The Practice of Network Security Monitoring
Understanding Incident Detection and Response
Publisher: No Starch Press
Released: July 2013
Pages: 376

Network security is not simply about building impenetrable walls — determined attackers will eventually overcome traditional defenses. The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions.

In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks — no prior experience required. To help you avoid costly and inflexible solutions, he teaches you how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools.

You'll learn how to:

  • Determine where to deploy NSM platforms, and size them for the monitored networks
  • Deploy stand-alone or distributed NSM installations
  • Use command line and graphical packet analysis tools, and NSM consoles
  • Interpret network evidence from server-side and client-side intrusions
  • Integrate threat intelligence into NSM software to identify sophisticated adversaries

There's no foolproof way to keep attackers out of your network. But when they get in, you'll be prepared. The Practice of Network Security Monitoring will show you how to build a security net to detect, contain, and control them. Attacks are inevitable, but losing sensitive data shouldn't be.

Table of Contents
Product Details
About the Author
Recommended for You
Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews
oreillyThe Practice of Network Security Monitoring
 
4.7

(based on 3 reviews)

Ratings Distribution

  • 5 Stars

     

    (2)

  • 4 Stars

     

    (1)

  • 3 Stars

     

    (0)

  • 2 Stars

     

    (0)

  • 1 Stars

     

    (0)

100%

of respondents would recommend this to a friend.

Pros

  • Accurate (3)
  • Well-written (3)

Cons

    Best Uses

      Reviewed by 3 customers

      Sort by

      Displaying reviews 1-3

      Back to top

      (1 of 1 customers found this review helpful)

       
      4.0

      "This may be one of the most... "

      By Giuseppe Simpatia

      from Florence, Italy

      About Me Sys Admin

      Verified Reviewer

      Pros

      • Accurate
      • Helpful examples
      • Well-written

      Cons

      • Complex Index

      Best Uses

      • Expert

      Comments about oreilly The Practice of Network Security Monitoring:

      "This may be one of the most important books you ever read."

      The book begins with this ambitious intention to say of how critical the role of Network Security was over last years.

      The foreword is an excursus in the recent past of the author who warns that "security companies' marketing department still promote the magic box solution and investors buy into it".

      There's not a single definitive solution to insecurity, "products and technologies are not solutions. They are just tools. […] Almost all future conflicts – whether economic, religious, political, or military – will include cyber component. The more defensive we have, and the more effectively we use them, the better off we will all be. This book will help with that noble effort."

      The author still dedicates a Preface and the whole Chapter 1 of the Part 1 (Network Security Monitor Rationale) to make this point even more crucial, reporting events and stories from his important work experience, alternating a nice novelistic style to a more technical tone.

      This dual approach has the benefit to draw the reader's attention with both simplicity and accuracy but without boring him, like possibly other books about this topics do.

      NSM is the acronym for Network Security Monitor which is the central point of this book. The initialdiscursive approachshould not deceive, this is a technical book: in the first Chapter you will be quite requested to put your hand on the device: "Installing a Tap", like in a lab exercise.

      But before installing a Tab, you must be able to answer questions like "Why Does NSM Work" or "When NSM Won't Work" or "What is the difference between NSM and Continuous Monitoring?".

      How large must a hard drive be to accommodate all the captured traffic?

      The book drives the reader into the forest bit by bit, starting from the Stand-alone NSM Deployment and Installation that shows how to install the open source Security Onion (SO) NSM suite from Doug Burks (http://securityonion.blogspot.com/) and going on with the description of the tools provided by it (Tshark, Dumpcap, Argus, RA, Tcpdump Wireshark, Xplico, Sguil, Squerty, Snorby, ELSA, and others.

      "Tools collect and interpret data, but methodology provides the conceptual model". So the Part IV is oriented to the management of the Enterprise security cycle: Plan, Resist, Detect, Respond.

      Positive: technical aspects are always accompanied by a methodology. The focus that the author puts on the practical experience is never unmotivated, every single tool is useless if taken alone. The consciousness of a structured method and practice comes first.

      Negative: The division intoparts and chapters is so accurate and granular to result very complex. If you look at the index it could be a little tedious to find the topic you're looking for.

      I would definitely suggest this book to all thosewho deal with IT Security.

       
      5.0

      Amazing book

      By Fernando

      from Dallas, TX

      About Me Tech Support Engineer

      Verified Reviewer

      Pros

      • Accurate
      • Easy to understand
      • Well-written

      Cons

        Best Uses

        • Expert
        • Intermediate

        Comments about oreilly The Practice of Network Security Monitoring:

        I am actually not the best person to evaluate this book because it is a little bit too advanced for my level of knowledge in network security. Even so, it's pretty clear for me that the book is really good.

        (2 of 2 customers found this review helpful)

         
        5.0

        The Practice of Network Security Monitor

        By Mat

        from Bentonville, Ar

        About Me Developer, Sys Admin

        Verified Reviewer

        Pros

        • Accurate
        • Concise
        • Easy to understand
        • Helpful examples
        • Well-written

        Cons

          Best Uses

          • Intermediate
          • Novice
          • Student

          Comments about oreilly The Practice of Network Security Monitoring:

          The Practice of Network Security Monitoring by Richard Bejtlich has been one of my most anticipated reads of this year. I am a huge fan of The Tao of Network Security Monitoring and the Practice of Network Security Monitoring is a fresh reboot / addition to it's predecessor. By utilizing NSM practices, you can detect and respond to intruders on your network and do something about them before they damage your enterprise.

          Bejtlich's book targets users of all experience levels— from the curious to the seasoned analyst. He presents the material in a clear and consise manner emphasizing on process and procedures that are essential to the collection, analysis, escalations and indicators of possible compromises.

          This book heavily relies on Security Onion— an Ubuntu based NSM distribution with a collection of tools that can be readily deployed and utilized in the enterprise. Bejtlich covers full and sensor-based installs of the tool and helps readers determine what would be best for their implementation.

          Aside from the different installs of Secuirty Onion, the book also gives some great hands on exercises with some tools like Wireshark, Xplico, Network Miner, Snort, Snorby, Sguil and ELSA.

          The last part of the book is dedicated to precesses surrounding collection, analysis, escalation and response. NSM is more than just finding the intruder— it's a complete suite of processes and procedures that covers everything an new analyst would need to know to defend their network. The chapters on server and client side compromises help reiterate this through a 'story' walking you through from start to finish.

          All in all, this book definitely did not disappoint. A must read for any practitioner (or would-be practitioner) of NSM.

          NOTE: This book was reviewed under the O'Reilly Blogger Review Program.

          Displaying reviews 1-3

          Back to top

           
          Buy 2 Get 1 Free Free Shipping Guarantee
          Buying Options
          Immediate Access - Go Digital what's this?
          Ebook: $39.95
          Formats:  ePub, Mobi, PDF
          Print & Ebook: $54.95
          Print: $49.95