“Intrusion prevention” is one of the most popular security buzz phrases of the last few years. There has been a limited amount of literature published discussing the prevention side of intrusion detection, but this book makes a great contribution to the overall understanding of the underlying concepts and possibilities, as well as the limitations of intrusion prevention systems (IPS).
Though this book is excellent, it does have two limitations. First, it starts on a technical level that is inaccessible to everyone but security professionals (though many of these people will enjoy not having to read for the twentieth time about the basics of transmission control protocol/Internet protocol (TCP/IP) and networking). So, for all newcomers to the security field, I recommend starting with a different book. The second limitation is its focus on open source products and implementations. There is some material about Internet Information Services and other Windows-related topics, but if you are looking for information on how to protect your Windows machines on an operating system level, this is the wrong book to use.
The book has a really nice hands-on approach, and this is emphasized in every chapter. In addition, the theoretical explanations are very well done. The authors show the basics of intrusion detection, including the evolution to intrusion prevention and how this technique can be dangerous regarding false positives and active response. The authors also provide really nice explanations of host protection through the operating system, how to use IPS on the application layer, and how to deploy various open source solutions. Overall, I can highly recommend this book to all technical security professionals who are interested in a competent explanation of today’s open source IPS solutions and concepts, and who value a pragmatic approach.