 | | |
| The Tao of Network Security Monitoring: Beyond Intrusion Detection | 
| Author: Richard Bejtlich
Publisher: Addison-Wesley Professional
Category: Book
List Price: $64.99
Buy New: $37.60
You Save: $27.39 (42%)
Buy New/Used from $22.50
Avg. Customer Rating:  (20 reviews)
Sales Rank: 65901
Media: Paperback
Edition: 1
Number Of Items: 1
Pages: 832
Shipping Weight (lbs): 2.7
Dimensions (in): 9.2 x 7 x 1.5
ISBN: 0321246772
Dewey Decimal Number: 005.8
UPC: 785342246773
EAN: 9780321246776
ASIN: 0321246772
Publication Date: July 22, 2004
Availability: Usually ships in 1-2 business days
|
| Editorial Reviews:
Product Description
"The book you are about to read will arm you with the knowledge you need to defend your network from attackers--both the obvious and the not so obvious...If you are new to network security, don't put this book back on the shelf! This is a great book for beginners and I wish I had access to it many years ago. If you've learned the basics of TCP/IP protocols and run an open source or commercial IDS, you may be asking 'What's next?' If so, this book is for you." --Ron Gula, founder and CTO, Tenable Network Security, from the Foreword "Richard Bejtlich has a good perspective on Internet security--one that is orderly and practical at the same time. He keeps readers grounded and addresses the fundamentals in an accessible way." --Marcus Ranum, TruSecure "This book is not about security or network monitoring: It's about both, and in reality these are two aspects of the same problem. You can easily find people who are security experts or network monitors, but this book explains how to master both topics." --Luca Deri, ntop.org "This book will enable security professionals of all skill sets to improve their understanding of what it takes to set up, maintain, and utilize a successful network intrusion detection strategy. " --Kirby Kuehl, Cisco Systems Every network can be compromised. There are too many systems, offering too many services, running too many flawed applications. No amount of careful coding, patch management, or access control can keep out every attacker. If prevention eventually fails, how do you prepare for the intrusions that will eventually happen? Network security monitoring (NSM) equips security staff to deal with the inevitable consequences of too few resources and too many responsibilities. NSM collects the data needed to generate better assessment, detection, and response processes--resulting in decreased impact from unauthorized activities. In The Tao of Network Security Monitoring, Richard Bejtlich explores the products, people, and processes that implement the NSM model. By focusing on case studies and the application of open source tools, he helps you gain hands-on knowledge of how to better defend networks and how to mitigate damage from security incidents. Inside, you will find in-depth information on the following areas. *The NSM operational framework and deployment considerations.* How to use a variety of open-source tools--including Sguil, Argus, and Ethereal--to mine network traffic for full content, session, statistical, and alert data. *Best practices for conducting emergency NSM in an incident response scenario, evaluating monitoring vendors, and deploying an NSM architecture. *Developing and applying knowledge of weapons, tactics, telecommunications, system administration, scripting, and programming for NSM. *The best tools for generating arbitrary packets, exploiting flaws, manipulating traffic, and conducting reconnaissance. Whether you are new to network intrusion detection and incident response, or a computer-security veteran, this book will enable you to quickly develop and apply the skills needed to detect, prevent, and respond to new and emerging threats.
|
| Customer Reviews: Read 15 more reviews...
Easily My Favorite Book November 11, 2007
1 out of 1 found this review helpful
It's hard to add much that isn't said by the 17 other 5 star reviews, but this is easily my favorite security book. Aside from ascribing me to the theories of NSM -- that visibility into the network provides the critical information required to accurately diagnose and respond to security issues -- and being an excellent read, this book is also a fantastic reference. As I've implemented NSM in my environment, I haven't stopped referencing the book to find tools that might be better suited to jobs, or to find tools that have all but vanished from the face of the earth. I thoroughly recommend this book to anyone responsible for the security of any size network.
Jump into NSM June 13, 2007
0 out of 1 found this review helpful
This book is a great introduction to the world of NSM (Network Security Monitoring). The basic idea is that security defenses will fail at some point and that to realistically improve the security posture of an organization NSM is needed.
The book starts with an introduction to risk analysis. It then describes how to build an NSM platform using open source tools, FreeBSD, and network taps / SPAN ports. It also includes some case studies and a lot of material on the operational aspects of running a NSM team.
I really like Richard's style such as his footnotes with related papers.
Be sure to check out the author's blog at http://taosecurity.blogspot.com/.
 Great book May 17, 2007
Cuts right to the chase. Worthy addition to any serious network security library.
Great book to learn the Art of Network Monitoring! February 7, 2006
6 out of 7 found this review helpful
I am not sure how I was first introduced to the author, Mr. Bejtlich. I cannot remember if I first noticed his work via his excellent blog or this, his first book. Either way, after reading "The Tao of Network Security" by Richard Bejtlich, I feel he has prepared and educated me in a way unlike any other author. The first item you must recognize is the tone that this book dictates right from the outset. The book begins by citing many different authors, their books and their value. I knew immediately that I was in for a treat. And I was right!
I will not attempt to offer a full review as I feel one can gather from other reviews the value of this book. The book is basically broken up into 5 sections. The first 100 pages is an intro to Network Security Monitoring (NSM). The second part is dedicated to the different ways to monitor - I particularly like (and agree) with how the author broke up the different ways of cataloguing NSM - full content, session, and alert. The third section describers NSM processes and the fourth section describes NSM people.
The book, overall, is a superb resource. Not a page goes by without some screenshots of TCPDump, UNIX configs or diagrams. I have heard others' mention they have been given this book to read in their classroom study and I can see why.
I give this book 5 pings out of 5:
!!!!!
Shows a disciplined approach to network security monitoring May 29, 2005
A problem with the approach many people take to network and security monitoring is that they expect it to be plug and play. Install the software and then stop attackers in their tracks. If only it was so easy. But one can't simply install monitoring software or an IDS, collect data and expect it all to correlate and correct itself.
The beauty of The Tao of Network Security Monitoring : Beyond Intrusion Detection is that it shows how network monitoring requires a strong discipline to truly have an effect on security.
The book is written for the person; primarily a system administrator or security engineer whom truly wants to use an IDS to manage and secure their network. This is not an introductory text, rather it is written for someone not scared of downloading and compiling code. If you are looking for an intro to IDS usage, this is not the book for you. This is a book about someone who has an IDS, and needs to find a way to use it and tune it for maximum usage.
The book has a near endless supply of network traffic capture and analysis tools, techniques and network topologies. Beyond simply providing a list of software tools, the book shows how to install and configure a variety of these tools. Rather than wasting pages and screen shots detailing how to download and install the software mentioned; the book shows how to use the tool in the context or Tao of security monitoring.
In addition, the author emphasizes the point that the people are a crucial aspect of effective network monitoring. The ultimate success of any IDS is directly tied to the analyst behind the console. They are the ones making the decision on how to respond to an incident, and if they are not appropriately trained, all of the hardware and software will only provide a fraction of it potential.
With that, The Tao of Network Security Monitoring should be considered required reading for anyone using an IDS or responsible for its use. If you have staff using an IDS, ensure that they have read The Tao of Network Security Monitoring as it will educate them in truly understanding how to monitor a network.
|
|
|
Powered by: Dknc, inc. and Amazon.com | | 
For your safety and security, orders are processed through amazon.com
|
|
|
|