- Paperback: 496 pages
- Publisher: Syngress; 1 edition (December 19, 2013)
- Language: English
- ISBN-10: 0124172083
- ISBN-13: 978-0124172081
- Product Dimensions: 7.5 x 1.1 x 9.2 inches
- Shipping Weight: 2.3 pounds (View shipping rates and policies)
- Average Customer Review: 35 customer reviews
- Amazon Best Sellers Rank: #375,290 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Applied Network Security Monitoring: Collection, Detection, and Analysis 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
See the Best Books of 2018 So Far
Looking for something great to read? Browse our editors' picks for the best books of the year so far in fiction, nonfiction, mysteries, children's books, and much more.
"... an extremely informative dive into the realm of network security data collection and analysis...well organized and thought through...I have only positive comments from my study." -The Ethical Hacker Network, Oct 31, 2014
About the Author
Chris Sanders is an information security consultant, author, and researcher originally from Mayfield, Kentucky. That's thirty miles southwest of a little town called Possum Trot, forty miles southeast of a hole in the wall named Monkey's Eyebrow, and just north of a bend in the road that really is named Podunk.
Chris is a Senior Security Analyst with InGuardians. He has as extensive experience supporting multiple government and military agencies, as well as several Fortune 500 companies. In multiple roles with the US Department of Defense, Chris significantly helped to further to role of the Computer Network Defense Service Provider (CNDSP) model, and helped to create several NSM and intelligence tools currently being used to defend the interests of the nation.
Chris has authored several books and articles, including the international best seller "Practical Packet Analysis" form No Starch Press, currently in its second edition. Chris currently holds several industry certifications, including the SANS GSE and CISSP distinctions.
In 2008, Chris founded the Rural Technology Fund. The RTF is a 501(c)(3) non-profit organization designed to provide scholarship opportunities to students form rural areas pursuing careers in computer technology. The organization also promotes technology advocacy in rural areas through various support programs. The RTF has provided thousands of dollars in scholarships and support to rural students.
When Chris isn't buried knee-deep in packets, he enjoys watching University of Kentucky Wildcat basketball, being a BBQ Pitmaster, amateur drone building, and spending time at the beach. Chris currently resides in Charleston, South Carolina with his wife Ellen.
Chris blogs at appliednsm.com and chrissanders.org. He is on Twitter as @chrissanders88.
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
Applied NSM is a good book to read to learn about this topic. The author knows his stuff, and he's a pretty good teacher. Technical terms are defined before they're used, so you won't get lost. Everything is approached step-by-step, you won't run into the Draw An Owl Meme (google it) problem. Also the text is comprehensive, important topics are not left out.
Who the book is written for:
I'm a network administrator with over a decade of experience, I manage a decent sized network by myself, and wanted more knowledge about this area of network security. The book is more aimed at, "I have a beginners level knowledge of networks and I want to get hired somewhere where my job title is "Network Security Analyst". So the explanations are woven with the thread of a team in mind, but not in a way that detracts from your ability to learn if you're a lone wolf.
I wish I could give the book 4.5 stars. The only problem I ran into is that for my taste, which is borne out of decades of reading technical documentation, the author is a bit long winded. It's not terse enough. Explanations that could be offered in one short sentence are drawn out into a paragraph. I suppose this is good if you're a complete beginner, but it made the text a big of a slog for me, and I found myself skipping first paragraphs and then pages.
For example, suppose I wanted to communicate to you this brief and technical point: "The lsof command prints a list of open files, the -i argument lists network connections." The author would render that into this:
"Various commands are able to display the current status of the computer. From time to time, users may want the ability to view which files on the computer are open and which files are not. Fortunately, the computer provides a tool that is able to do this. If you want to view open files on the computer, for example, you can use the lsof command, which is typed into your terminal. The lsof command provides various options as well in order to change its output. For example, -i is one of the available options. -i allows lsof to view the activity of the network interface in the form of active and listening connections."
Overall, though, if you're a beginner and you want knowledge on this topic, this book will give it to you.
I’m a long time NSM practitioner and I work with Smith & Bianco.
Chris was gracious enough to provide me with a PDF copy of the book for review.
- - - -
Applied NSM is a powerhouse of practitioner knowledge. Divided into three primary sections (Collection, Detection, & Analysis) ANSM focuses on the key staples necessary for establishing a successful NSM program and how to get up and running.
The book weighs in at an impressive 465 pages (including appendixes). However, depending on the readers familiarity with NSM and exposure to other related works on the subject, there could be some overlap.
The areas I found most valuable that contributed new concepts to my “NSM library" included:
Chapter 2’s discussion on the Applied Collection Framework
Chapter 4’s coverage of SiLK for analysis of flow data
Chapter 6’s coverage of LogStash and Kibana
Chapter 10’s coverage on Bro
Chapter 11’s coverage on Anomaly based detection via SiLK tools
Appendix 3 makes for a handy desk side reference if you work with raw packet captures on a daily basis.
For these sections alone, ANSM makes it well worth the purchase and addition to your collection. Speaking of which, all of the proceeds from this book go to several charities, and after having initially reviewed it for free, I still decided to purchase a copy on Kindle to have as a desk side reference and support such great causes.
Great job guys!
Overall, the book is very well written and carefully articulated; it almost leaves you without having to question or second guess the information provided. It just makes sense!
P.S. I really loved the chapter on Bro IDS.