Syngress Publishings "Intrusion Prevention and Active Response: Deploying Network and Host IPS" is well worth reading for its insight into open-source intrusion prevention systems at the network and host levels.
The authors liberally sprinkle the book with examples of open-source IPS implementations to show how network managers can protect legacy systems that cannot be patched. In fact, the premise of the book seems to be that IPSes should be used only when other protective systems cannot.
This has been borne out in my IPS testing. Commercial IPSes are expensive, finicky to set up, require frequent maintenance and are still regularly subject to false-positive reactions.
Although the 416-page book has considerable technical merit, it is filled with grammatical mistakes that often forced me to reread entire sections to see if what was written was really what the authors meant to say.
"Intrusion Prevention and Active Response: Deploying Network and Host IPS," by Michael Rash, Angela Orebaugh, Graham Clark, Becky Pinkard and Jake Babbin, costs $49.95 and is available at www.syngress.com.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.