The Barnes & Noble Review
We admired the first edition of Network Intrusion Detection for its extraordinary insight into the realities of network intrusions and countermeasures. Author Stephen Northcutt knows this stuff: He was Chief of Information Warfare for the U.S. Ballistic Missile Defense Organization. Well, the ink barely dried on that book before new attacks and new tools arrived -- and hot on their heels, a new edition that's even better than the original.
Joined by co-author Judy Novak, Northcutt has updated nearly everything, adding extensive new coverage. For example, there's updated coverage of denial of service attacks (including "elegant" one-packet kills that take advantage of flaws in the IP stack's capability to deal with illegal conditions). There's a full chapter on attacks utilizing remote procedure calls, which (together with DNS), now account for the majority of compromised UNIX systems.
You'll find a full chapter dissecting one of Kevin Mitnick's legendary attacks (which may be old, but still illustrates crucial issues in intrusion detection). To complement it, there's a new chapter chronicling the fascinating hunt for the Timex intruder, tracked as far as London and Zagreb, Croatia (so far, that is). You'll also find a full chapter on separating real attacks from false positives and up-to-date guidance on choosing network intrusion detection tools (including a hard-eyed look at their significant limitations). If you have any interest at all in the technical aspects of computer security, you'll find this book to be utterly compelling. (Bill Camarda)
Bill Camarda is a consultant and writer with nearly 20 years' experience in helping technology companies deploy and market advanced software, computing, and networking products and services. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.
Read an Excerpt
Chapter 1: IP Concepts
As You Read This Chapter, it will become apparent that you belong in one of
two categories: the beginner category or that of the seasoned veteran.The Internet Protocol (IP) is a large and potentially intimidating topic that requires a gentle introduction for uninitiated beginners so as not to overwhelm their with foreign acronyms, details, and concepts. Therefore, the purpose of this first chapter is to expose newcomers to terms, concepts, and the ever-present acronyms of IP The suite of protocols covered here is snore commonly known as Transmission Control Protocol/Internet Protocol (TCP/IP).These protocols are required to communicate between hosts oil the Internet-the worldwide infrastructure of networked hosts. Indeed, communication protocols other than TCP/IP exist (for instance, AppleTalk for Apple computers). These protocols are typically found on intranets, where associated hosts talk oil a private network. Most Internet communications require TCP/IP which is the standard for global communications between hosts and networks.
Those seasoned veteran readers who dabble in TCP/IP daily might want to skip this chapter. Even so, you should give it a quick skim. If you ever need to explain a concept about IP (perhaps to the individual who signs off on your pay raise or bonus, for example), you may find this chapter's approach useful. Those of you who are getting your feet wet in this area will almost certainly benefit from this introduction.
This is an around-the-world introduction to TCP/IP presented in a single chapter. Many of the topics discussed in this introductory chapter are covered in much greater detail and complexity in upcoming chapters; those chapters contain the core content, but you need to be able to peel away the theoretical skin to understand them. Specifically, this chapter covers the following topics:
- The TCP/IP Internet model. This section examines the foundations of cominunications over the Internet, specifically communications made possible by using a common model known as the TCP/IP Internet model.
- Packaging of data on the Internet. This section reviews the encapsulation of data to be sent through different legs of a journey to its destination.
- Physical and logical addresses. This section highlights the different ways to identify a computer or host on the Internet.
- TCP/IP services and ports. This section explores how hosts communicate with each other for different purposes and through different applications.
- Domain Name System. This section focuses on the importance of host names and IP number translations.
- Routing. This section explains how data is directed from the sending to the receiving computer.
The TCP/IP Internet Model
Computer users often want to communicate with another computer on the Internet for some purpose or another (to view a Web page on a remote Web server, for instance). A response from a Web server can seem almost instantaneous, but a lot of processes and infrastructures actually support this seemingly trivial act behind the scenes.
Figure 1.1 shows a logical roadmap of some of the processes involved in host-to-host communications. You begin the process of downloading a Web page in the box labeled Web Browser. Before your request to see a Web page can get to the Web server, your computer must package the request and send it through various processes and layers. Each layer represents a logical leg in the journey from the sending computer to the receiving computer. After the sending computer packages the data through the different layers, it is delivered to the receiving computer over the Internet.The receiving computer unwraps the package and delivers it to processes and layers. Your request eventually arrives at the box labeled Web Server, and the Web server replies to the request...