Hi,
I'd suggest you to read "Network Intrusion Detection An Analyst's Handbook"
from Stephen Northcutt and Judy Novak (News Riders Edition)
They're both SANS and GIAC handlers.
It's a real good book, with a lot of easy understanding examples and tutorials.
Contents:
- IP Concepts
- Introduction to TCPdump and TCP
- Fragmentation
- ICMP
- Stimulus and Response
- DNS
- Mitnick Attack
- Introduction to Filters and Signatures
- Architectural Issues
- Network-Based Intrusion-Detection Solutions
- Future Directions
- Exploits and Scans to Apply Exploits
- Denial of Service
- Detection of Intelligence Gathering
- The Trouble with RPCs
- Filters to Detect, Filters to Protect
- System Compromise
- The Hunt of Timex
- Organizational Issues
- Automated and Manual Responses
- Business Case for Intrusion Detection
I hope this will help you
Regards
Clement Rabourdin
