Applied Network Security Monitoring - 1st Edition - ISBN: 9780124172081, 9780124172166

Applied Network Security Monitoring

1st Edition

Collection, Detection, and Analysis

Authors: Chris Sanders Jason Smith
eBook ISBN: 9780124172166
Paperback ISBN: 9780124172081
Imprint: Syngress
Published Date: 5th December 2013
Page Count: 496
Sales tax will be calculated at check-out Price includes VAT/GST
25% off
25% off
25% off
25% off
25% off
20% off
20% off
25% off
25% off
25% off
25% off
25% off
20% off
20% off
25% off
25% off
25% off
25% off
25% off
20% off
20% off
49.95
37.46
37.46
37.46
37.46
37.46
39.96
39.96
38.95
29.21
29.21
29.21
29.21
29.21
31.16
31.16
30.99
23.24
23.24
23.24
23.24
23.24
24.79
24.79
Unavailable
Price includes VAT/GST
× DRM-Free

Easy - Download and start reading immediately. There’s no activation process to access eBooks; all eBooks are fully searchable, and enabled for copying, pasting, and printing.

Flexible - Read on multiple operating systems and devices. Easily read eBooks on smart phones, computers, or any eBook readers, including Kindle.

Open - Buy once, receive and download all available eBook formats, including PDF, EPUB, and Mobi (for Kindle).

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

Applied Network Security Monitoring is the essential guide to becoming an NSM analyst from the ground up. This book takes a fundamental approach to NSM, complete with dozens of real-world examples that teach you the key concepts of NSM.

Network security monitoring is based on the principle that prevention eventually fails. In the current threat landscape, no matter how much you try, motivated attackers will eventually find their way into your network. At that point, it is your ability to detect and respond to that intrusion that can be the difference between a small incident and a major disaster.

The book follows the three stages of the NSM cycle: collection, detection, and analysis. As you progress through each section, you will have access to insights from seasoned NSM professionals while being introduced to relevant, practical scenarios complete with sample data.

If you've never performed NSM analysis, Applied Network Security Monitoring will give you an adequate grasp on the core concepts needed to become an effective analyst. If you are already a practicing analyst, this book will allow you to grow your analytic technique to make you more effective at your job.

Key Features

  • Discusses the proper methods for data collection, and teaches you how to become a skilled NSM analyst
  • Provides thorough hands-on coverage of Snort, Suricata, Bro-IDS, SiLK, and Argus
  • Loaded with practical examples containing real PCAP files you can replay, and uses Security Onion for all its lab examples
  • Companion website includes up-to-date blogs from the authors about the latest developments in NSM

Readership

Information security practitioners, network administrators, computer system administrators, IT professionals, NSM analysts, forensic analysts, incident responders, and an academic audience among information security majors.

Table of Contents

Dedication

Acknowledgements

About the Authors

Chris Sanders, Lead Author

Jason Smith, Co-Author

David J. Bianco, Contributing Author

Liam Randall, Contributing Author

Foreword

Preface

Audience

Prerequisites

Concepts and Approach

IP Address Disclaimer

Companion Website

Charitable Support

Contacting Us

Chapter 1. The Practice of Applied Network Security Monitoring

Abstract

Key NSM Terms

Intrusion Detection

Network Security Monitoring

Vulnerability-Centric vs. Threat-Centric Defense

The NSM Cycle: Collection, Detection, and Analysis

Challenges to NSM

Defining the Analyst

Security Onion

Conclusion

Section 1: Collection

Chapter 2. Planning Data Collection

Abstract

The Applied Collection Framework (ACF)

Case Scenario: Online Retailer

Conclusion

Chapter 3. The Sensor Platform

Abstract

NSM Data Types

Sensor Type

Sensor Hardware

Sensor Operating System

Sensor Placement

Securing the Sensor

Conclusion

Chapter 4. Session Data

Abstract

Flow Records

Collecting Session Data

Collecting and Analyzing Flow Data with SiLK

Collecting and Analyzing Flow Data with Argus

Session Data Storage Considerations

Conclusion

Chapter 5. Full Packet Capture Data

Abstract

Dumpcap

Daemonlogger

Netsniff-NG

Choosing the Right FPC Collection Tool

Planning for FPC Collection

Decreasing the FPC Data Storage Burden

Managing FPC Data Retention

Conclusion

Chapter 6. Packet String Data

Abstract

Defining Packet String Data

PSTR Data Collection

Viewing PSTR Data

Conclusion

Section 2: Detection

Chapter 7. Detection Mechanisms, Indicators of Compromise, and Signatures

Abstract

Detection Mechanisms

Indicators of Compromise and Signatures

Managing Indicators and Signatures

Indicator and Signature Frameworks

Conclusion

Chapter 8. Reputation-Based Detection

Abstract

Public Reputation Lists

Automating Reputation-Based Detection

Conclusion

Chapter 9. Signature-Based Detection with Snort and Suricata

Abstract

Snort

Suricata

Changing IDS Engines in Security Onion

Initializing Snort and Suricata for Intrusion Detection

Configuring Snort and Suricata

IDS Rules

Viewing Snort and Suricata Alerts

Conclusion

Chapter 10. The Bro Platform

Abstract

Basic Bro Concepts

Running Bro

Bro Logs

Creating Custom Detection Tools with Bro

Conclusion

Chapter 11. Anomaly-Based Detection with Statistical Data

Abstract

Top Talkers with SiLK

Service Discovery with SiLK

Furthering Detection with Statistics

Visualizing Statistics with Gnuplot

Visualizing Statistics with Google Charts

Visualizing Statistics with Afterglow

Conclusion

Chapter 12. Using Canary Honeypots for Detection

Abstract

Canary Honeypots

Types of Honeypots

Canary Honeypot Architecture

Honeypot Platforms

Conclusion

Section 3: Analysis

Chapter 13. Packet Analysis

Abstract

Enter the Packet

Packet Math

Dissecting Packets

Tcpdump for NSM Analysis

TShark for Packet Analysis

Wireshark for NSM Analysis

Packet Filtering

Conclusion

Chapter 14. Friendly and Threat Intelligence

Abstract

The Intelligence Cycle for NSM

Generating Friendly Intelligence

Generating Threat Intelligence

Conclusion

Chapter 15. The Analysis Process

Abstract

Analysis Methods

Analysis Best Practices

Incident Morbidity and Mortality

Conclusion

Appendix 1. Security Onion Control Scripts

High Level Commands

Server Control Commands

Sensor Control Commands

Appendix 2. Important Security Onion Files and Directories

Application Directories and Configuration Files

Sensor Data Directories

Appendix 3. Packet Headers

Appendix 4. Decimal / Hex / ASCII Conversion Chart

Index

Details

No. of pages:
496
Language:
English
Copyright:
© Syngress 2014
Published:
Imprint:
Syngress
eBook ISBN:
9780124172166
Paperback ISBN:
9780124172081

About the Author

Chris Sanders

Jason Smith

Reviews

"... an extremely informative dive into the realm of network security data collection and analysis...well organized and thought through...I have only positive comments from my study." -The Ethical Hacker Network, Oct 31, 2014

Ratings and Reviews