusion detection texts, this is by far the best for someone who actually wants to do intrusion detection. It is breezy & chatty--like sitting down with a good friend (unfortunately, one who doesn't organize his thoughts very well and whose editor was apparently in a hurry).This is a bits & bytes book; it assumes some knowledge of TCP/IP and security concepts, but it accomodates non-specialists. It is useful for readers of varying levels of familiarity with Internet protocols. Northcutt provides an excellent introduction to the specific mechanisms of the most common network attacks, and offers the most cogent description I've seen of the [purported] Mitnick attack on Shimomura. I especially enjoyed his efforts at providing neophyte intrusion analysts with political advice. His insight that host-based IDS is technically superior to network-based, but politically impractical is a gem of organizational wisdom.
48 of 48 found the following review helpful:
 Readable, intelligent, down-to-earth.Oct 02, 1999
By Greg Broiles
Network Intrusion Detection is rare among technical books - it's comprehensive, accurate, interesting, and intelligent; it's got none of the "filler" chapters which seem to be prevalent in the genre. It's well worth the relatively small investment of time and money required to read and understand it. The author has "been there, done that" which gives him a perspective unavailable to professional technical authors who write about Java one month, CORBA the next, will be assigned a firewall book next. This book will be useful to people responsible for intrusion detection, people who manage them, and to people who need to understand attack techniques and the forensic tools needed to detect and document them. Highly recommended; it's in the same class as Cheswick & Bellovin's classic _Firewalls and Internet Security_.
38 of 38 found the following review helpful:
Northcutt hits the ball out of the park!Aug 26, 1999
By Richard Bejtlich
"TaoSecurity"
I am the chief of a 15 person intrusion detection team, with responsibility for centralized, around-the-clock monitoring of a global network. I believe I have enough experience to claim Steven's book is first rate and sorely needed. His reconstruction of a Christmas Eve system compromise and his analysis of Kevin Mitnick's TCP hijack of Tsutomu Shimomura's host are excellent case studies. His coverage of reset scans and other non-standard reconnaissance techniques prompted me to scour my traffic for the same events and write a paper on my findings. I do not agree with some of his conclusions on SYN ACK and reset scans, but his work made me investigate those topics. While I would have preferred slightly more explanation and examples of network traces (who wouldn't?), I hope this book begins a trend of sharing (sanitized) packet-level incident details within the IDS community. I recommended Steven's book to every analyst on my flight and every person in my unit, and I plan to build in-house training around it. I guarantee every person with a technical leaning and a position on the front line of intrusion detection will appreciate Steven's book. See you at SANS Network Security 99
16 of 17 found the following review helpful:
Thorough discussion of Intrusion DetectionNov 27, 2000
I read the book from cover to cover and found the book very useful and interesting. The author uses a lot of tongue-in-cheek humor and makes the subject very interesting with interesting examples and anecdotes. He also includes a lot of actual log files in his examples which really makes the book practical and easy to understand. The book also talks about intelligence gathering techniques employed by hackers, the hacker community, and selling management on the idea of intrusion detection. As a network security professional I find myself grappling with the issue of convincing management to fund network security and will use the ideas of this author who clearly has a lot of experience in getting funding from management. I was able to immediately apply some of the ideas and principles in the book to my benefit.
14 of 15 found the following review helpful:
A readable and timely introduction to catching the bad guysSep 10, 1999
By Andrew T. Wilson
"andrewwilson11"
When "Network Intrusion Detection" is made into a big-budget Hollywood movie, I see Harrison Ford starring in the Stephen Northcutt role. He's experienced and more than a little hard-bitten, he has no patience for the foolish and the ill-prepared, but he really knows his stuff. Plus, there's a gleam of playfulness in the way he tackles the bad guys. Think "Indiana Jones and Back Doors of Quake." Seriously, Stephen Northcutt is a good writer. He's been there and he's done that, and this book is the summary of what he's learned so far about detecting and countering breakins to a computer network. The book is quite current, documenting exploits as recent as early '99, which is both a plus and a minus. The plus is obviously the freshness and relevance of the content, the minus lies in the somewhat unpolished nature of the book, no doubt an artifact of speedy publication (typos abound, and organization could be improved). However, on balance, I'd recommend this book to anyone with an interest in computer security. It could also serve as an introductory textbook on hacking into networks, as Mr. Northcutt surely realizes.... But dark hackers already have their own "apprenticeship" system, as he points out, whereas the white-hat community needs books such as this for training analysts.
See all 49 customer reviews on Amazon.com
|
based on 49 reviews
