The Practice of Network Security Monitoring: Understanding Incident Detection and Response 1st Edition

by Richard Bejtlich (Author)

123 ratings

ISBN-13: 978-1593275099

ISBN-10: 1593275099

Why is ISBN important?

Share <Embed>

Other Sellers

from

Other Sellers

See all 2 versions

Used: Very Good | Details

Sold by La liberté

Fulfilled by Amazon

Access codes and supplements are not guaranteed with used items.

FREE delivery: Saturday, Nov 27 Details

Fastest delivery: Friday, Nov 19
Order within 9 hrs and 38 mins Details

In stock.
Usually ships within 4 to 5 days.

Ships from and sold by allnewbooks.

List Price: $49.95 Details

Save: $13.87 (28%)

$3.99 delivery: Nov 30 - Dec 7

Network security is not simply about building impenetrable walls—determined attackers will eventually overcome traditional defenses. The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions.

In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks—no prior experience required. To help you avoid costly and inflexible solutions, he teaches you how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools.

You'll learn how to:
–Determine where to deploy NSM platforms, and size them for the monitored networks
–Deploy stand-alone or distributed NSM installations
–Use command line and graphical packet analysis tools, and NSM consoles
–Interpret network evidence from server-side and client-side intrusions
–Integrate threat intelligence into NSM software to identify sophisticated adversaries

There’s no foolproof way to keep attackers out of your network. But when they get in, you’ll be prepared. The Practice of Network Security Monitoring will show you how to build a security net to detect, contain, and control them. Attacks are inevitable, but losing sensitive data shouldn't be.

Customers who viewed this item also viewed

Page 1 of 1 Start overPage 1 of 1

Chris Sanders
187
Paperback
38 offers from $20.33
Charles M. Kozierok
195
Hardcover
44 offers from $46.01
Chris Sanders
69
Paperback
29 offers from $22.01
Richard Bejtlich
63
Paperback
22 offers from $6.89
Alan J White
1,250
Paperback
30 offers from $4.97
OccupyTheWeb
996
Paperback
64 offers from $13.56

Special offers and product promotions

Create your FREE Amazon Business account to save up to 10% with Business-only prices and free shipping.

Editorial Reviews

About the Author

Richard Bejtlich is Chief Security Strategist at FireEye, and was formerly Chief Security Officer at Mandiant. He also served as Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). He is a graduate of Harvard University and the United States Air Force Academy. His previous works include The Tao of Network Security Monitoring, Extrusion Detection, and Real Digital Forensics (all from Addison-Wesley). He blogs (http://taosecurity.blogspot.com/) and writes on Twitter as @taosecurity.

Product details

Publisher ‏ : ‎ No Starch Press; 1st edition (July 15, 2013)
Language ‏ : ‎ English
Paperback ‏ : ‎ 376 pages
ISBN-10 ‏ : ‎ 1593275099
ISBN-13 ‏ : ‎ 978-1593275099
Item Weight ‏ : ‎ 1.8 pounds
Dimensions ‏ : ‎ 7 x 0.92 x 9.25 inches

Best Sellers Rank: #455,894 in Books (See Top 100 in Books)
- #42 in Network Disaster & Recovery Administration
- #142 in Computer Networks
- #348 in Computer Networking (Books)

Customer Reviews:
123 ratings

Start reading The Practice of Network Security Monitoring on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

About the author

Follow authors to get new release updates, plus improved recommendations.

Richard Bejtlich

Brief content visible, double tap to read full content.

Full content visible, double tap to read brief content.

Mr. Bejtlich has been an author for two decades. Please see www.linkedin.com/in/richardbejtlich/ for details on Mr. Bejtlich's biography. As an Amazon Associate I earn from qualifying purchases.

Customer reviews

5 star		77%
4 star		15%
3 star		7%
2 star 0% (0%)		0%
1 star		1%

How are ratings calculated?

Top reviews from the United States

There was a problem filtering reviews right now. Please try again later.

W S

Great book

Reviewed in the United States on May 6, 2021

Verified Purchase

This book takes what can be a dry topic to some and adds punch and power to explanation and gives you a basis to understand what to look for. Good as a starting point to not be lazy and start understanding threat hunting.

One person found this helpful

Helpful

Robert

Learn, then implement, for little to no cost.

Reviewed in the United States on October 15, 2015

Verified Purchase

I'm new to network security monitoring, and this is an excellent guide. I love that they share an open source option, with just about a step by step guide to implement, after a decent breakdown of the process and technology of packets.

7 people found this helpful

Helpful

Robin T. Wernick

Nitty Gritty of Network Security Management

Reviewed in the United States on March 20, 2014

Verified Purchase

The "Cybersecurity and Cyberwar" book told you what was going on and how to protect yourself in general. This book gives you the ninja skills to actually seal your network borders and measure the level of the threat. Various methods and opensource tools are used to build a high level of protection for the reader's system.

