Although most people have some form of virus detection on their computer or network, many fewer people have deployed intrusion detection software. The ability of outsiders to successfully circumvent your security through password stealing, identity spoofing, security holes intrinsic to installed software or hardware, or security breeches due to Trojan viruses like BackOrifice is much greater than most people realize. So intrusion detection is one area of technology that a network administrator should be knowledgeable about. The problem is a multifaceted one, and the solution is often best applied as a multipronged approach with several different types of barriers placed in the way of intruders. You need some help in finding the right information on this difficult subject.
Here are some resources that you can use to learn more about intrusion detection:
The SANS Institute hosts a
A listing of products may be found at Timberline Technologies' Intrusion Detection Products page.
The most popular and commonly recommended books in this area are (in order of their recommendation):
- Network Intrusion Detection: An Analysts Handbook, second edition, by Stephen Northcutt, Donald McLachlan, and Judy Novak, New Riders.
- Hack Proofing Your Network, Ryan Russell, Syngress.
- Intrusion Signatures and Analysis, by Mark Cooper, Stephen Northcutt, Matt Fearnow, and Karen Frederick, New Riders.
- Practical Intrusion Detection Handbook, by Paul Proctor, Prentice Hall PTR.
- Intrusion Detection, by Rebecca Gurley Bace, Pearson Higher Education.
- Intrusion Detection: Network Security Beyond the Firewall, by Terry Escamilla, John Wiley &amp; Sons, Inc.
- Hack Proofing Your Web Application, Jeff Forristal and Julie Traxler, Syngress.
- Hack Proofing Linux, by James Stanger, Patrick Lane and Edgar Danielyan, Syngress.
- Practical UNIX & Internet Security, Third Edition, by Simson Garfinkel, Gene Spafford, Alan Schwartz, O'Reilly & Associates, Inc.
Barrie Sosinsky (firstname.lastname@example.org) is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.
This was first published in March 2002