 | | |
| The Tao of Network Security Monitoring: Beyond Intrusion Detection | 
| Author: Richard Bejtlich
Publisher: Addison-Wesley Professional
Category: Book
List Price: $64.99
Buy New: $34.99
You Save: $30.00 (46%)
Buy New/Used from $34.97
Avg. Customer Rating:  (20 reviews)
Sales Rank: 150859
Languages: English (Original Language), English (Unknown), English (Published)
Media: Paperback
Edition: 1
Number Of Items: 1
Pages: 832
Shipping Weight (lbs): 2.7
Dimensions (in): 9.2 x 7 x 1.5
ISBN: 0321246772
Dewey Decimal Number: 005.8
UPC: 785342246773
EAN: 9780321246776
ASIN: 0321246772
Publication Date: July 22, 2004
Availability: Usually ships in 1-2 business days
|
| Customer Reviews:
Beyond Intrusion Detection October 22, 2004
2 out of 2 found this review helpful
Every once in a while you come across a book that really opens your eyes. One that talks in-depth about something completely different. Unfortunately, most technical IT books are rehashes of a bunch of papers and tutorials off the net, and you often wonder whether the time you spent reading the book would have been better spent on google.
The Tao of Network Security Monitoring is not one of these books. It is with great pleasure that I am reviewing what I consider one of the most informative and well written books I have ever come across.
Network Security Monitoring (NSM) is half a science, and half a black art. It requires an in-depth knowledge of packets, protocols, applications, vulnerabilities and black hat tactics. This book focuses on the philosophy behind NSM, the skills required, the tools you need, and the way to set up an effective NSM operation.
The author, Richard Bejtlich, is a former Air Force intelligence officer, and the approach he dictates is almost military in nature. This book covers an introduction to security, what NSM is, how to deploy it, the best tools for the job and the types of things you will see.
I was most impressed by the analysis of normal versus suspicious versus malicious traffic. Since deep packet inspection is one of my hobbies, I am no stranger to reading data off the wire, but I was amazed by the amount of information this man was able to glean by looking at a simple DNS packet !
He explains the differences between full content data (logging everything to the application layer), session data (looking at just the different conversations between hosts), and statistical data. Everything in this book is practical, you can even go to the website and download the same packet traces he uses for explanation and run through them yourself.
This book taught me about a host of new tools, from Argus, to the incredible SGUIL. It taught me a lot of tricks about designing a top notch NSM collection and analysis setup, and more than anything, it introduced me to a completely new mind-set.
In short, this is at present the most enlightening book on my IT bookshelf. I strongly recommend it to anyone who is involved with networks or security. It will be of special interest to the sort of people who get a rush ripping up packets and understanding what happens below the surface. It also goes really well with firewall.cx, since most of the protocols talked about are explained here in detail.
If there is one disappointment, it's the absence of an included CD-ROM containing tools, or perhaps a live FreeBSD CD (Freebie) like the one he introduces in the book.
This one gets a scorching 5/5. Get it now, and open your mind !
Excellent addition to your network security bookshelf... September 26, 2004
6 out of 7 found this review helpful
If you want to take your network security monitoring to the next level, check out The Tao Of Network Security Monitoring by Richard Bejtlich. It does a good job covering new ground.
Chapter list: The Security Process; What Is Network Security Monitoring?; Deployment Considerations; The Reference Intrusion Model; Full Content Data; Additional Data Analysis; Session Data; Statistical Data; Alert Data: Bro and Prelude; Alert Data: NSM Using Sguil; Best Practices; Case Studies For Managers; Analyst Training Program; Discovering DSN; Harnessing The Power Of Session Data; Packet Monkey Heaven; Tools For Attacking Network Security Monitoring; Tactics For Attacking Network Security Monitoring; The Future Of Network Security Monitoring; Protocol Header Reference; Intellectual History Of Network Security Monitoring; Protocol Anomaly Detection; Index
A sign of a good book is when the author sets out their scope and target audience, and then doesn't stray from it. Bejtlich doesn't try to teach the reader every last thing about every package he can include. Rather, he defines the scope as open source monitoring tools that haven't been written about ad nauseam. Furthermore, there's no wasted space covering installation instructions. He figures you can read the documentation for that. So what you get is meaty information on how to conduct network security monitoring (NSM) using the different packages that are available.
Another nice portion of the book includes the case studies and the analyst training. This not only entertaining reading, but it also bridges the gap between just knowing about the subject to being able to practice those skills as part of your occupation. Very nice feature...
An excellent addition to your network security bookshelf...
Richard succeeded September 20, 2004
4 out of 5 found this review helpful
Being a good reviewer, doesn't mean automatically being a good writer. On the contrary, is so easy criticize and so hard write good books. . .
However against the odds I must admit Richard succeeded in this new role, and wrote a very good book. Perhaps a bit overcharged of dumps. . . but useful and representative ones.
Tired of too much theory and so little practice?. . . then just buy this book and hands at work.
I got dozens of security books (I do my living as security specialist) and am every time more careful when buying or recommending books. This one deserves to be in every specialist shelf.
Finally.....an answer. September 16, 2004
1 out of 2 found this review helpful
It's tough to keep up with the many facets of network security.
Many of the well respected published books in the past
have done excellent jobs in introducing many concepts but
I have always had to walk away from the book with questions
that required extensive research beyond the scope of the book.
Richard Bejtlich has written a book that fills in all the holes
left by the other authors. The numerous pages (that's right,
numerous, not 2 pages) of analysis that identify the
differences of normal to suspicious to malicious network
activity is a small portion of a huge collection that thoroughly
covers the world of network security.
I recommend the Tao of NSM to anyone who needs answers
to the following...
how do I...?, with what tool?, what approach should I take?,
what do I do next?, where else can I find info on .....?
If your responsible for the security of your network this
book needs to be on your desk....leave the rest on the
shelf for reference.
Beyond Intrusion Detection.....a very fitting title August 29, 2004
3 out of 4 found this review helpful
Richard has done an excellent job on writing the Tao. The book is written in a very clear and easy to understand way.
The Tao picks up where most IDS books leave off. This is not a book for learning the basics and the author points that out upfront and recommends other books to be read as a foundation for his book. It is very obvious the author has great experience in dealing with real intrusions and is not just rehasing the same old how to detect a buffer overflow material. This experiece is what shapes the princples and goals of NSM...when the IDS alerts what do you do next?...when prevention has failed what do you do next?
The book groups the information well. How to setup Network Security Monitoring (NSM) not just installing an IDS. He covers how to use different tools for doing NSM. Then some of my favorite parts are the actual case studies and applying NSM techniques in each of those cases.
The author is one of the leaders in this field and shares much of that in this book. 5 stars!!!
|
|
|
Powered by: Dknc, inc. and Amazon.com | | 
For your safety and security, orders are processed through amazon.com
|
|
|
|