Some of the tools demonstrated have a user interface, but most of the operating system defense requires command line operation so be prepared to do some heavy screen reading. Also, a large amount of filtering of log files may be required to see a pattern in the attacks. Be serious about this or be prepared to be a victim. The current state of network protection doesn't have a middle ground.

8 people found this helpful

Helpful

Bigskipper

The unofficial Security Onion Manual

Reviewed in the United States on January 6, 2014

Verified Purchase

This book has a lot of great content regarding Network Security Monitoring in general, but is especially helpful if you are rolling out Security Onion. There are a lot of videos and online tutorials out there but I like to be able to put my hands on it and have it all in one place. It's not necessarily for beginners, but readers in all stages of professional development will benefit from the content. It is well written and presented in a way that flows nicely. Lots of helpful tips and insight.

6 people found this helpful

Helpful

Francis McNally

Don't be blindsided by the IoT - read and put this book into practice!

Reviewed in the United States on September 3, 2015

Verified Purchase

As we enter the murky age of Internet of Things (or "Internet of Insecure Things", "Internet of Evil Things", "Botnet of Things", take your pick) monitoring your home network has to become a common skill. Although by no means confined to application in home environments, The Practice of Network Security Monitoring does allow a modestly technically adept user to do just that. This book walks you through understanding the concepts, installing the needed software, configuring network monitoring components, and using some of the many free solutions for detecting unwanted or malicious traffic.

For those who want to apply this work at home, allow me to make a few suggestions about corollary purchases you may need to make. I recommend dedicating a desktop or tower computer to the task of server. It doesn't need an especially powerful CPU, but it should have a lot of RAM, at least 8 GB. Purchase your RAM with a view to exanding; using 8GB as an example, don't buy 4 2GB sticks, but rather 2 4GB sticks. Later you could by 2 x 4GB or 2 x 8GB sticks to upgrade memory. You will also need at least 1 extra NIC (Network Interface Card), which will be in permanent 'listen only' (aka "promiscuous") mode. You will be using the free Security Onion solution, running on the free Ubuntu 12.04 Linux, so you can skip buying a license for Windows if you purchase everything from scratch. Finally you will need at least one network device that can duplicate traffic. The book will explain the difference between spanning (or 'mirroring') and tapping, but unless you are a sufficiently knowledgeable about networking, you will probably do well to buy a Dualcomm DCSW-1005 USB Powered 5-Port 10/100 Fast Ethernet Switch TAP (Port Mirroring) - it is drop dead simple to install and use.
You really can do this - enjoy!

10 people found this helpful

Helpful

Sam Dizzy

Great purchase

Reviewed in the United States on February 28, 2015

Verified Purchase

Book in perfect condition, of course it was the contents that I got it for and that is excellent. Overall very pleased with the book and contents if I may be redundundant.

One person found this helpful

Helpful

the 1

so far, so good.

Reviewed in the United States on May 10, 2014

Verified Purchase

An easy to understand book. Not too heavy w/facts, but it's a great way to get some experience with Wireshark.

One person found this helpful

Helpful

Furkan CALISKAN

So good

Reviewed in the United States on November 9, 2015

Verified Purchase

Actually I've read it from a pirated-PDF but the book was so well and couldn't resist to buy it originally and put it into my book shelf. Thanks Richard (and of course Doug)

Best technical book I've ever read.

8 people found this helpful

Helpful

Top reviews from other countries

Rene Thorup

Not like the good old NSM "bibles"

Reviewed in the United Kingdom on June 16, 2014

Verified Purchase

I have read, and own, all Richards books. They have defined the art of Network Forensic and I have used them a lot in my MSc project. However, this book was a bit disappointing as it is basically just a "manual" to the security onion distro.

For that purpose it is excellent and still surprised me with cool hints, I now use everyday! But if you look for a book on NSM go for his older books like "The TAO of NSM" and "Extrusion Detection".

2 people found this helpful

Mr Adrian C Hallett

but content is good so far

Reviewed in the United Kingdom on February 3, 2016

Verified Purchase

Still reading, but content is good so far. I know most of this stuff is on the net and more up to date perhaps, but this brings it together, and serves my need right now.

Matt

It's a bit basic for anyone that has a knowledge ...

Reviewed in the United Kingdom on July 17, 2014

Verified Purchase

It's a bit basic for anyone that has a knowledge of InfoSec or IPS/IDS. Not much in the way of troubleshooting for Security Onion. The steps were followed but it didn't work exactly as described and was left scratching around to find out why.

2 people found this helpful

Stephen

Four Stars

Reviewed in the United Kingdom on September 25, 2014

Verified Purchase

Mostly good on the kindle not such a good read.

Amazon Customer

Five Stars

Reviewed in the United Kingdom on June 3, 2016

Verified Purchase

Great. Thanks :-)

See all reviews

The Practice of Network Security Monitoring: Understanding Incident Detection and Response 1st Edition

Frequently bought together

Customers who viewed this item also viewed

Customers also search

Special offers and product promotions