|
|
Joeychgo.com Book Store > Joeychgo.com books beginning with T
|
The Tao of Network Security Monitoring: Beyond Intrusion Detection |
Author: Richard Bejtlich
Published: 2004-07-22 |
List price: $64.99
Our price: $40.94
|
Usually ships in 24 hours
As of: December 03rd, 2008 11:56:32 PM
|
|
|
Customer comments on this selection.
 Easily My Favorite Book
It's hard to add much that isn't said by the 17 other 5 star reviews, but this is easily my favorite security book. Aside from ascribing me to the theories of NSM -- that visibility into the network provides the critical information required to accurately diagnose and respond to security issues -- and being an excellent read, this book is also a fantastic reference. As I've implemented NSM in my environment, I haven't stopped referencing the book to find tools that might be better suited to jobs, or to find tools that have all but vanished from the face of the earth. I thoroughly recommend this book to anyone responsible for the security of any size network.
Jump into NSM
This book is a great introduction to the world of NSM (Network Security Monitoring). The basic idea is that security defenses will fail at some point and that to realistically improve the security posture of an organization NSM is needed.
br /br /
br /br / The book starts with an introduction to risk analysis. It then describes how to build an NSM platform using open source tools, FreeBSD, and network taps / SPAN ports. It also includes some case studies and a lot of material on the operational aspects of running a NSM team.
br /br /
br /br / I really like Richard's style such as his footnotes with related papers.
br /br /Be sure to check out the author's blog at http://taosecurity.blogspot.com/.
 Great book
Cuts right to the chase. Worthy addition to any serious network security library.
Great book to learn the Art of Network Monitoring!
I am not sure how I was first introduced to the author, Mr. Bejtlich. I cannot remember if I first noticed his work via his excellent blog or this, his first book. Either way, after reading "The Tao of Network Security" by Richard Bejtlich, I feel he has prepared and educated me in a way unlike any other author. The first item you must recognize is the tone that this book dictates right from the outset. The book begins by citing many different authors, their books and their value. I knew immediately that I was in for a treat. And I was right!
br /
br /I will not attempt to offer a full review as I feel one can gather from other reviews the value of this book. The book is basically broken up into 5 sections. The first 100 pages is an intro to Network Security Monitoring (NSM). The second part is dedicated to the different ways to monitor - I particularly like (and agree) with how the author broke up the different ways of cataloguing NSM - full content, session, and alert. The third section describers NSM processes and the fourth section describes NSM people.
br /
br /The book, overall, is a superb resource. Not a page goes by without some screenshots of TCPDump, UNIX configs or diagrams. I have heard others' mention they have been given this book to read in their classroom study and I can see why.
br /
br /I give this book 5 pings out of 5:
br /!!!!!
Shows a disciplined approach to network security monitoring
A problem with the approach many people take to network and security monitoring is that they expect it to be plug and play. Install the software and then stop attackers in their tracks. If only it was so easy. But one can't simply install monitoring software or an IDS, collect data and expect it all to correlate and correct itself.
br /
br /The beauty of The Tao of Network Security Monitoring : Beyond Intrusion Detection is that it shows how network monitoring requires a strong discipline to truly have an effect on security.
br /
br /The book is written for the person; primarily a system administrator or security engineer whom truly wants to use an IDS to manage and secure their network. This is not an introductory text, rather it is written for someone not scared of downloading and compiling code. If you are looking for an intro to IDS usage, this is not the book for you. This is a book about someone who has an IDS, and needs to find a way to use it and tune it for maximum usage.
br /
br /The book has a near endless supply of network traffic capture and analysis tools, techniques and network topologies. Beyond simply providing a list of software tools, the book shows how to install and configure a variety of these tools. Rather than wasting pages and screen shots detailing how to download and install the software mentioned; the book shows how to use the tool in the context or Tao of security monitoring.
br /
br /In addition, the author emphasizes the point that the people are a crucial aspect of effective network monitoring. The ultimate success of any IDS is directly tied to the analyst behind the console. They are the ones making the decision on how to respond to an incident, and if they are not appropriately trained, all of the hardware and software will only provide a fraction of it potential.
br /
br /With that, The Tao of Network Security Monitoring should be considered required reading for anyone using an IDS or responsible for its use. If you have staff using an IDS, ensure that they have read The Tao of Network Security Monitoring as it will educate them in truly understanding how to monitor a network.
br /
|
Similar Listings
|
|
Our Joeychgo.com book picks:
|
|
LCS Amazon Store 2.4 © 2008
|
|
|
