Welcome to Firewall.cx - The Site For Networking Professionals

 
Modules
· Home
· Alternative Menu
· Amazon
· Cisco Decrypter
· Cisco Lab Partners
· Feedback
· Forums
· Max Arcade
· Private Messages
· Recommend Us
· Statistics
· Stories Archive
· Submit News
· Surveys
· Topics
· Web Links
· Your Account
 
Cisco Knowledgebase Articles
 
Site Info
Welcome, Anonymous
Nickname
Password
Security Code: Security Code
Type Security Code:

· Register
· Lost Password
Membership:
Latest: Check the profile of Una Una
New Today: 2
New Yesterday: 7
Waiting: 4
Overall: 25783
People Online:
Visitors: 135
Members: 1
Hidden: 0
Total: 136
Online Now:
01: Check the profile of Digidoo Send a quick private message to Digidoo Digidoo
We received
75255753
page views since
15th September 2003
Hits New Today: 20351
Hits New Yesterday: 72786
 
Top Downloads
 
Gold Lab Partners


 
Firewall.cx Book Reviews -The TAO Of Network Security Monitoring

The TAO Of Network Security Monitoring

Name: The TAO Of Network Security Monitoring
Price: Approx $33.99 US.
Publisher: Addison-Wesley Pub Co.
More Info/Purchase: Click Here
Rating: 9/10

 

Every once in a while you come across a book that really opens your eyes. One that talks in-depth about something completely different.

Unfortunately, most technical IT books are rehashes of a bunch of papers and tutorials off the net, and you often wonder whether the time you spent reading the book would have been better spent on google.

The Tao of Network Security Monitoring is not one of these books. It is with great pleasure that I am reviewing what I consider one of the most informative and well written books I have ever come across.

Network Security Monitoring (NSM) is half a science, and half a black art. It requires an in-depth knowledge of packets, protocols, applications, vulnerabilities and black hat tactics. This book focuses on the philosophy behind NSM, the skills required, the tools you need, and the way to set up an effective NSM operation.

The author, Richard Bejtlich, is a former Air Force intelligence officer, and the approach he dictates is almost military in nature. This book covers an introduction to security, what NSM is, how to deploy it, the best tools for the job and the types of things you will see.

I was most impressed by the analysis of normal versus suspicious versus malicious traffic. Since deep packet inspection is one of my hobbies, I am no stranger to reading data off the wire, but I was amazed by the amount of information this man was able to glean by looking at a simple DNS packet !

He explains the differences between full content data (logging everything to the application layer), session data (looking at just the different conversations between hosts), and statistical data. Everything in this book is practical, you can even go to the website and download the same packet traces he uses for explanation and run through them yourself.

This book taught me about a host of new tools, from Argus, to the incredible SGUIL. It taught me a lot of tricks about designing a top notch NSM collection and analysis setup, and more than anything, it introduced me to a completely new mind-set.

In short, this is at present the most enlightening book on my IT bookshelf. I strongly recommend it to anyone who is involved with networks or security. It will be of special interest to the sort of people who get a rush ripping up packets and understanding what happens below the surface. It also goes really well with firewall.cx, since most of the protocols talked about are explained here in detail.

If there is one disappointment, it's the absence of an included CD-ROM containing tools, or perhaps a live FreeBSD CD (Freebie) like the one he introduces in the book.

This one gets a scorching 9 / 10. Get it now, and open your mind !