APLawrence.com - Resources for Unix and Linux Systems, Bloggers and the self-employed

Intrusion Prevention and Active Response



Some material is very old and may be incorrect today

© March 2005 Tony Lawrence

Amazon Order (or just read more about) Intrusion Prevention and Active Response  from Amazon.com


The more security books I read, the more I feel like I'm standing in a hall of mirrors, with the villian plainly visible pointing a weapon at me. But where is he? Which reflection is the one I need to pay attention to? That's one of the many interesting points discussed here: false positives distract your attention from real problems, and the "bad guys" know that, so if you ever are under real attack, you can bet that you'll also be seeing all manner of distracting false attacks also. That's just reality today, but is something not many security books bother to point out: the bad guys will use your own defenses against you.

This book is excellent, but not a beginner's book - you'll need to read some other security books before jumping into this (we list quite a few here in this section). On the other hand, the format of this is very good for learning: each section presents ideas and concepts, and is followed by a summary that bullets important points, links to related web sites, etc.. It's like someone took lecture notes for you, and is really helpful in reviewing your understanding. That's followed by a less formal FAQ section that tries to anticipate questions readers might ask. Syngress also has a website where authors answer similar questions.

This is about intrusion prevention, not just detection. The point of prevention systems is to try to prevent problems before they happen. This includes such things as trying to prevent execution of code from buffer overflows, searching for indications of attacks in ip packets, and so on.

Each chapter is peppered with "Notes from the Underground" and "Tools and Traps" sidebars on the subjects of the chapter. These are real-world, as is the entire book: that's something I really appreciated. This has a constant focus on reality: it isn't at all a theoretical discussion; it's get your hands dirty, watch out for this, etc. All the important security tools are covered, mostly from a Linux perspective though Windows isn't entirely ignored. Weaknesses and strengths are examined, and the authors recognize that there is no perfect soultion.

Great job, the authors obviously put a lot of thought into it. The only fault I'd find at all is that some of it gets very techy, but that's really unavoidable: you can't begin to understand how some of these exploits work without a deeper understanding of geekish subjects. I think in general they did an excellent job with all of it.


If you found something useful today, please consider a small donation.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> Intrusion Prevention and Active Response


Inexpensive and informative Apple related e-books:

Take Control of the Mac Command Line with Terminal, Second Edition

Are Your Bits Flipped?

Take Control of iCloud, Fifth Edition

Take Control of Parallels Desktop 12

Sierra: A Take Control Crash Course





More Articles by © Tony Lawrence




Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





The problem of viruses is temporary and will be solved in two years. (John McAfee)




Linux posts

Troubleshooting posts


This post tagged:

Linux

Security

Unix



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode