Book Review: Network Intrusion Detection - 3rd Edition

This is one of the best books available on network intrusion detection. Now in its 3rd edition, Stephen Northcutt and Judy Novak have put together an excellent guide for those wanting to learn about IDS (Intrusion Detection Systems) and a great reference for more seasoned experts as well. It provides a great breadth and depth of knowledge on the subject and unique solutions for handling intrusion analysis. I highly recommend this book for anyone interested in IDS.

Network Inrtusion Detection is in its 3rd edition. That in and of itself says a lot. Publishers don't continue spending money producing revised editions of a book unless that book is popular and selling- at least not publishers who want to stay in business.

Stephen Northcutt and Judy Novak have written a fabulous guide to network intrusion detection. It covers the gamut from talking about the issues and threats that an IDS attempts to protect you from and the techniques used by attackers all the way to writing your own IDS signatures and analyzing attacks.

Parts of the book seem dedicated to the open-source IDS program Snort. That may put some people off, but Snort is one of the best and most widely used IDS programs available and you can't beat the price. It certainly can't hurt to have a working knowledge of Snort and how to write signatures to detect new threats with Snort.

Security doesn't come from a single product or single action. It is a series of actions and products working together and constantly evolving to meet the ever-changing threats that are out there. The efficacy of IDS has been debated over the past year or so, but I think it is a good addition to your network security arsenal.

If you are new to IDS and want to learn what you need to know to get started, or if you are already an expert but would like to have a handy guide nearby as a reference, I recommend you get this book.