Q&A: Intrusion Detection & Prevention

security.itworld.com – Author Eugene Schultz, increasingly frustrated with the limited scope of existing books on the subject of intrusion detection, set out to write a book that covers how to implement top intrusion detection products into real-world networked environments - from the perspective of someone who lives and breathes intrusion detection.

Title: Intrusion Detection & Prevention

Authors: Carl Endorf, Eugene Schultz & Jim Mellander

ISBN: 0-07-222954-3

Sample chapter: Understanding Intrusion Detection Q: What led you to write this book?

A: I work in intrusion detection day-to-day and have put together a course on this topic that I teach quite often. As I was looking through various books on intrusion detection to get ideas for the course a little over a year ago, I started to realize that many, if not most, of these books don't get at what intrusion detection is really all about. I even started hesitating listing the names of some of these books in the bibligraphy section of my course materials, fearing that I might be doing course attendees a disservice. This is what started me thinking about writing a book on this subject.

Does this book fill a need that others have failed to fill? Please explain.

Definitely - in two major respects. First, this book is written from the perspective of people who actually do intrusion detection. We know "the good, the bad, and the ugly" about this area and have tried to reflect this knowledge in what we have written. Second, some people (and even professional organizations) have reduced intrusion detection to reading data in packets and recognizing attack signatures. I view intrusion detection as something much, much bigger - something that may at times require analyzing packet data, but something that also requires planning an entire capability, creating operational procedures, using different types of software (of which intrusion detection systems are only one of many useful types), deploying systems and software properly, taking into account legal considerations, and so forth. This book is, to the best of my knowledge, the only one that attempts to cover all major areas - technical and non-technical - of intrusion detection and prevention.

Why this book? Why now?

The book represents very current knowledge and thinking about intrusion detection and prevention and takes on the many myths that too often prevail (especially in vendor rhetoric). I also like the fact that the book covers emerging trends and technologies and future directions - something intended to help readers in planning for what's in store in the near future.

What reading material is on your nightstand? Is it there for show or are you actually reading it?

I am reading "Cold Mountain." However, my enthusiasm for it has dimmed considerably, there being so little action and so much focus on descriptions - about scenery, the physical appearance of characters, and so on. I am actually reading it, but I can get through only so much at any time.

Which websites top your favorites list?

securityfocus.com by far tops my list because it has so much information that is timely and revelant to information security professionals such as myself. For me there is no close second.

What is your most hated buzzword? Risk and risk analysis. Don't get me wrong ... anyone who deals with information security must deal with these areas. But after being in this field for nearly 20 years, I have become increasingly uncomfortable with these terms as well as all the effort and expense incurred in trying to measure them.

Do you have any predictions for the IT year ahead?

Given the current high rate of identity fraud and the threat of cyberterrorism, I predict that the area of identity management is going to experience phenomenal growth. Contrary to what the Gartner Group has predicted, I also predict that the IDS market will continue to grow at a very rapid rate. Many IDS products are improving dramatically and organizations are starting to realize that you can't have very good security unless you use defense in depth. Intrusion detection is key cornerstone of defense in depth.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon