Friday, November 10


NIST has a new draft on Intrusion Detection titled: "Guide to Intrusion Detection and Prevention Systems".

Here is a link to the PDF.

I have *not* had a chance to read the entire paper, however I did find Appendix C very interesting.

The lists below provide examples of tools and resources that may be helpful.
Print Resources
  1. Bace, Rebecca, Intrusion Detection, Macmillan Technical Publishing, 2000.
  2. Bejtlich, Richard, Extrusion Detection, Addison-Wesley, 2005.
  3. Bejtlich, Richard, The Tao of Network Security Monitoring: Beyond Intrusion Detection, Addison-Wesley, 2004.
  4. Crothers, Tim, Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network, 2002.
  5. Endorf, Carl et al, Intrusion Detection and Prevention, McGraw-Hill Osborne Media, 2003.
  6. Kruegel, Chris et al, Intrusion Detection and Correlation: Challenges and Solutions, Springer, 2004.
  7. Nazario, Jose, Defense and Detection Strategies Against Internet Worms, Artech House Publishers, 2003.
  8. Northcutt, Stephen and Novak, Judy, Network Intrusion Detection: An Analyst’s Handbook, Third Edition, New Riders, 2003.
  9. Rash, Michael et al, Intrusion Prevention and Active Response: Deployment Network and Host IPS, Syngress, 2005.
It is interesting to see who did and did not make the list. I would have added a few others, however I am not NIST. Additionally, I found this publication to be more of a management overview as opposed to a technical document. Better off reading number 2 and 3 from the above list IMO.

No comments: