Review by Billy Barron, Delphi Consultants

"Network Intrusion Detection Review: An Analyst's Handbook: Second Edition" (New Riders; ISBN 0-7357-1008-2) by Stephen Northcott and Judy Novak is the first New Riders review we have had at this web site in years. Several years ago New Riders had a reputation for being first to market on most topics with quality suffering for it.

This book assumes TCP/IP and the Internet though the cover does not say this. However, since that is the technologies that virtually all attacks use, this is not a bad thing. The book spends the first few chapters making sure that the reader has enough knowledge of TCP/IP to handle the rest of the book including showing how it works under normal circumstances.

After the intro, the book covers some basic attacks to give you a feel of what an attack can look like. This includes looking at the attacks that Kevin Mitnick has used.

Now the book covers more into the actual intrusion detection field now that the groundwork is laid. The first topics up are filtering traffic and attack signatures. Then comes a chapter that outlines network architecture issues that you need to consider when designing your network to detect attacks.

Chapter 10 talks about how various intrusion detection products can share data and also about correlating data. The next chapter looks at some of the instruction detection products out on the market./p>

Then the book discusses where the authors think the industry is heading.

The next several chapters after that focus on various attacks. Then a chapter follows that explains how to write filters to catch these exploits with TCPdump.

The authors then give two more chapters that show their analysis of two real world hacker attacks. One focuses on a UNIX based attack and the other on a network based attack. Both are interesting reading.

The book ends with three chapters that basically discuss business/ organizational issues. This is good because security can never just be a technical issue without considering business issues at the same time.

The authors definitely know the topic. The writing is clear and fun to read. It helped that this was a subject I am very much interested in since I used to have to do this on a regular basis.

The only negative of the book is that it seems to go from topic to topic without a clear path. I got the impression that the chapters were well designed, but then what order they are in the book and how they are tied together was done with little thought.

On the whole, this is a book I would recommend to any system administrators as well as computer security people. It is full of useful information and practical advise that I have not seen pulled together in one place before.