作者：Richard Bejtlich
出版日期：July 12, 2004
出版社：Addison Wesley
页数：832
ISBN：0-321-24677-2
文件格式：CHM


”The book you are about to read will arm you withthe knowledge you need to defend your network from attackers—both theobvious and the not so obvious….If you are new to network security,don't put this book back on the shelf! This is a great book forbeginners and I wish I had access to it many years ago. If you'velearned the basics of TCP/IP protocols and run an open source orcommercial IDS, you may be asking 'What's next?' If so, this book isfor you.”

—Ron Gula, founder and CTO, Tenable Network Security, from the Foreword

“Richard Bejtlich has a good perspective on Internetsecurity—one that is orderly and practical at the same time. He keepsreaders grounded and addresses the fundamentals in an accessible way.”

—Marcus Ranum, TruSecure

“This book is not about security or networkmonitoring: It's about both, and in reality these are two aspects ofthe same problem. You can easily find people who are security expertsor network monitors, but this book explains how to master both topics.”

—Luca Deri, ntop.org

“This book will enable security professionals of allskill sets to improve their understanding of what it takes to set up,maintain, and utilize a successful network intrusion detectionstrategy.”

Every network can be compromised. There are too manysystems, offering too many services, running too many flawedapplications. No amount of careful coding, patch management, or accesscontrol can keep out every attacker. If prevention eventually fails,how do you prepare for the intrusions that will eventually happen?

Network security monitoring (NSM) equips securitystaff to deal with the inevitable consequences of too few resources andtoo many responsibilities. NSM collects the data needed to generatebetter assessment, detection, and response processes—resulting indecreased impact from unauthorized activities.

In The Tao of Network Security Monitoring ,Richard Bejtlich explores the products, people, and processes thatimplement the NSM model. By focusing on case studies and theapplication of open source tools, he helps you gain hands-on knowledgeof how to better defend networks and how to mitigate damage fromsecurity incidents.

Inside, you will find in-depth information on the following areas.



The NSM operational framework and deployment considerations.
How to use a variety of open-source tools—includingSguil, Argus, and Ethereal—to mine network traffic for full content,session, statistical, and alert data.
Best practices for conducting emergency NSM in anincident response scenario, evaluating monitoring vendors, anddeploying an NSM architecture.
Developing and applying knowledge of weapons,tactics, telecommunications, system administration, scripting, andprogramming for NSM.
The best tools for generating arbitrary packets, exploiting flaws, manipulating traffic, and conducting reconnaissance.
Whether you are new to network intrusion detectionand incident response, or a computer-security veteran, this book willenable you to quickly develop and apply the skills needed to detect,prevent, and respond to new and emerging threats.