- One of the best books available on the subject of IDS
- Excellent introduction for beginners to learn about IDS
- None
- Excellent coverage of the IDS subject with tons of valuable information
- Some don't like the writing style, but I found the book to be a fairly easy read
- Shows readers how to create a business case for IDS and "sell" the concept to management
- Appendices contain detailed examples of scans and attack analyses
Stephen Northcutt and Judy Novak have written a fabulous guide to network intrusion detection. It covers the gamut from talking about the issues and threats that an IDS attempts to protect you from and the techniques used by attackers all the way to writing your own IDS signatures and analyzing attacks.
Parts of the book seem dedicated to the open-source IDS program Snort. That may put some people off, but Snort is one of the best and most widely used IDS programs available and you can't beat the price. It certainly can't hurt to have a working knowledge of Snort and how to write signatures to detect new threats with Snort.
Security doesn't come from a single product or single action. It is a series of actions and products working together and constantly evolving to meet the ever-changing threats that are out there. The efficacy of IDS has been debated over the past year or so, but I think it is a good addition to your network security arsenal.
If you are new to IDS and want to learn what you need to know to get started, or if you are already an expert but would like to have a handy guide nearby as a reference, I recommend you get this book.