This is a well-researched and well-written text. It is an excellent complement to Northcutt's book, which is more concrete and oriented to the hands-on practitioner. Those hoping to just buy an off-the-shelf IDS and turn it on may find Bace's book somewhat abstract. Although it reads well, it has a very strong academic flavor (this is probably inevitable in any book that uses the word 'etiology' twice in the first chapter). If Amoroso's book is a graduate-level text, then this is an appropriate book for undergrads.
Every specialized text on security seems to succumb to the temptation to flesh out the book with elementary security topics, and this one is no exception. Whether they are absolutely appropriate in a book like this or not, Bace does offer some very wise and useful advice and understandings on information security in general--some of which I was able to apply immediately by sharing with a client.
The author provides a comprehensive history of intrusion detection that is effective in creating an understanding of the reasons that specific techniques are used and what their shortcomings and strong points are--15 years worth of non-commercial intrusion detection systems are described and analyzed. While academic and government sponsored IDS initiatives are well-covered, those who are shopping for a commercial solution will probably be disappointed by the almost total lack of mention of currently available products. Discussion of commercial products consists of generalizations such as "Many products" or "some products" or "be aware of vendors that".
The chapter on legal issues is excellent and up-to-date, and it should be read by anyone implementing any form of monitoring system. The chapter 'For Strategists' is just a rehash of basic risk management concepts. It isn't particularly applicable to IDS and I disagree with the author on the prominence of ROI calculations in the security product implementation decision process. The bibliography is complete and very current. Although it lacks annotations, many of the sources are referenced within the book itself, so the reader interested in further research has plenty of guidance.
The weaknesses in this book are probably due to a lack of audience focus. It is aimed at Chief Security Officers, network and OS admins, college compsci students, and security systems designers.
Consultants and decision-makers should read this text, as should network engineers who want to expand their awareness of the tools they are purchasing and using. Given that this serves well as a reference book, the sturdy hard binding is appreciated, and the pages withstand highlighting without bleed through. It isn't a lot of verbiage for the price, but the quality is high.
