The Practice of Network Security Monitoring: Understanding Incident Detection and Response

Network security is not simply about building impenetrable walls — determined attackers will eventually overcome traditional defenses. The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions. In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks — no prior experience required. To help you avoid costly and inflexible solutions, he teaches you how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools.

Book contents:

  1. Network Security Monitoring Rationale

  2. Collecting Network Traffic: Access, Storage and Management

  3. Standalone NSM Deployment and Installation

  4. Distributed Deployment

  5. SO Platform Housekeeping

  6. Command Line Packet Analysis Tools

  7. Graphical Packet Analysis Tools

  8. NSM Consoles

  9. NSM Operations

  10. Server-Side Compromise

  11. Client-Side Compromise

  12. Extending SO

  13. Proxies and Checksums

  14. Conclusion