作者：Chris Fry, Martin Nystrom
出版日期：February 24, 2009
出版社：O'Reilly
页数：246
ISBN：ISBN-10: 0596518161 ISBN-13: 978-0596518165
文件格式：CHM

Product Description
How well does your enterprise stand up against today’s sophisticatedsecurity threats? In this book, security experts from Cisco Systemsdemonstrate how to detect damaging security incidents on your globalnetwork–first by teaching you which assets you need to monitor closely,and then by helping you develop targeted strategies and pragmatictechniques to protect them.Security Monitoring is based on the authors’ years ofexperience conducting incident response to keep Cisco’s global networksecure. It offers six steps to improve network monitoring. These stepswill help you:
Develop Policies: define rules, regulations, and monitoring criteriaKnow Your Network: build knowledge of your infrastructure with network telemetrySelect Your Targets: define the subset of infrastructure to be monitoredChoose Event Sources: identify event types needed to discover policy violationsFeed and Tune: collect data, generate alerts, and tune systems using contextual informationMaintain Dependable Event Sources: prevent critical gaps in collecting and monitoring eventsSecurity Monitoring illustrates these steps with detailedexamples that will help you learn to select and deploy the besttechniques for monitoring your own enterprise network.
About the Author
Chris Fry has been a member of the Computer Security Incident ResponseTeam (CSIRT) at Cisco Systems, Inc for 5 years, focusing on deploymentof intrusion detection, network monitoring tools, and incidentinvestigation. He began his career at Cisco in 1997 as an IT analyst,supporting Cisco’s production services. His four years as a NetworkEngineer in Cisco IT’s internal network support organization give himvaluable knowledge about and unique insight into monitoring productionenterprise networks. Chris holds a BA in Corporate Financial Analysisand an MS in Information and Communication Sciences from Ball StateUniversity.
Martin Nystrom is a Member of Technical Staff (MTS) for the ComputerSecurity Incident Response Team (CSIRT) at Cisco Systems. He leads theglobal security monitoring team and provides guidance for incidentresponse and security initiatives. Prior to joining Cisco’s CSIRT, hewas responsible for designing and consulting on secure architecturesfor IT projects. Martin worked as an IT architect and a Java programmerfor 12 years prior, where he built his experience in the pharmaceuticaland computer industries. He received a bachelor’s degree from IowaState University in 1990, a master’s degree from NC State University in2003, and his CISSP certification in 2004. He is the author ofO’Reilly’s “SQL Injection Defenses”, and the forthcoming, “SecurityMonitoring”. He is a frequent conference speaker, and was honored onthe Java One Rock Star Wall of Fame. He enjoys speaking at FIRST andCisco Networkers conferences, and providing security guidance tocustomers via Cisco’s Executive Briefing program. Most of Martin’spapers and presos can be found at xianshield.org