Applied Network Security Monitoring, 1st Edition

  • Published By:
  • ISBN-10: 0124172164
  • ISBN-13: 9780124172166
  • DDC: 005.8
  • Grade Level Range: College Freshman - College Senior
  • 496 Pages | eBook
  • Original Copyright 2013 | Published/Released May 2014
  • This publication's content originally published in print form: 2013

  • Price:  Sign in for price



Applied Network Security Monitoring is the essential guide to becoming an NSM analyst from the ground up. This book takes a fundamental approach to NSM, complete with dozens of real-world examples that teach you the key concepts of NSM. Network security monitoring is based on the principle that prevention eventually fails. In the current threat landscape, no matter how much you try, motivated attackers will eventually find their way into your network. At that point, it is your ability to detect and respond to that intrusion that can be the difference between a small incident and a major disaster. The book follows the three stages of the NSM cycle: collection, detection, and analysis. As you progress through each section, you will have access to insights from seasoned NSM professionals while being introduced to relevant, practical scenarios complete with sample data. If you've never performed NSM analysis, Applied Network Security Monitoring will give you an adequate grasp on the core concepts needed to become an effective analyst. If you are already a practicing analyst, this book will allow you to grow your analytic technique to make you more effective at your job.

Table of Contents

Front Cover.
Half Title Page.
Title Page.
Copyright Page.
About the Authors.
1: The Practice of Applied Network Security Monitoring.
2: Collection.
3: Planning Data Collection.
4: The Sensor Platform.
5: Session Data.
6: Full Packet Capture Data.
7: Packet String Data.
8: Detection.
9: Detection Mechanisms, Indicators of Compromise, and Signatures.
10: Reputation-Based Detection.
11: Signature-Based Detection with Snort and Suricata.
12: The Bro Platform.
13: Anomaly-Based Detection with Statistical Data.
14: Using Canary Honeypots for Detection.
15: Analysis.
16: Packet Analysis.
17: Friendly and Threat Intelligence.
18: The Analysis Process.
Appendix 1: Security Onion Control Scripts.
Appendix 2: Important Security Onion Files and Directories.
Appendix 3: Packet Headers.
Appendix 4: Decimal/Hex/ASCII Conversion Chart.