Applied Network Security Monitoring

1st Edition

Collection, Detection, and Analysis

Authors: Chris Sanders Jason Smith
Paperback ISBN: 9780124172081
eBook ISBN: 9780124172166
Imprint: Syngress
Published Date: 5th December 2013
Page Count: 496
38.95 + applicable tax
30.99 + applicable tax
49.95 + applicable tax
Unavailable
Compatible Not compatible
VitalSource PC, Mac, iPhone & iPad Amazon Kindle eReader
ePub & PDF Apple & PC desktop. Mobile devices (Apple & Android) Amazon Kindle eReader
Mobi Amazon Kindle eReader Anything else

Institutional Access


Description

Applied Network Security Monitoring is the essential guide to becoming an NSM analyst from the ground up. This book takes a fundamental approach to NSM, complete with dozens of real-world examples that teach you the key concepts of NSM.

Network security monitoring is based on the principle that prevention eventually fails. In the current threat landscape, no matter how much you try, motivated attackers will eventually find their way into your network. At that point, it is your ability to detect and respond to that intrusion that can be the difference between a small incident and a major disaster.

The book follows the three stages of the NSM cycle: collection, detection, and analysis. As you progress through each section, you will have access to insights from seasoned NSM professionals while being introduced to relevant, practical scenarios complete with sample data.

If you've never performed NSM analysis, Applied Network Security Monitoring will give you an adequate grasp on the core concepts needed to become an effective analyst. If you are already a practicing analyst, this book will allow you to grow your analytic technique to make you more effective at your job.

Key Features

  • Discusses the proper methods for data collection, and teaches you how to become a skilled NSM analyst
  • Provides thorough hands-on coverage of Snort, Suricata, Bro-IDS, SiLK, and Argus
  • Loaded with practical examples containing real PCAP files you can replay, and uses Security Onion for all its lab examples
  • Companion website includes up-to-date blogs from the authors about the latest developments in NSM

Readership

Information security practitioners, network administrators, computer system administrators, IT professionals, NSM analysts, forensic analysts, incident responders, and an academic audience among information security majors.

Table of Contents

Dedication

Acknowledgements

About the Authors

Chris Sanders, Lead Author

Jason Smith, Co-Author

David J. Bianco, Contributing Author

Liam Randall, Contributing Author

Foreword

Preface

Audience

Prerequisites

Concepts and Approach

IP Address Disclaimer

Companion Website

Charitable Support

Contacting Us

Chapter 1. The Practice of Applied Network Security Monitoring

Abstract

Key NSM Terms

Intrusion Detection

Network Security Monitoring

Vulnerability-Centric vs. Threat-Centric Defense

The NSM Cycle: Collection, Detection, and Analysis

Challenges to NSM

Defining the Analyst

Security Onion

Conclusion

Section 1: Collection

Chapter 2. Planning Data Collection

Abstract

The Applied Collection Framework (ACF)

Case Scenario: Online Retailer

Conclusion

Chapter 3. The Sensor Platform

Abstract

NSM Data Types

Sensor Type

Sensor Hardware

Sensor Operating System

Sensor Placement

Securing the Sensor

Conclusion

Chapter 4. Session Data

Abstract

Flow Records

Collecting Session Data

Collecting and Analyzing Flow Data with SiLK

Collecting and Analyzing Flow Data with Argus

Session Data Storage Considerations

Conclusion

Chapter 5. Full Packet Capture Data

Abstract

Dumpcap

Daemonlogger

Netsniff-NG

Choosing the Right FPC Collection Tool

Planning for FPC Collection

Decreasing the FPC Data Storage Burden

Managing FPC Data Retention

Conclusion

Chapter 6. Packet String Data

Abstract

Defining Packet String Data

PSTR Data Collection

Viewing PSTR Data

Conclusion

Section 2: Detect

Details

No. of pages:
496
Language:
English
Copyright:
© Syngress 2014
Published:
Imprint:
Syngress
eBook ISBN:
9780124172166
Paperback ISBN:
9780124172081

About the Author

Chris Sanders

Jason Smith

Reviews

"... an extremely informative dive into the realm of network security data collection and analysis...well organized and thought through...I have only positive comments from my study." -The Ethical Hacker Network, Oct 31, 2014