May Contain Blueberries

the sometimes journal of Jeremy Beker

First off, a little bit of a warning; this is not a book to be picked up lightly to get an overview of IDS systems. It is a book that requires you to have a good understanding of IDS technology as well as a very good grasp on the fundamentals of the IP, TCP, and UDP protocols. If you do not meet those conditions, I am afraid this book will do nothing but hurt your head.


Assuming you have made it this far, it is a very interesting book (although it may still make your head hurt). It is geared towards someone looking to take one of the GIAC exams on network security (a fact that is not mentioned obviously). It uses a model of presenting the reader with events recorded on IDS systems in the wild and presenting the anylsis in a consistent manner. The examples used in the book were culled from the answers given in the exams for the GIAC Intrusion Detection Professional Certification. It divides the network traces into groups from “Network Mapping” to “Exploits” to “Out of Spec Packets.”

I found the range of topics to cover the full spectrum of incidents a network security analyst will encounter. The method of presentation became lightly tedious as I worked through all of the examples and some of the analysis seemed a little lacking in depth. I would have preferred a little more background and analysis on the traces than was often given.

But even with those criticisms, I found the book very educational. It gives a solid methodology to follow in analyzing events on your own network as well as offering examples of many common (and some not so common) network traces.