Intrusion Signatures and Analysis (Landmark)

Buy Intrusion Signatures and Analysis (Landmark) here, one of many Citrix Metaframe books offered for sale at discount prices here at Rbookshop.com. We greatly appreciate your patronage at Rbookshop and look forward to offering you great products and prices now and in the future.

You Are Here: Home > Computer Books > Citrix Metaframe > Item 29

	Intrusion Signatures and Analysis (Landmark)
	by Matt Fearnow, Stephen Northcutt, Karen Frederick, and Mark Cooper Sales Rank: 123491	$29.19 At Amazon on 8-31-2008.

*Features* Cover Type: Paperback with 448 pages Published by: Sams January 29, 2001 Written in: English ISBN 10 Number: 0735710635 ISBN 13 Number: 978-0735710634 Book Dimensions: 9 x 7 x 1.1 inches Weighs: 1.6 pounds *Reader Reviews* Disclaimer: I withdrew a chapter from this book, and my words appear on p. 25. "Intrusion Signatures" tries to share the collective wisdom of SANS GIAC certification candidates, tempered by more experienced SANS editors. I applaud their intentions, but the uneven analysis and commentary warrants faint praise. New analysts flying solo should not read this book. Analysts with a guru to consult should get his or her input before trusting the book's interpretations. Examples: (1) Eric Hacker expertly discusses a Windows password problem on pp. 77-85, but a significant trace is missing on p. 81. This causes the following dozen traces to not match their respective explanations. Would a new analyst notice? (2) Several times (p. 87, etc.) the authors fail to realize "public" is a common default SNMP "read" community string, while "private" is the "read/write" counterpart. This mistake is crucial elsewhere in the book. (3) The editors call a clear example of round-trip-time determination a "half-open DNS scan." It's ok for certification students to make judgement errors, but SANS editors should explain why that view isn't correct. (4) A very questionable "SYN flood" trace in ch. ten doesn't match the "reproduction" of the same trace in the question-and-answer appendix -- that one's missing a crucial packet! (5) A "spoofed FTP request" in ch.11 looks like an active FTP data attempt to me. That concept is explained on p. 329, but the authors don't apply the same reasoning to ch.11's example. Why? On the positive side, I was impressed by Mark Cooper's work on buffer overflows and ICMP redirects. Some of the student work is also first-rate, but it may be tough for new readers to make the necessary distinctions. The authors owe it to the target audience (new analysts) to deliver accurate explanations. Different interpretations are expected, but errors like those listed require scrutiny. The work is sincere -- I just can't recommend this book to inexperienced intrusion detectors. Comment \| \| (Report this) Back To Top
Intrusion Signatures and Analysis (Landmark) ~~List Price: $39.99~~ Available from Amazon Price: $29.19 Updated on 8-31-2008.

NOTICE: All prices, availability, and specifications
are subject to verification by their respective retailers.

We offer Intrusion Signatures and Analysis (Landmark) and other related Citrix Metaframe Books here at Rbookshop.com. To view more books about Citrix Metaframe please use the previous and next buttons near the top of this page.