The Tao of Network Security Monitoring Book Review
|
The Tao of Network Security Monitoring
|
The Tao of Network Security Monitoring
- Author:
- Richard Bejtlich
- Publisher:
- Addison-Wesley
- Published:
- 2005
- Pages:
- 798
|
The Tao of Network Security Monitoring
The Tao of Network Security Monitoring Chapters
The Tao of Network Security Monitoring Chapters
- The Security Process
- What Is Security?
- What is Risk?
- Threat
- Vulnerability
- Asset Value
- A Case Study on risk
- Security Principles: Characteristics of the Intruder
- Some Intruders Are Smarter Than You
- Many Intruders Are Unpredictable
- Prevention Eventually Fails
- Security Principles: Phases of Compromise
- Reconnaissance
- Exploitation
- Reinforcement
- Consolidation
- Pillage
- Security Principles: Defensible Networks
- Defensible Networks Can Be Watched
- Defensible Networks Limit an Intruder's Freedom to Maneuver
- Defensible Networks Offer a Minimum Number of Services
- Defensible Networks Can Be Kept Current
- Conclusion
- What is Network Security Monitoring?
- Indications and Warnings
- Collection, Analysis and Escalation
- Detecting and Responding to Intrusions
- Why Do IDS Deployments Often Fail?
- Outsiders versus Insiders: What Is NSM's Focus?
- Security Principles: Detection
- Intruders Who Can Communicate with Victims Can Be Detected
- Detection through Sampling Is Better Than No Detection
- Detection through Traffic Analysis Is Better than No Detection
- Security Principles: Limitations
- Collecting Everything is Ideal but Problematic
- Real Time Isn't Always the Best Time
- Extra Work Has a Cost
- What NSM is Not
- NSM Is Not Device Management
- NSM Is Not Security Event Management
- NSM Is Not Network-Based Forensics
- NSM Is Not Intrusion Prevention
- NSM in Action
- Conclusion
- Deployment Considerations
- Threat Models and Monitoring Zones
- The Perimeter
- The Demilitarized Zone
- The Wireless Zone
- The Intranet
- Accessing Traffic in Each Zone
- Hubs
- SPAN Ports
- Taps
- Inline Devices
- Wireless Monitoring
- Sensor Architecture
- Hardware
- Operating Systems
- Sensor Management
- Console Access
- In-Band Remote Access
- Out-of-Band Remote Access
- Conclusion
- The Reference Intrusion Model
- The Scenario
- The Attack
- Conclusion
- Full Content Data
- Additional Data Analysis
- Session Data
- Statistical Data
- Alert Data: Bro and Prelude
- Alert Data: NSM Using Sguil
- Best Practices
- Case Studies for Managers
- Analyst Training Program
- Discovering DNS
- Harnessing the Power of Session Data
- Packet Monkey Heaven
- Tools for Attacking Network Security Monitoring
- Tactics for Attacking Network Security Monitoring
- The Future of Network Security Monitoring
The Tao of Network Security Monitoring Appendices
- Protocol Header Reference
- Intellectual History of Network Security Monitoring
- Protocol Anomaly Detection
- Index
|
|
Poised Solutions Library
Programming Books | Administration Books | Cyber Security Books
Computer Science Books | Electronic Books | Literature Books
Cyber Security Hardening | Cyber Security Monitoring
Cyber Security Encryption | Cyber Security Penetration
© Poised Solutions Copyright 2008 - 2009
Web Development and Web Design by Poised Solutions IT Practice
Guild of Developers • PantheonOS • Cyber Security
