The Tao of Network Security Monitoring: Beyond Intrusion Detection
By New York Security
Product Description
“The book you are about to read will arm you with the knowledge you need to defend your network from attackers—both the obvious and the not so obvious….If you are new to network security, don’t put this book back on the shelf! This is a great book for beginners and I wish I had access to it many years ago. If you’ve learned the basics of TCP/IP protocols and run an open source or commercial IDS, you may be asking ‘What’s next?’ If so, this book is for you.”
—Ron Gula, founder and CTO, Tenable Network Security, from the Foreword “Richard Bejtlich has a good perspective on Internet security—one that is orderly and practical at the same time. He keeps readers grounded and addresses the fundamentals in an accessible way.”
—Marcus Ranum, TruSecure “This book is not about security or network monitoring: It’s about both, and in reality these are two aspects of the same problem. You can easily find people who are security experts or network monitors, but this book explains how to master both topics.”
—Luca Deri, ntop.org “This book will enable security professionals of all skill sets to improve their understanding of what it takes to set up, maintain, and utilize a successful network intrusion detection strategy.”
—Kirby Kuehl, Cisco Systems Every network can be compromised. There are too many systems, offering too many services, running too many flawed applications. No amount of careful coding, patch management, or access control can keep out every attacker. If prevention eventually fails, how do you prepare for the intrusions that will eventually happen? Network security monitoring (NSM) equips security staff to deal with the inevitable consequences of too few resources and too many responsibilities. NSM collects the data needed to generate better assessment, detection, and response processes—resulting in decreased impact from unauthorized activities. In The Tao of Network Security Monitoring, Richard Bejtlich explores the products, people, and processes that implement the NSM model. By focusing on case studies and the application of open source tools, he helps you gain hands-on knowledge of how to better defend networks and how to mitigate damage from security incidents. Inside, you will find in-depth information on the following areas. The NSM operational framework and deployment considerations. How to use a variety of open-source tools—including Sguil, Argus, and Ethereal—to mine network traffic for full content, session, statistical, and alert data. Best practices for conducting emergency NSM in an incident response scenario, evaluating monitoring vendors, and deploying an NSM architecture. Developing and applying knowledge of weapons, tactics, telecommunications, system administration, scripting, and programming for NSM. The best tools for generating arbitrary packets, exploiting flaws, manipulating traffic, and conducting reconnaissance. Whether you are new to network intrusion detection and incident response, or a computer-security veteran, this book will enable you to quickly develop and apply the skills needed to detect, prevent, and respond to new and emerging threats. The Tao of Network Security Monitoring: Beyond Intrusion Detection
Beyond , Detection , Intrusion , Monitoring , Network , security 
December 9th, 2009
This author published 9951 posts in this site.Share
readsalot
December 9th, 2009
Cuts right to the chase. Worthy addition to any serious network security library. Rating: 4 / 5
Eric Kent
December 10th, 2009
This book rocks.
Bejtlich knows his stuff.
This is a great book that gives you tons of information that you won’t find elsewhere. Rating: 5 / 5
alilomo
December 10th, 2009
This book is a great introduction to the world of NSM (Network Security Monitoring). The basic idea is that security defenses will fail at some point and that to realistically improve the security posture of an organization NSM is needed.
The book starts with an introduction to risk analysis. It then describes how to build an NSM platform using open source tools, FreeBSD, and network taps / SPAN ports. It also includes some case studies and a lot of material on the operational aspects of running a NSM team.
I really like Richard’s style such as his footnotes with related papers.
Be sure to check out the author’s blog at http://taosecurity.blogspot.com/. Rating: 5 / 5
Zoran Perkov
December 10th, 2009
It’s tough to keep up with the many facets of network security.
Many of the well respected published books in the past
have done excellent jobs in introducing many concepts but
I have always had to walk away from the book with questions
that required extensive research beyond the scope of the book.
Richard Bejtlich has written a book that fills in all the holes
left by the other authors. The numerous pages (that’s right,
numerous, not 2 pages) of analysis that identify the
differences of normal to suspicious to malicious network
activity is a small portion of a huge collection that thoroughly
covers the world of network security.
I recommend the Tao of NSM to anyone who needs answers
to the following…
how do I…?, with what tool?, what approach should I take?,
what do I do next?, where else can I find info on …..?
If your responsible for the security of your network this
book needs to be on your desk….leave the rest on the
shelf for reference. Rating: 5 / 5
Joshua Brower
December 10th, 2009
The Tao of Network Security Monitoring: Beyond Intrusion Detection was my first Information Security book that I read. The author, Richard Bejtlich , has authored a few other books that I hope to read soon. As for Tao, I have found it to be an absolutely fascinating book on InfoSec.
The author starts out by laying the groundwork of Risk Management, and how risk, threats, vulnerabilities and exploits are defined and used in the real world.
The author then makes this statement:
“Security is the process of maintaining an acceptable level of perceived risk. A former director of education for the International Computer Security Association, Dr. Mitch Kabay, wrote in 1998 that “security is a process, not an end state.” No organization can be considered “secure” for any time beyond the last verification of adherence to its security policy. If your manager asks, “Are we secure?” you should answer, “Let me check.” If he or she asks, “Will we be secure tomorrow?” you should answer, “I don’t know.” Such honesty will not be popular, but this mind-set will produce greater success for the organization in the long run.”
With this kind of outlook on security, the author puts forth the concept of a “defensible” network: a network that can easily watched (monitored); a network that limits an intruder’s freedom to maneuver; a network that offers a minimum of services; and finally, a network that can be kept current.
With this foundation laid, the author delves into “Network Security Monitoring” which is defined as “the collection, analysis, and escalation of indications and warnings to detect and respond to intrusions.” The rest of the book deals with the practical aspects of NSM: how to setup and use programs to collect NSM data; Best Practices; Case Studies; managing a NSM program; and finally, tactics on attacking NSM, and ways to mitigate these risks.
I have found this book to be very helpful in bringing balance to my understanding of how Intrusion Detection fits into an InfoSec program.
I would highly recommend this book to anyone interested in going deeper into InfoSec, especially dealing with Intrusion Detection Systems. It does have quite a bit of BSD-centric material, of which I skipped over alot of, but still very useful principles.
Rating: 5 / 5