 | | |
| Extrusion Detection: Security Monitoring for Internal Intrusions | 
| Author: Richard Bejtlich
Publisher: Addison-Wesley Professional
Category: Book
List Price: $54.99
Buy New: $36.85
You Save: $18.14 (33%)
Buy New/Used from $30.99
Avg. Customer Rating:  (8 reviews)
Sales Rank: 26382
Media: Paperback
Number Of Items: 1
Pages: 416
Shipping Weight (lbs): 1.6
Dimensions (in): 9.1 x 6.9 x 1.1
ISBN: 0321349962
Dewey Decimal Number: 005.8
EAN: 9780321349965
ASIN: 0321349962
Publication Date: November 18, 2005
Availability: Usually ships in 1-2 business days
|
| Similar Items:
|
| Customer Reviews: Read 3 more reviews...
 super March 8, 2007
Thanks a lot, we are very happy to have this book in our library!
 I learned a lot November 15, 2006
0 out of 1 found this review helpful
This is a solid book and a detailed read. I was on the fence about giving it 4 or 5 stars; if I could I'd give it 4.5. While it didn't blow my socks off, I would suggest it to anybody interested in security monitoring in general. In terms of monitoring internal threats specifically it also has some useful information.
Excellent Book July 20, 2006
0 out of 1 found this review helpful
Richard Bejtlich done great job again. Tao of Network security and this one are best companion. Well written. Extrusion topic is mostly companies preferred to spend budget or time and ignore. Although NSM methodologies are repeated but fun to read again. Traffic threat assessment, designing defensive network, and incident response are well written,
Excellent Book! July 16, 2006
1 out of 1 found this review helpful
I have had the pleasure of reading Extrusion Detection: Security Monitoring for Internal Intrusions by Richard Bejtlich. Richard Bejtlich picks up where he last left off with his first book Tao of Network Security Monitor: Beyond Intrusion Detection. His new book deals with a subject that many businesses don't wish to think about, and what over 50% of attacks come from, Security breaches that come from the inside an organization. It is very unfortunate that this fact was not taken into consideration in Microsoft's XP SP2 firewall.
Richard starts with a short review of network definitions. One concept I really like is the Defensible Network which he states is not necessarily a secure network, "quite accurate".
Richard includes a listing networking monitoring tools with where you can go to obtain them; Full Content Data, Session Data, and Statistical.
This book includes good illustrations, explained pieces of code (more toward the second half of the book), and includes pictures of familiar hardware.
A new definition for me was "the sink hole", that redirects unknown traffic away from the customers.
This book is a good read and a very good book to keep in one's reference library. I will be obtaining Richard Bejtlich's Tao of Network Security Monitor: Beyond Intrusion Detection and I suspect this will be just as good.
nice usages of a sink hole April 6, 2006
11 out of 11 found this review helpful
This book is a fine complement to Bejtlich's Tao of Network Security Monitoring. At first, one might think there would be considerable overlap between the two. After all, both concern crackers attacking a company's network that sits on the Internet. Yet the author takes pains to point out key differences. Tao was about an external attacker going at your servers, where these might be web or database [or other types of] servers.
The current text describes a qualitatively different game. Where a typical scenario might be one of your users, at her machine which is inside your network, surfing the Web. An attacker might try to target bugs in her browser, in order to install malware on her machine. This malware might then surveil that machine and others on the network, and hence ring home to the attacker's website. So extrusion detection involves at the very least defending your client machines, instead of your servers.
Bejtlich gives detailed examples of how to use various tools, typically open source, to monitor your internal traffic, looking for tell tale signs of extrusion.
Along the way, there is a nice description of two ways to use a sink hole. One is by an ISP, who is facing a Denial of Service attack against one of its customer's addresses. For this, a sink hole can be configured to divert those incoming packets, and protect the ISP's other customers. In a recent book, "Internet Denial of Service" by Mirkovic et al, various anti-DoS methods were cited, and this usage of a sink hole is an excellent example of another such method. While DoS is not an internal attack, it is still a very serious problem, and it is helpful to see a clear description of how to use a sink hole against it.
The other method of using a sink hole involves configuring it to attract traffic from internal machines that have been subverted. Here, this is entirely in keeping with the book's remit.
|
|
|
Powered by: Dknc, inc. and Amazon.com | | 
For your safety and security, orders are processed through amazon.com
|
|
|
|
