Traditional intrusion detection and logfile analysis are no longer enough to protect today’s complex networks. In this practical guide, security researcher Michael Collins shows you several techniques and tools for collecting and analyzing network traffic datasets. You’ll understand how your network is used, and what actions are necessary to protect and improve it.
Divided into three sections, this book examines the process of collecting and organizing data, various tools for analysis, and several different analytic scenarios and techniques. It’s ideal for network administrators and operational security analysts familiar with scripting.
Explore network, host, and service sensors for capturing security data
Store data traffic with relational databases, graph databases, Redis, and Hadoop
Use SiLK, the R language, and other tools for analysis and visualization
Detect unusual phenomena through Exploratory Data Analysis (EDA)
Identify significant structures in networks with graph analysis
Determine the traffic that’s crossing service ports in a network
Examine traffic volume and behavior to spot DDoS and database raids
Get a step-by-step process for network mapping and inventory
Michael Collins is the chief scientist for RedJack, LLC., a NetworkSecurity and Data Analysis company located in the WashingtonD.C. area. Prior to his work at RedJack, Dr. Collins was a member ofthe technical staff at the CERT/Network Situational Awareness group at Carnegie Mellon University. His primary focus is on networkinstrumentation and traffic analysis, in particular on the analysis oflarge traffic datasets.Dr. Collins graduated with a PhD in Electrical Engineering fromCarnegie Mellon University in 2008, he holds Master's and Bachelor'sDegrees from the same institution.
The animal on the cover of Network Security Through Data Analysis is a European Merlin (Falco columbarius). There is some debate as to whether the North American and the European/Asian varieties of Merlin are actually different species. Carl Linnaeus was the first to classify the bird in 1758 using a specimen from America, then in 1771 the ornithologist Marmaduke Tunstall assigned a separate taxon to the Eurasian Merlin, calling it
Falco aesalon in his work Ornithologica Britannica.Recently, it has been found that there are significant genetic variations between North American and European species of Merlin, supporting the idea that they should be officially classified as distinct species. It is believed that the separation between the two types happened more than a million years ago, and since then the birds have existed completely independently of each other.The Merlin is more heavily built than most other small falcons and can weigh almost a pound, depending on the time of year. Females are generally larger than males, which is common among raptors. This allows the male and female to hunt different types of prey animals and means that less territory is required to support a mating pair.Merlins normally inhabit open country, such as scrubland, forests, parks, grasslands, and moorland. They prefer areas with low and medium-height vegetation because it allows them to hunt easily and find the abandoned nests that they take on as their own. During the winter, European Merlins are known to roost communally with Hen Harriers, another bird of prey.Breeding occurs in May and June, and pairs are monogamous for the season. The Merlins will often use the empty nests of crows or magpies, but it is also common, especially in the UK, to find Merlins nesting in crevices in cliffs or buildings. Females lay three to six eggs, which hatch after an incubation period of 28 to 32 days. The chicks will be dependent on their parents for up to 4 weeks before starting out on their own.In medieval times, chicks were taken from the nest and hand-reared to be used for hunting. The Book of St. Albans, a handbook of gentleman's pursuits, included Merlins in the "Hawking" section, calling the species, "the falcon for a lady." Today, they are still trained by falconers for hunting smaller birds, but this practice is declining because of conservation efforts. The most serious threat to Merlins is habitat destruction, especially in their breeding areas. However, since the birds are highly adaptable and have been successful at living in settled areas, their population remains stable around the world.
Comments about oreilly Network Security Through Data Analysis:
Dr. Michael S Collins is the Chief Scientist for RedJack LLC. The company aims at protecting networks against attacks with the help of data analysis. The latest statement is the starting point of the book: " How the data generated by the network usages can help us to detect intrusions or corrupted processes? ". The book presents a global approach to answer to this big question. The answer is divided into three main steps: capture, store/refine and process.
This data is implicitly generated when our computers are connected and communicate. Revealing the data means installing sensors that will capture the events, and the big picture of the network activity at different levels (network or hosts sensors, for instance). The first part of the book presents various tools to achieve the installation of sensors (such as tcpdump).
Once the data are captured, where can we store them or even centralize them if the sensors are installed in various parts of the network? How to process them? With which tools? The second part of the book presents the different possible storage and how to design the data space to optimize the future analysis. Among the proposed tools, SiLK and R are covered. But what if you are not familiar with the tools? no problem! This book will guide you to learn them and the further reading provided gives you a path to mastery. Many other tools are also covered and they will refine the raw data to prepare it to the last step.
The third part is dedicated to exploratory data analysis to reveal the hidden informations out of raw data. This part is really interesting and the core of the data analysis helps the network security engineer to develop its skills in recognition of misbehaviors. The visuals and the examples are well chosen and the explanations well structured and balanced.
Finally, I found the book really interesting and opens interesting possibilities if a closer look is given at the recent developments in the world of networking and mobility (VPN, etc). Since the number of flows increases everyday, I have found the approach really helpful to extract security informations out of the noise.
Since this is one of the first book to cover this area of skills, the book is really introductive and the pedagogical quality helps the reader to learn and acquire them through different techniques and tools. Some professionals could find some of the topics not enough deeply covered, but something will be found in the book for everyone interested in the subject.
This review is part of the reader review program
Bottom Line Yes, I would recommend this to a friend