Books & Videos

Table of Contents

  1. Getting Started

    1. Chapter 1 Network Security Monitoring Rationale

      1. An Introduction to NSM
      2. A Sample NSM Test
      3. The Range of NSM Data
      4. What’s the Point of All This Data?
      5. NSM Drawbacks
      6. Where Can I Buy NSM?
      7. Where Can I Go for Support or More Information?
      8. Conclusion
    2. Chapter 2 Collecting Network Traffic: Access, Storage, and Management

      1. A Sample Network for a Pilot NSM System
      2. IP Addresses and Network Address Translation
      3. Choosing the Best Place to Obtain Network Visibility
      4. Getting Physical Access to the Traffic
      5. Choosing an NSM Platform
      6. Ten NSM Platform Management Recommendations
      7. Conclusion
  2. Security Onion Deployment

    1. Chapter 3 Stand-alone NSM Deployment and Installation

      1. Stand-alone or Server Plus Sensors?
      2. Choosing How to Get SO Code onto Hardware
      3. Installing a Stand-alone System
      4. Conclusion
    2. Chapter 4 Distributed Deployment

      1. Installing an SO Server Using the SO .iso Image
      2. Installing an SO Sensor Using the SO .iso Image
      3. Building an SO Server Using PPAs
      4. Building an SO Sensor Using PPAs
      5. Conclusion
    3. Chapter 5 SO Platform Housekeeping

      1. Keeping SO Up-to-Date
      2. Limiting Access to SO
      3. Managing SO Data Storage
      4. Conclusion
  3. Tools

    1. Chapter 6 Command Line Packet Analysis Tools

      1. SO Tool Categories
      2. Running Tcpdump
      3. Using Dumpcap and Tshark
      4. Running Argus and the Ra Client
      5. Conclusion
    2. Chapter 7 Graphical Packet Analysis Tools

      1. Using Wireshark
      2. Using Xplico
      3. Examining Content with NetworkMiner
      4. Conclusion
    3. Chapter 8 NSM Consoles

      1. An NSM-centric Look at Network Traffic
      2. Using Sguil
      3. Using Squert
      4. Using Snorby
      5. Using ELSA
      6. Conclusion
  4. NSM in Action

    1. Chapter 9 NSM Operations

      1. The Enterprise Security Cycle
      2. Collection, Analysis, Escalation, and Resolution
      3. Remediation
      4. Conclusion
    2. Chapter 10 Server-side Compromise

      1. Server-side Compromise Defined
      2. Server-side Compromise in Action
      3. Exploring the Session Data
      4. Stepping Back
      5. Conclusion
    3. Chapter 11 Client-side Compromise

      1. Client-side Compromise Defined
      2. Client-side Compromise in Action
      3. Analyzing the Bro dns.log File
      4. Checking Destination Ports
      5. Examining the Command-and-Control Channel
      6. Conclusion
    4. Chapter 12 Extending SO

      1. Using Bro to Track Executables
      2. Using Bro to Extract Binaries from Traffic
      3. Using APT1 Intelligence
      4. Reporting Downloads of Malicious Binaries
      5. Conclusion
    5. Chapter 13 Proxies and Checksums

      1. Proxies
      2. Checksums
      3. Conclusion
  1. Conclusion

    1. Cloud Computing

    2. Workflow, Metrics, and Collaboration

    3. Conclusion

  2. Appendix SO Scripts and Configuration

    1. SO Control Scripts

    2. SO Configuration Files

    3. Updating SO

  3. Colophon

  4. Appendix Updates