- STAFF PICKS
- GIFTS + GIFT CARDS
- SELL BOOKS
- FIND A STORE
New Trade Paper
Ships in 1 to 3 days
The Practice of Network Security Monitoring: Understanding Incident Detection and Responseby Richard Bejtlich
Synopses & Reviews
Network security is not simply about building impenetrable walls — determined attackers will eventually overcome traditional defenses. The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions.
In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks — no prior experience required. To help you avoid costly and inflexible solutions, he teaches you how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools.
You'll learn how to:
There's no foolproof way to keep attackers out of your network. But when they get in, you'll be prepared. The Practice of Network Security Monitoring will show you how to build a security net to detect, contain, and control them. Attacks are inevitable, but losing sensitive data shouldn't be.
Network Security Monitoring (NSM) is the collection, analysis, and escalation of indications and warnings to detect and respond to intrusions. The Practice of Network Security Monitoring teaches IT and security staff how to leverage powerful NSM tools and concepts to identify threats quickly and effectively. Author Richard Bejtlich is a recognized expert in NSM and shares his 15 years of incident handling experience with the reader. In addition to teaching you how to use key monitoring tools, Bejtlich demonstrates a holistic way of thinking about detecting, responding to, and containing intruders. The Practice of Network Security Monitoring assumes no prior experience with network security monitoring, and covers designing, deploying, building, and running an NSM operation. The book focuses on open source software and vendor-neutral tools, avoiding costly and inflexible solutions.
About the Author
Richard Bejtlich is Chief Security Officer at Mandiant and was previously Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). He is a graduate of Harvard University and the United States Air Force Academy. Bejtlich's previous works include The Tao of Network Security Monitoring, Extrusion Detection, and Real Digital Forensics (all from Addison-Wesley). He writes on his blog (taosecurity.blogspot.com) and on Twitter as @taosecurity.
Table of Contents
DedicationForewordPrefaceGetting StartedChapter 1: Network Security Monitoring RationaleChapter 2: Collecting Network Traffic: Access, Storage, and ManagementSecurity Onion DeploymentChapter 3: Stand-alone NSM Deployment and InstallationChapter 4: Distributed DeploymentChapter 5: SO Platform HousekeepingToolsChapter 6: Command Line Packet Analysis ToolsChapter 7: Graphical Packet Analysis ToolsChapter 8: NSM ConsolesNSM in ActionChapter 9: NSM OperationsChapter 10: Server-side CompromiseChapter 11: Client-side CompromiseChapter 12: Extending SOChapter 13: Proxies and ChecksumsConclusionSO Scripts and ConfigurationColophonUpdates
What Our Readers Are Saying
Other books you might like
» Computers and Internet » Computers Reference » General