Practical Intrusion Detection Handbook

Front Cover
Prentice Hall PTR, 2001 - Computers - 359 pages

In the mid 1990s, Neil was an auditor for a major government agency in Canada. An inside embezzler had taken his agency for several million dollars and Neil was asked to help pick up the pieces. For over 6 months, Neil poured over transaction logs to trace the money, and figure out how it was done. A substantial amount of the money was never recovered.

On February 9, 2000, E-Trade, and other pioneering ecommerce companies got hit with a distributed denial of service attack that collectively cost several million dollars. This electronic "Waterloo" changed the face of electronic commerce forever by highlighting the importance of effective detection and response in any successful on-line business.

In 1986, Dorothy Denning wrote a paper that set the stage for the development of commercial technologies that would provide detection, response, deterrence, and damage assessment. Intrusion detection, often misunderstood, provides the best chance for peace in an otherwise turbulent on-line world.

I've spent my career trying to get intrusion detection out of the research lab and into operational environments. I worked in intrusion detection research in 1988 to do a state of the art study for the U.S. Navy with the intent of deploying a system in an operational Navy environment. Then in 1990, I started work on generic testing paradigms to quantify the value of intrusion detection. In 1992, I designed the Computer Misuse Detection System (CMDS) at SAIC, one of the first commercial intrusion detection systems. CMDS saw real action and enjoyed some very large deployments starting in the mid 1990s. In 1997, I left SAIC to co-found Centrax Corporation and bring Intrusion Detection to the Windows NT masses. At Cybersafe I helped develop one of the first hybrid intrusion detection systems combining both network and host-based technologies.

I've researched systems, developed systems, deployed systems, sold systems, given seminars, and assisted investigations. This book was the next logical step. It was simple in concept: Write down everything I know about intrusion detection, make it understandable, and help businesses deploy operational systems.

You hold the results in your hands. This book will explain intrusion detection, dispel common myths, provide guidance on requirements and even help you acquire an intrusion detection system and operate it effectively throughout the entire project lifecycle. The format is designed to be readable. Anecdotes appear throughout to connect the information with the real world. Important points are punctuated and called out separately for emphasis and to make it easy to scan the text.

The book is divided roughly into thirds. The first third describes technology, the second effective operation, and the third project lifecycle. Near the end I provide a chapter on commercial products because this book is about using intrusion detection. These are your tools. This book is your manual.

Paul E. Proctor
February 12, 2000
35,000 Feet, Somewhere Over the Pacific Ocean

From inside the book

What people are saying - Write a review

We haven't found any reviews in the usual places.



16 other sections not shown

Common terms and phrases

About the author (2001)

PAUL E. PROCTOR is the Director of Technology at Cybersafe Corporation and Chief Technology Officer of the firm's Centrax Division. Proctor has worked in intrusion detection for nearly 15 years and developed many commercial intrusion detection technologies. He sat on the Intrusion Detection Subgroup of the President's National Security Telecommunications Advisory Committee (NSTAC), has been an invited speaker at the CIA, and has been personally involved in several of the world's most significant intruder "take-downs." Sorry, but he can't tell you which ones!

Bibliographic information