Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Product Author Bios
Ryan Trost is the Director of Security and Data Privacy Officer at Comprehensive Health Services where he oversees all the organization’s security and privacy decisions. He teaches several Information Technology courses, including Ethical Hacking, Intrusion Detection, and Data Visualization at Northern Virginia Community College. This enables him to continue exploring his technical interests among the endless managerial meetings. In his spare time, Ryan works to cross-pollinate network security, GIS, and data visualization. He is considered a leading expert in geospatial intrusion detection techniques and has spoken at several conferences on the topic, most notably DEFCON 16. Ryan participated as a RedTeamer in the first annual Collegiate Cyber Defense Competition (CCDC) and now fields a team of students in the annual event. Ryan has been a senior security consultant for several government agencies before transitioning over to the private sector. In 2005, Ryan received his masters of science degree in computer science from George Washington University where he developed his first geospatial intrusion detection tool.
“Practical Intrusion Analysis provides a solid fundamental overview of the art and science of intrusion analysis.”
–Nate Miller, Cofounder, Stratum Security
The Only Definitive Guide to New State-of-the-Art Techniques in Intrusion Detection and Prevention
Recently, powerful innovations in intrusion detection and prevention have evolved in response to emerging threats and changing business environments. However, security practitioners have found little reliable, usable information about these new IDS/IPS technologies. In Practical Intrusion Analysis, one of the field’s leading experts brings together these innovations for the first time and demonstrates how they can be used to analyze attacks, mitigate damage, and track attackers.
Ryan Trost reviews the fundamental techniques and business drivers of intrusion detection and prevention by analyzing today’s new vulnerabilities and attack vectors. Next, he presents complete explanations of powerful new IDS/IPS methodologies based on Network Behavioral Analysis (NBA), data visualization, geospatial analysis, and more.
Writing for security practitioners and managers at all experience levels, Trost introduces new solutions for virtually every environment. Coverage includes
- Assessing the strengths and limitations of mainstream monitoring tools and IDS technologies
- Using Attack Graphs to map paths of network vulnerability and becoming more proactive about preventing intrusions
- Analyzing network behavior to immediately detect polymorphic worms, zero-day exploits, and botnet DoS attacks
- Understanding the theory, advantages, and disadvantages of the latest Web Application Firewalls
- Implementing IDS/IPS systems that protect wireless data traffic
- Enhancing your intrusion detection efforts by converging with physical security defenses
- Identifying attackers’ “geographical fingerprints” and using that information to respond more effectively
- Visualizing data traffic to identify suspicious patterns more quickly
- Revisiting intrusion detection ROI in light of new threats, compliance risks, and technical alternatives
Includes contributions from these leading network security experts:
Jeff Forristal, a.k.a. Rain Forest Puppy, senior security professional and creator of libwhisker
Seth Fogie, CEO, Airscanner USA; leading-edge mobile security researcher; coauthor of Security Warrior
Dr. Sushil Jajodia, Director, Center for Secure Information Systems; founding Editor-in-Chief, Journal of Computer Security
Dr. Steven Noel, Associate Director and Senior Research Scientist, Center for Secure Information Systems, George Mason University
Alex Kirk, Member, Sourcefire Vulnerability Research Team
16 of 17 people found the following review helpful
Disjointed collection of chapters that doesn't practically analyze any intrusions,
This review is from: Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century (Paperback)I must start this review by stating the lead author lists me in the Acknowledgments and elsewhere in the book, which I appreciate. I also did consulting work years ago for the lead author's company, and I know the lead author to be a good guy with a unique eye for applying geography to network security data. Addison-Wesley provided me a review copy.
I did not participate in the writing process for Practical Intrusion Analysis (PIA), but after reading it I think I know how it unfolded. The lead author had enough material to write his two main sections: ch 10, Geospatial Intrusion Detection, and ch 11, Visual Data Communications. He realized he couldn't publish a 115-page book, so he enlisted five contributing authors who wrote chapters on loosely related security topics. Finally the lead author wrote two introductory sections: ch 1, Network Overview, and ch 2, Infrastructure Monitoring. This publication-by-amalgamation method seldom yields coherent or helpful material,... Read more
4 of 4 people found the following review helpful
Some good ideas, no consistency,
This review is from: Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century (Paperback)This book is not really a book: it is a collection of papers about security and intrusion detection. The book bears unfortunate, but noticeable signs of being written by multiple people who didn't talk to each other much.
I just finished reading the book and I can say I enjoyed it. It does have interesting ideas peppered in some places. Overall presentation consistency, however, is not lacking - it is absent. Also, the book is not terribly practical if you define practice as "protection of systems and networks from attacks." Many chapters are shallow and make the impression of being added to get the book to 450 pages threshold.
So, some chapters are fun and insightful ("Geospatial ID", "Physical IDS", the sections on signature tuning), some are funny (example: one chapter talks about SIEM, SIM and SEM, but errs about what "M" in those stands for... seriously!) and some are sad (example: the one that mentions IDMEF), while others are very shallow ("Wireless... Read more
2 of 2 people found the following review helpful
A great book on a growing subject!,
This review is from: Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century (Paperback)When I first began reading Practical Intrusion Analysis by Ryan Trost, I was a little put-off. He begins the book with an overview of IP Addressing, subnetting, and packets. This is a touchy way to begin any book as you will either lose your audience if they are new to this subject, or annoy them if they are already familiar. Ryan was able to expand on this subject without going too far in to the weeds, and provide a backbone that makes the next chapters easier to understand.
The following chapters are the real meat of the book and I really got a lot out of them. Ryan covers the entire area of intrusion detection and prevention solutions from the end-point to geographic-based. I'd recommend this book to any IT Professional who deals with network security, as it helps simplify a fairly complicated subject.
› See all 12 customer reviews...
Online Sample Chapter
Table of Contents
Chapter 1: Network Overview 1
Chapter 2: Infrastructure Monitoring 31
Chapter 3: Intrusion Detection Systems 53
Chapter 4: Lifecycle of a Vulnerability 87
Chapter 5: Proactive Intrusion Prevention and Response via Attack Graphs 119
Chapter 6: Network Flows and Anomaly Detection 151
Chapter 7: Web Application Firewalls 185
Chapter 8: Wireless IDS/IPS 209
Chapter 9: Physical Intrusion Detection for IT 235
Chapter 10: Geospatial Intrusion Detection 275
Chapter 11: Visual Data Communications 347
Chapter 12: Return on Investment: Business Justification 391
Appendix: Bro Installation Guide 435
Download the sample pages (includes Chapter 5 and Index)
Book + eBook Bundle
Book Price $47.99
eBook Price $15.40
eBook formats included
This book includes free shipping!
This book includes free shipping!
Includes EPUB, MOBI, and PDF
About eBook Formats
This eBook includes the following formats, accessible from your Account page after purchase:
EPUBThe open industry format known for its reflowable content and usability on supported mobile devices.
MOBIThe eBook format compatible with the Amazon Kindle and Amazon Kindle applications.
PDFThe popular standard, used most often with the free Adobe® Reader® software.
This eBook requires no passwords or activation to read. We customize your eBook by discretely watermarking it with your name, making it uniquely yours.
Get access to thousands of books and training videos about technology, professional development and digital media from more than 40 leading publishers, including Addison-Wesley, Prentice Hall, Cisco Press, IBM Press, O'Reilly Media, Wrox, Apress, and many more. If you continue your subscription after your 30-day trial, you can receive 30% off a monthly subscription to the Safari Library for up to 12 months. That's a total savings of $199.