- Paperback: 376 pages
- Publisher: No Starch Press; 1 edition (July 15, 2013)
- Language: English
- ISBN-10: 1593275099
- ISBN-13: 978-1593275099
- Product Dimensions: 7.1 x 1 x 9.2 inches
- Shipping Weight: 1.8 pounds (View shipping rates and policies)
- Average Customer Review: 47 customer reviews
- Amazon Best Sellers Rank: #102,311 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
The Practice of Network Security Monitoring: Understanding Incident Detection and Response 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
Frequently bought together
Customers who bought this item also bought
About the Author
Richard Bejtlich is Chief Security Strategist at FireEye, and was formerly Chief Security Officer at Mandiant. He also served as Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). He is a graduate of Harvard University and the United States Air Force Academy. His previous works include The Tao of Network Security Monitoring, Extrusion Detection, and Real Digital Forensics (all from Addison-Wesley). He blogs (http://taosecurity.blogspot.com/) and writes on Twitter as @taosecurity.
Try the Kindle edition and experience these great reading features:
Read reviews that mention
Showing 1-8 of 47 reviews
There was a problem filtering reviews right now. Please try again later.
Some of the tools demonstrated have a user interface, but most of the operating system defense requires command line operation so be prepared to do some heavy screen reading. Also, a large amount of filtering of log files may be required to see a pattern in the attacks. Be serious about this or be prepared to be a victim. The current state of network protection doesn't have a middle ground.
For those who want to apply this work at home, allow me to make a few suggestions about corollary purchases you may need to make. I recommend dedicating a desktop or tower computer to the task of server. It doesn't need an especially powerful CPU, but it should have a lot of RAM, at least 8 GB. Purchase your RAM with a view to exanding; using 8GB as an example, don't buy 4 2GB sticks, but rather 2 4GB sticks. Later you could by 2 x 4GB or 2 x 8GB sticks to upgrade memory. You will also need at least 1 extra NIC (Network Interface Card), which will be in permanent 'listen only' (aka "promiscuous") mode. You will be using the free Security Onion solution, running on the free Ubuntu 12.04 Linux, so you can skip buying a license for Windows if you purchase everything from scratch. Finally you will need at least one network device that can duplicate traffic. The book will explain the difference between spanning (or 'mirroring') and tapping, but unless you are a sufficiently knowledgeable about networking, you will probably do well to buy a Dualcomm DCSW-1005 USB Powered 5-Port 10/100 Fast Ethernet Switch TAP (Port Mirroring) - it is drop dead simple to install and use.
You really can do this - enjoy!