Introduction

The topic of this book, intrusion detection, is a relatively new technology, which has recently been attracting more and more attention from security specialists. However, as it usually goes with all new technologies, intrusion detection is surrounded by various myths, conjectures, and fairy tales. Thus, the main goal of this book is to destroy most of these myths and help specialists and other interested individuals to distinguish fairy tales from reality.

Naturally, this book is not the only one on the market. However, other publications on this topic have different aims and solve different tasks. For example, there are books that cover the basics of intrusion detection technologies, methods, algorithms and so on. Other books are dedicated to methods of network traffic analysis aimed at detecting the traces of an attack. As for this book, it covers all of the above-mentioned aspects in brief, but concentrates on the tools that implement these technologies—i.e., intrusion detection systems (IDSs).

One of the main problems that a user choosing an intrusion detection system or security scanner must solve is distinguishing between the truth (i.e., the actual functional capabilities implemented in a specific product) and advertising slogans. Of course, it is no secret that the absolute majority of vendors aim to sell as many of their product as possible. This is obviously why the advertising is so "ambitious" and, what's even more important to realize, sometimes are not even close to the truth. Since intrusion detection technology has not reached maturity yet, it is very important for the customer not to be confused by the large variety of available products, but rather to be able to choose one that actually satisfies his or her needs.

Furthermore, after choosing the correct product, the customer must be able to install, maintain, and support it correctly. These topics do not really get covered in sufficient detail in the available publications. I hope that my book will eliminate this lack, and will be useful to those specialists who intend to introduce this promising technology into their companies.

Since there are a vast amount of attack mechanisms, it is impossible to cover them all within a single book. On the other hand, there is really no need to do so, since there are many books covering this topic. The concepts and principles that serve as a basis for intrusion detection technologies are covered in brief, and when discussing them I tried to avoid using mathematical terminology as much as possible. Rather, I made an attempt to describe intrusion detection basics using simple and understandable language. In this book, special stress is put on the practical usage of intrusion detection technology and security scanning. It is up to you to decide if I have succeeded in achieving this goal. Most examples provided to illustrate the technologies under consideration are taken from real-world practice when working with intrusion detection technologies. The book is structured in such a way as to be useful both to beginners and specialists in the field of information security, so that any reader should be able to find something of interest in it.

This book explains how to use and deploy intrusion detection systems in order to make your network perimeter impenetrable from the outside and protect your network from inside against attacks by both external intruders and insiders. I've tried to describe the advantages and drawbacks of available intrusion detection systems, what they are capable of and what they are not, the possible ways in which the technologies under discussion may develop, etc. Furthermore, this is one of the key differences between this book and similar ones, since it is the first one in which an attempt has been made to summarize all advantages, drawbacks, and problems characteristic to all intrusion detection systems and intrusion detection technology as whole.

In general, this book represents a result of my 6 years of practical experience in the field of intrusion detection technology and security scanning. It is based on the materials used in courses on Internet security, intrusion detection, and security scanning that I have taught, and on my practical experience accumulated while working with the described technology. My work as a trainer/certified security instructor at Internet Security Systems also helped to fill this book with practical recommendations and examples.

I should point out that although this book is oriented towards intrusion detection technology, most of its recommendations are also applicable to other areas, such as firewall technologies or detection of financial or telephone frauds.

Intended Audience

This book is mostly intended for security experts whose main duty is ensuring information security in their organizations. First of all, these are security administrators and system and network administrators. These experts encounter various violations of information security, and they are the ones who must install and configure the tools discussed in the book.

This book will also be helpful for heads of information security departments, who must solve the difficult problem of choosing the security tools that are most suitable for the company's requirements, and take into account the specific features of the information processing technologies adopted in their organizations. Quite a lot of attention is drawn to the evaluation criteria that should be considered when choosing security tools. What's even more important, various aspects of justifying your choice from a financial point of view are also covered.