Cатсн²² (in)sесuяitу / ChrisJohnRiley

Well it’s been a while since I’ve last sat infront of the computer with enough time to bash out something meaningful on the blog. So here is a quick review of a book I’m currently reading and finding very very good. Although for most people the contents of this book sound like something that might drive you to insanity, to me it’s been a great learning experience and something that has really changed my opinions about how networks run. After all it’s easy it discount things you never really see, and focus on what you see everyday.

Anyway, back on track. The book I’m talking about is Network Intrusion Detection (Third Edition) by Stephen Northcutt and Judy Novak. The basics of this book (if you can consider anything in here as basic) are TCP/IP. It’s as simple (or as complex) as that. Just reading the introduction and spending some time thinking about TCP/IP and what it really consists of has helped me gain a new understanding of networking. I’ve spent a lot of time learning networking, from Novell through NT and *nix all the way to Windows 2003 and everything between. However the required knowledge on TCP/IP never really goes beyond addressing, routing and in some cases filtering (ISA server, firewalls etc). In studying security I went beyond that and into a little more detail on TCP and IP header options and how they can be used for scanning and OS identification. However this book takes that to a new level, with TCPdump, snort and enough protocol analysis to make your head spin.

If you want to get into security, or just want to get a new understanding and love of what is really going on across the wires, then this is the book for you….. it’s worth the time to sit down and really change how you think about these things. If you want a sneak peak you can see some of the book on Google books HERE.