The Tao of network security monitoring : beyond intrusion detection

Select an Action

Title:

Author:

Bejtlich, Richard.

ISBN:

9780321246776

Personal Author:

Bejtlich, Richard.

Publication Information:

Physical Description:

xxxiv, 798 pages : illustrations ; 24 cm

General Note:

Includes index.

Contents:

The security process -- What is network security monitoring? -- Deployment considerations -- The reference intrusion model -- Full content data -- Additional data analysis -- Session data -- Statistical data -- Alert data : Bro and Prelude -- Alert data : NSM using Sguil -- Best practices -- Case studies for managers -- Analyst training program -- Discovering DNS -- Harnessing the power of session data -- Packet monkey heaven -- Tools for attacking network security monitoring -- Tactics for attacking network security monitoring.

Subject Term:

Computer networks -- Security measures.

Computer networks -- Security measures. (OCoLC)fst00872341

Computersicherheit.

Monitoring

Rechnernetz.

Electronic Access:

Safari Books Online http://proquest.safaribooksonline.com/0321246772
Table of contents http://catdir.loc.gov/catdir/toc/ecip0416/2004007857.html

Copies:

Available:*

Library	Material Type	Item Barcode	Shelf Number	Copy	Status
Searching... 1:VCCT	1:GEN-BOOK	000025341	005.8 BEJ	1	Searching... Unknown
Searching... 1:VCDBN	1:GEN-BOOK	000020203	005.8 BEJ	1	Searching... Unknown
Searching... 1:VCDW	1:GEN-BOOK	000055289	005.8 BEJ	1	Searching... Unknown
Searching... 1:VCPMB	1:GEN-BOOK	000090661	005.8 BEJ	1	Searching... Unknown

Bound With These Titles

On Order

Summary

Once your security is breached, everyone will ask the same question: nowwhat? Answering this question has cost companies hundreds of thousands ofdollars in incident response and computer forensics fees. This book reducesthe investigative workload of computer security incident response teams(CSIRT) by posturing organizations for incident response success.Firewalls can fail. Intrusion-detection systems can be bypassed. Networkmonitors can be overloaded. These are the alarming but true facts aboutnetwork security. In fact, too often, security administrators' tools can serve asgateways into the very networks they are defending.Now, a novel approach to network monitoring seeks to overcome theselimitations by providing dynamic information about the vulnerability of allparts of a network. Called network security monitoring (NSM), it draws on acombination of auditing, vulnerability assessment, intrusion detection andprevention, and incident response for the most comprehensive approach tonetwork security yet. By focusing on case studies and the application of opensourcetools, the author helps readers gain hands-on knowledge of how tobetter defend networks and how to mitigate damage from security incidents.