Feature

Extrusion Detection: Security Monitoring for Internal Intrusions

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Is your data safe from next-generation attackers?."

Download it now to read this article plus other related content.

Extrusion Detection: Security Monitoring for Internal Intrusions
By Richard Bejtlich
Addison-Wesley Professional, 385 pages, $49.99

@exb

    Requires Free Membership to View

Extrusion Detection: Security Monitoring for Internal Intrusions
@exe

Sure, you're familiar with intrusion detection--your organization's IDS strategy has evolved to where you are finally seeing the projected return on the massive initial investment and pricey operational costs of the application. A new phrase, coined extrusion detection, monitors what is leaving the network. While it sounds groundbreaking, Richard Bejtlich's Extrusion Detection: Security Monitoring for Internal Intrusions tangents off existing categories and fails to bring anything new to the infosecurity table.

You can safely skip the introductory chapters and head straight for the original material that distinguishes this book from the litany of other available IDS titles: network instrumentation, sink holes and traffic threat assessments. Although detecting intruders from outside of the enterprise may be foremost in the minds of most security analysts when designing, implementing and operating IDS systems, these systems typically watch traffic flows initiated from inside the network as well.

Network instrumentation begins with network monitoring, of which four types are available: full content, session data, statistical data and alert data. The coverage of these topics includes recommendations on appropriate software tools that are mostly open-source software. Although occasionally balanced by platforms more common to enterprises such as Cisco Systems' switches, this bias reduces the book's practical value. In particular, Bejtlich severely limits the utility of the traffic threat assessment section by indulging in an analysis solely employing the raw command-line interface of a SQL Server.

Combined with several other significant but not fatal flaws--such as the author's strong recommendation for proxy-based firewalls without a discussion of their serious performance degradation relative to other firewall technologies, examples of traffic threat assessment that fails to reveal any malicious activity, and several filler chapters that neither add nor detract from the book's value--Extrusion Detection exudes an unremarkable quality.

The bottom line is this: If you need to engage in advanced intrusion detection practices and have the freedom to employ open-source tools, you will find some worthwhile information in Extrusion Detection. Otherwise, you'd be better suited to find something else.

--PATRICK MUELLER

Top Shelf
Visit SearchSecurity.com's Information Security Bookshelf for chapter downloads from these books and more.

The Shortcut Guide to Automating Network Management and Compliance
By Don Jones
Realtime Publishers

Hacker's Challenge 3
David Pollino, Bill Pennington, Tony Bradley, and Himanshu Dwivedi
McGraw-Hill Osborne Media

The Privacy Management Toolkit
By Rebecca Herold
Information Shield Inc.

PGP & GPG: Email for the Practical Paranoid
Michael Lucas
No Starch Press

Intrusion Prevention Fundamentals
Earl Carter and Jonathan Hogue
Cisco Press

Web Feedback
Tell us what you think of our book reviews or the titles on our online bookshelf. Send your comments to feedback@infosecuritymag.com or enter your thoughts on SearchSecurity.com's Sound Off.


"Charles Cresson Wood's Information Security Policies Made Easy, Version 10 is the classic reference on information security policies."
--Mike Chapple, CISSP, IT Security Professional with the University of Notre Dame
For a sample chapter of this and other information security titles, visit searchsecurity.com/bookshelf.

This was first published in June 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: