BKNTRDET.RVW 20000202 "Intrusion Detection", Rebecca Gurley Bace, 2000, 1-57870-185-6, U$50.00/C$74.95 %A Rebecca Gurley Bace %C 201 W. 103rd Street, Indianapolis, IN 46290 %D 2000 %G 1-57870-185-6 %I Macmillan Computer Publishing (MCP) %O U$50.00/C$74.95 800-858-7674 317-581-3743 http://www.mcp.com %O http://www.amazon.com/exec/obidos/ASIN/1578701856/robsladesinterne %P 339 p. %T "Intrusion Detection" Bace's take on this topic (and title) provides a solid and comprehensive background for anyone pursuing the subject. Concentrating on a conceptual model the book is occasionally weak in regard to practical implementation, but more than makes up for this textual deficiency with a strong sense of historical background, developmental approaches, and references to specific implementations that the practitioner may research separately. (Look, guys, can we give the reviewers a break here and work on *some* variation in the title?) Chapter one presents a history of intrusion detection starting with system accounting, through audit systems, to the most recent research and experimental systems. The definitions and concepts focus from broad security theory to specific intrusion detection principles and variants in chapter two. Intrusion detection requires analysis of system and other information, and chapter three describes the sources for this data. Chapter four may be somewhat disappointing to security managers in that the discussion of analysis is academic and possibly weak in tone, even though real systems are used as illustrations. The review of possible responses, in chapter five, includes warnings against inappropriate overreactions. Vulnerability analysis, including a close look at controversial tools like COPS, SATAN, and ISS, is dealt with in chapter six. Chapter seven talks about technical issues that are still to be addressed. (The organization of this chapter is a bit loose, with some sections, such as those on reliability and analysis, seeming to overlap material.) Real world challenges are the topic of chapter eight, along with examples of attacks and intrusion detection system (IDS) design considerations. This section seems to reprise much of the content of the vulnerabilities chapter. Dealing with legal issues, evidence, and privacy in chapter nine it is nice to see some newer examples than the old "berferd" and "wiley hacker" standards. Chapter ten's review of intrusion detection systems, and actions to take if penetrated, addresses the informed user. Security administrators and strategists, at the executive level, are presented with everything from the need for security goals to globalization in chapter eleven. Designers get a few general guidelines in chapter twelve, along with comments from those who have been implementing exemplary systems. Chapter thirteen is a realistic look at future developments in attacks and defence. Of the other "Intrusion Detection" books, Terry Escamilla's (cf. BKINTRDT.RVW) is simply not in the same league, being basically a promotional brochure. "Network Intrusion Detection," by Stephen Northcutt (cf. BKNTINDT.RVW), is likewise not as clever as it thinks it is. Edward G. Amoroso (cf. BKINTDET.RVW) is very close in both quality and usefulness, and possibly has the edge in practical terms, although his book is a bit narrower in focus. Bace provides a comprehensive overview and conceptual background that will ensure this text becomes a basic security reference. copyright Robert M. Slade, 2000 BKNTRDET.RVW 20000202