INTRUSION DETECTION & PREVENTION

This guide for security professionals, system administrators, and auditors describes how to implement enterprise-wide security solutions based on detailed traffic and attack analysis. It is intended to help the reader to move beyond learning how a product works to understanding how to use the information it provides. A sampling of topics includes TCP/IP protocols, open source, IDS and IPS architecture, data correlation, and U.S. computer-related laws. The implementation of several popular kinds of IDS software is also covered. Annotation c2004 Book News, Inc., Portland, OR (booknews.com)

Carl Endorf,(Normal, IL) MS, CISSP, SSCP, MCSE, CCNA, ITIL, CIWA, GSEC, IAM is a technical security analyst for one of the largest Insurance and banking companies in the U.S. He has practical experience in intrusion attack detection, as an incident manager, forensics, corporate investigations and Internet security. Carl has written two certification study guides and has written many articles for Information Security Bulletin. Eugene Schultz, Ph.D., CISSP (Livermore, CA) is a Principal Engineer with Lawrence Berkeley National Laboratory and also teaches computer science courses at the University of California at Berkeley. He is the author/co-author of multiple security titles for New Riders and O’Reilly. Gene is the Editor-in-Chief of Computers and Security, and was the Editor-in-Chief of Information Security Bulletin from 2000 through 2001. Jim Mellander (El Sobrante, CA) Is the developer of innovative peer-to-peer control software called Kazaa Obliterator, which prevents unauthorized peer-to-peer use at LBNL. He also taught classes at community colleges, user groups and conferences on the topics of Intrusion Detection/Incident Response, UNIX vulnerabilities, Linux firewalls, and TCP/UDP basics for Network Security, and is a SANS Instructor who teaches a course on UPDATE