Slashdot Mirror
Intrusion Detection
Disgruntled Goat sent us a review of Intrusion Detection, a text sure to be of interest to all those working in organizations. The author is a former NSA employee and has written this book as a text to convince upper-level types of the need for security and actually paying attention to it. Click below to read more.
Intrusion Detection
author
Rebecca Gurley Bace
pages
339
publisher
Macmillan Technical Publishing, o01/2000
rating
9/10
reviewer
Disgruntled Goat, disgruntled_goat@hotmail.com
ISBN
1-57870-185-6
summary
Very good InfoSec handbook for suits and junior suits.
The Scenario
Security books, quite frankly, are pretty much a dime a dozen, most of which are
written by people in IT field security. What immediately separates this book from
the rest is the background of the author. Ms. Bace is an ex-government employee,
spending 12 years in everyone's favorite spook organization, the National Security Agency. She led the Computer Misuse
and Anonmaly Detection (CMAD) Research Program for six years at the NSA. She also collaborated
on Computer Crime : A Crimefighter's Handbook by Dr. David Icove of the FBI. She also won the Distinguished Leadership Award in 1995 from the NSA.
And, it's $50 also.
What made this good for me was the fact that I could have points to show to management for InfoSec issues. I work in a hospital and we tend to attract a large amount of famous people as patients. If something damaging was leaked to the media about a famous person's medical condition that was potentially embarassing, we're looking at a good multi-million dollar lawsuit. This book isn't a by-the-book "How to protect your systems", but more of a book on what to safeguard, and how to detect patterns that may indicate patterns of unauthorized usage.
One of the things that I liked was the chapter on Legal Issues. One of the sections in the chapter was "What Real Cases Have Taught Us". It did a few page review on Mitnick's case, cut and dry. It shows that Shimomura was no rocket scientist, and with cooperation from the courts, you can bust almost anyone. But it did bring up several good points, such as obtaining court orders, how laws work, and how it can be considered evidence.
For those with functioning brains who have vested interests in InfoSec and protecting their organization from people who wish to do harm, and getting real security info, rather than from those half-assed "Security Experts" like JohnP, then pick this up.
What's Bad? This book is sort of dry reading. It's akin to reading college CS textbooks for pleasure. Or law books. What I didn't like is the fact that she wasn't real clear on the distinction of "hackers", nor how she describes them. She worries that "hackers" wish to "corrupt the trust process". And the focus for the book is not primarily for techies. It's designed for CIO smacking. Generally, if you're in an organization like mine, your CIO has very little technical background. So, good for CIO bashing.
And, it's $50 also.
What's Good? This is good if you're in a position where you need to convince management of security threats. It's also good for the kiddies who want to get an idea of what to look for when they're gunning for targets to disrupt.
What made this good for me was the fact that I could have points to show to management for InfoSec issues. I work in a hospital and we tend to attract a large amount of famous people as patients. If something damaging was leaked to the media about a famous person's medical condition that was potentially embarassing, we're looking at a good multi-million dollar lawsuit. This book isn't a by-the-book "How to protect your systems", but more of a book on what to safeguard, and how to detect patterns that may indicate patterns of unauthorized usage.
One of the things that I liked was the chapter on Legal Issues. One of the sections in the chapter was "What Real Cases Have Taught Us". It did a few page review on Mitnick's case, cut and dry. It shows that Shimomura was no rocket scientist, and with cooperation from the courts, you can bust almost anyone. But it did bring up several good points, such as obtaining court orders, how laws work, and how it can be considered evidence.
So What's In It For Me? If you're a script kiddie, probably nothing. But for those who are achin' to topple some network, this may be for you.
For those with functioning brains who have vested interests in InfoSec and protecting their organization from people who wish to do harm, and getting real security info, rather than from those half-assed "Security Experts" like JohnP, then pick this up.
Pick this book up at ThinkGeek.
Table of Contents- The History of Intrusion Detection
- Concepts and Definitions
- Information Sources
- Analysis Schemes
- Responses
- Vulnerability Analysis: A Special Case
- Technical Issues
- Understanding the Real-World Challenge
- Legal Issues
- For Users
- For Strategists
- For Designers
- Future Needs
One the more interesting Intrusion Detection concepts I've seen in recent times is the Deception ToolKit. What this program does is "fakes" a bunch of commonly exploited security holes on your system - even though those holes aren't actually there. This is could prove to be very good at catchin script kiddies who run sendmail break-in scripts, etc. A very interesting concept, indeed - I don't know how well it works, though. Anybody out there with any opinions on this piece of software?
Dear IRS,
I am writing to you to cancel my subscription.