Which one of these two books is the best?

Amazon.com: Network Intrusion Detection (3rd Edition) (9780735712652): Stephen Northcutt, Judy Novak: Books

OR

Amazon.com: The Tao of Network Security Monitoring: Beyond Intrusion Detection (9780321246776): Richard Bejtlich: Books

Find more posts tagged with

Comments

dynamik

I'd vote Tao (you're going to be hard-pressed to find a better book on the subject).

Did you notice that Bejtlich as reviewed the other one? It's here: https://www.amazon.com/review/R1QGLSYCK38L3Z/ref=cm_cr_pr_perm?ie=UTF8&ASIN=0735708681&nodeID=&tag=&linkCode=

That's clearly referring to an older edition (1999), but a lot of it still holds true. I have it and read through it quickly. Tao is a little more up-to-date and goes a bit more in-depth.

O'Reilly's Security Monitoring is another decent book I've gone through (but it's a bit expensive, given it's small size): Amazon.com: Security Monitoring: Proven Methods for Incident Detection on Enterprise Networks (9780596518165): Chris Fry, Martin Nystrom: Books

I'd read all three if you're really interested in the subject; they all bring something unique to the table. Don't forget about Bejtlich's Extrusion Detection either...

Computadora

Which one of the books do you think does a good job at giving examples of various firewall/IDS events/alerts showing examples, like malware/root-kits calling home/port scans/DDos/etc ?

dynamik

Probably Tao. I remember thinking Security Monitoring was OK but could have included more, and Network Intrusion Detection seemed light. It's been awhile since I went through those though, so take that with a grain of salt.

Honestly though, nothing's going to be substitution for just playing around in a lab. You might also like the Hackers Challenge books. 1 and 2 are pretty dated, but they're still interesting to go through. You can pick them all up for cheap if you get them used: Amazon.com: hackers challenge