Intrusion Prevention and Active Response

© March 2005 Tony Lawrence

• Michael Rah,Angela Orebaugh,Graham Clark,Becky Pinkard,Jake Babbin
• Syngress
• 193226647X

The more security books I read, the more I feel like I'm standing in a hall of mirrors, with the villian plainly visible pointing a weapon at me. But where is he? Which reflection is the one I need to pay attention to? That's one of the many interesting points discussed here: false positives distract your attention from real problems, and the "bad guys" know that, so if you ever are under real attack, you can bet that you'll also be seeing all manner of distracting false attacks also. That's just reality today, but is something not many security books bother to point out: the bad guys will use your own defenses against you.

This book is excellent, but not a beginner's book - you'll need to read some other security books before jumping into this (we list quite a few here in this section). On the other hand, the format of this is very good for learning: each section presents ideas and concepts, and is followed by a summary that bullets important points, links to related web sites, etc.. It's like someone took lecture notes for you, and is really helpful in reviewing your understanding. That's followed by a less formal FAQ section that tries to anticipate questions readers might ask. Syngress also has a website where authors answer similar questions.

This is about intrusion prevention, not just detection. The point of prevention systems is to try to prevent problems before they happen. This includes such things as trying to prevent execution of code from buffer overflows, searching for indications of attacks in ip packets, and so on.

Each chapter is peppered with "Notes from the Underground" and "Tools and Traps" sidebars on the subjects of the chapter. These are real-world, as is the entire book: that's something I really appreciated. This has a constant focus on reality: it isn't at all a theoretical discussion; it's get your hands dirty, watch out for this, etc. All the important security tools are covered, mostly from a Linux perspective though Windows isn't entirely ignored. Weaknesses and strengths are examined, and the authors recognize that there is no perfect soultion.

Great job, the authors obviously put a lot of thought into it. The only fault I'd find at all is that some of it gets very techy, but that's really unavoidable: you can't begin to understand how some of these exploits work without a deeper understanding of geekish subjects. I think in general they did an excellent job with all of it.

Got something to add? Send me email.

---

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us