The Practical Intrusion Detection handbook

Preface In the mid 1990s, Neil was an auditor for a major government agency in Canada. An inside embezzler had taken his agency for several million dollars and Neil was asked to help pick up the pieces. For over 6 months, Neil poured over transaction logs to trace the money, and figure out how it was done. A substantial amount of the money was never recovered. On February 9, 2000 Amazon.com, E-Trade, and other pioneering ecommerce companies got hit with a distributed denial of service attack that collectively cost several million dollars. This electronic "Waterloo" changed the face of electronic commerce forever by highlighting the importance of effective detection and response in any successful on-line business. In 1986, Dorothy Denning wrote a paper that set the stage for the development of commercial technologies that would provide detection, response, deterrence, and damage assessment. Intrusion detection, often misunderstood, provides the best chance for peace in an otherwise turbulent on-line world. I've spent my career trying to get intrusion detection out of the research lab and into operational environments. I worked in intrusion detection research in 1988 to do a state of the art study for the U.S. Navy with the intent of deploying a system in an operational Navy environment. Then in 1990, I started work on generic testing paradigms to quantify the value of intrusion detection. In 1992, I designed the Computer Misuse Detection System (CMDS) at SAIC, one of the first commercial intrusion detection systems. CMDS saw real action and enjoyed some very large deployments starting in the mid 1990s. In 1997, I left SAIC to co-found Centrax Corporation and bring Intrusion Detection to the Windows NT masses. At Cybersafe I helped develop one of the first hybrid intrusion detection systems combining both network and host-based technologies. I've researched systems, developed systems, deployed systems, sold systems, given seminars, and assisted investigations. This book was the next logical step. It was simple in concept: Write down everything I know about intrusion detection, make it understandable, and help businesses deploy operational systems. You hold the results in your hands. This book will explain intrusion detection, dispel common myths, provide guidance on requirements and even help you acquire an intrusion detection system and operate it effectively throughout the entire project lifecycle. The format is designed to be readable. Anecdotes appear throughout to connect the information with the real world. Important points are punctuated and called out separately for emphasis and to make it easy to scan the text. The book is divided roughly into thirds. The first third describes technology, the second effective operation, and the third project lifecycle. Near the end I provide a chapter on commercial products because this book is about using intrusion detection. These are your tools. This book is your manual. Paul E. Proctor February 12, 2000 35,000 Feet, Somewhere Over the Pacific Ocean… (more)