|
UnixReview.com
July 2005
Book Review: Intrusion Prevention and Active Response
Reviewed by Kristy Westphal
Intrusion Prevention and Active Response: Deploying Network and Host IPS
by Michael Rash et al.
Syngress; March 2005
ISBN 1-932266-47-X
402 pages
As a skeptic of Intrusion Prevention Systems (IPS), I was delighted to review Intrusion Prevention and Active Response and wanted to have my skepticism of deploying this type of technology proven wrong. After reading this well-done depiction of IPS, however, my skepticism has only been confirmed. IPS is a deployable technology, but it has to be done right the first time or you will find yourself in a heap of trouble.
This is not a beginnerýs book on IDS/IPS. It jumps right into the issues surrounding
these products and is up-front about their shortcomings. The book's coverage
of how IPS might work at every layer of the network can help simplify the decision
about how you might deploy one. I also like that the authors say you cannot
let your IPS have carte blanche ability to respond to events. The authors do
not imply that IPS is the best solution to security. This book provides a detailed,
realistic discussion of IPS and what they can and cannot do for your organization.
The authors focus on how the use of freeware tools can work to enhance a layered
security environment, mostly in small and medium-sized organizations. The discussion
of host-based IPS was useful, because I think of this as the most labor-intensive
job in the IPS world.
|
