Practical Intrusion Detection Handbook

This is a book that is required for my masters degree. It appears to be well organized and written in easy to understand manner.

This book is comprehensive and very readable. The information is excellent. Mr. Proctor's experience helps show how intrusion detection systems are used in real life through a lot of examples. My company implemented network-based IDS last year and this book really helped us understand host-based IDS. In fact it's the only book I've read on IDS that pays any significant attention to host-based IDS. On the down side there are a few typos and the product section is a dated because several of the products mentioned have been acquired by other companies but this didn't take away from the really useful information. I've read the other books on intrusion detection and if you've got Northcutt's book and this one you'll have all the information you need.

The Practical Intrusion Detection Handbook offers a highly readable and comprehensive presentation of intrusion detection.Security is a holistic endeavor, requiring coordination of many different components, including technology, policy, practice, behavior, and so on. This trait of security makes the topic hard to grasp, and even harder to explain to non-experts, most of whom think of security as being conferred by a single object, whether a firewall, security policy, or chief security officer. The most impressive accomplishment of this book is that helps the reader apprehend all the different aspects of intrusion detection and how they interrelate.The book helped me organize my own thinking about intrusion detection, providing not only an overview of approaches and technologies, but presenting the organizational, operational, policy, and financial aspects of intrusion detection.The book is an excellent complement to other books on intrusion detection, such as Network Intrusion Detection: An Analyst's Handbook by Stephen Northcutt, and Intrusion Detection by Rebecca Gurley Bace.

I am the officer technical lead for a 50-person military intrusion detection operation. Paul spoke at the SANS 2000 Technical Conference on 25 March 2000, right before I gave my own presentation. Even though Paul emphasized a host-based ID view, and I have network-based lineage, I found his insight and experience impressive. His new book demonstrates those qualities in spades. Chapter 6, "Intrusion Detection Myths," is particularly helpful, and his statement that "There is no such thing as a false positive" rings true. An outstanding feature of the book is Paul's discussion of operational models for intrusion detection. Too many organizations (including my own military unit) believe intrusion detection involves little more than deploying and monitoring sensors. Paul encourages the reader to develop policy, requirements, expectations, legal considerations, and other facets of operation before spending a penny on intrusion detection products. The main negatives for this book involve a rushed-to-production look in some places. For example, Appendix B: Commercial Intrusion Detection Vendors, is labelled on pages 338 - 346 as "Chapter 1: Fundamentals of Vibration Damping, 1.1 Introduction". Minor errors appear elsewhere. They do not detract from the book's content, and I believe the next printing should correct these typos.This book has earned its place as the second "must-have" intrusion detection book, in my opinion. The first remains "Network Intrusion Detection" by Northcutt and Novak. While Paul's book is not a manual for front-line operatives, it will help transform your intrusion detection mission into a world-class operation.

Mr. Proctor,s Intrusion Detection Handbook, has proved to be an excellent blueprint. I highly recommend keeping it handy. It has added value to my efforts in understanding "best fit" requirements in selection of an IDS solution. Very readable! A good guide for the novice as well as the seasoned professional.