did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780596518165

Security Monitoring

by ;
  • ISBN13:

    9780596518165

  • ISBN10:

    0596518161

  • Edition: 1st
  • Format: Paperback
  • Copyright: 2009-02-27
  • Publisher: Oreilly & Associates Inc

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $44.99 Save up to $16.65
  • Rent Book $28.34
    Add to Cart Free Shipping Icon Free Shipping

    TERM
    PRICE
    DUE
    USUALLY SHIPS IN 3-5 BUSINESS DAYS
    *This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

Supplemental Materials

What is included with this book?

Summary

This book shows you how to effectively deploy network security monitoring to defend your company against the most urgent threats you face. Most attacks from the Internet are not actionable. They're automated, noisy distractions from the real problems your enterprise is facing. The threat has driven deeper into your enterprise; infected hosts are remote-controlled and attacking your naked infrastructure. Hackers are working inside, and can operate without fear, stealing your most valuable intellectual property. Security monitoring isn't just setting up intrusion detection systems and firewalls. This book shows you how to get out of that trap by defining policies that specify what users can and can't do, and communicating those policies to management and employees. It continues with using those policies to determine 'what' to monitor, so you don't spend all your time chasing false alarms. It's long been known that the most important threats to any network are internal. "Practical Information Security Monitoring" teaches you how to put in place policies, monitoring systems, and practices that allow you to respond to these threats.

Author Biography

Chris Fry has been a member of the Computer Security Incident Response Team (CSIRT) at Cisco Systems, Inc for 5 years, focusing on deployment of intrusion detection, network monitoring tools, and incident investigation. He began his career at Cisco in 1997 as an IT analyst, supporting Cisco's production services. His four years as a Network Engineer in Cisco IT's internal network support organization give him valuable knowledge about and unique insight into monitoring production enterprise networks. Chris holds a BA in Corporate Financial Analysis and an MS in Information and Communication Sciences from Ball State University.

Martin Nystrom is a senior security analyst with Cisco's Computer Security Incident Response Team (CSIRT), where he leads initiatives to improve monitoring and response in information security. Prior to joining Cisco's CSIRT, Martin was responsible for designing secure architectures for IT projects. Martin worked as an IT architect and a Java programmer for 12 years prior to becoming a security architect, with experience in the pharmaceutical and computer industries. Martin received a bachelor's degree from Iowa State University in 1990, a master's degree from NC State University in 2003, and his CISSP certification in 2004.

Table of Contents

Prefacep. xi
Getting Startedp. 1
A Rapidly Changing Threat Landscapep. 3
Failure of Antivirus Softwarep. 4
Why Monitor?p. 5
The Miscreant Economy and Organized Crimep. 6
Insider Threatsp. 6
Challenges to Monitoringp. 7
Vendor Promisesp. 7
Operational Realitiesp. 7
Volumep. 8
Privacy Concernsp. 8
Outsourcing Your Security Monitoringp. 8
Monitoring to Minimize Riskp. 9
Policy-Based Monitoringp. 9
Why Should This Work for You?p. 9
Open Source Versus Commercial Productsp. 9
Introducing Blanco Wirelessp. 10
Implement Policies for Monitoringp. 11
Blacklist Monitoringp. 12
Anomaly Monitoringp. 16
Policy Monitoringp. 16
Monitoring Against Defined Policiesp. 17
Management Enforcementp. 18
Types of Policiesp. 18
Regulatory Compliance Policiesp. 19
Employee Policiesp. 24
Policies for Blanco Wirelessp. 28
Policiesp. 29
Implementing Monitoring Based on Policiesp. 30
Conclusionp. 31
Know Your Networkp. 33
Network Taxonomyp. 33
Network Type Classificationp. 34
IP Address Management Datap. 37
Network Telemetryp. 40
NetFlowp. 40
SNMPp. 55
Routing and Network Topologiesp. 56
The Blanco Wireless Networkp. 57
IP Address Assignmentp. 57
NetFlow Collectionp. 57
Routing Informationp. 58
Conclusionp. 58
Select Targets for Monitoringp. 61
Methods for Selecting Targetsp. 62
Business Impact Analysisp. 63
Revenue Impact Analysisp. 64
Expense Impact Analysisp. 64
Legal Requirementsp. 65
Sensitivity Profilep. 67
Risk Profilep. 69
Visibility Profilep. 74
Practical Considerations for Selecting Targetsp. 75
Recommended Monitoring Targetsp. 77
Choosing Components Within Monitoring Targetsp. 78
Example: ERP Systemp. 78
Gathering Component Details for Event Feedsp. 79
Blanco Wireless: Selecting Targets for Monitoringp. 81
Components to Monitorp. 82
Conclusionp. 83
Choose Event Sourcesp. 85
Event Source Purposep. 85
Event Collection Methodsp. 87
Event Collection Impactp. 89
Choosing Event Sources for Blanco Wirelessp. 99
Conclusionp. 100
Feed and Tunep. 101
Network Intrusion Detection Systemsp. 101
Packet Analysis and Alertingp. 102
Network Intrusion Prevention Systemsp. 102
Intrusion Detection or Intrusion Prevention?p. 103
NIDS Deployment Frameworkp. 108
Analyzep. 108
Designp. 110
Deployp. 114
Tune and Managep. 116
System Loggingp. 121
Key Syslog Eventsp. 124
Syslog Templatesp. 126
Key Windows Log Eventsp. 127
Application Loggingp. 132
Database Loggingp. 133
Collecting Syslogp. 136
NetFlowp. 139
OSU flow-tools NetFlow Capture Filteringp. 141
OSU flow-tools flow-fanoutp. 142
Blanco's Security Alert Sourcesp. 143
NIDSp. 143
Syslogp. 145
Apache Logsp. 145
Database Logsp. 146
Antivirus and HIDS Logsp. 146
Network Device Logsp. 146
NetFlowp. 146
Conclusionp. 146
Maintain Dependable Event Sourcesp. 147
Maintain Device Configurationsp. 149
Create Service Level Agreementsp. 149
Back It Up with Policyp. 150
SLA Sectionsp. 151
Automated Configuration Managementp. 152
Monitor the Monitorsp. 153
Monitor System Healthp. 154
Monitor the NIDSp. 155
Monitor Network Flow Collectionp. 157
Monitor Event Log Collectorsp. 161
Monitor Databasesp. 164
Monitor Oraclep. 164
Monitor MySQL Serversp. 166
Automated System Monitoringp. 167
Traditional Network Monitoring and Management Systemsp. 167
How to Monitor the Monitorsp. 169
Monitoring with Nagiosp. 170
System Monitoring for Blanco Wirelessp. 172
Monitor NetFlow Collectionp. 172
Monitor Collector Healthp. 172
Monitor Collection Processesp. 174
Monitor Flows from Gateway Routersp. 174
Monitor Event Log Collectionp. 175
Monitor NIDSp. 176
Monitor Oracle Loggingp. 179
Monitor Antivirus/HIDS Loggingp. 179
Conclusionp. 179
Conclusion: Keeping it Realp. 181
What Can Go Wrongp. 182
Create Policyp. 182
Know Your Networkp. 184
Choose Targets for Security Monitoringp. 185
Choose Event Sourcesp. 186
Feed and Tunep. 186
Maintain Dependable Event Sourcesp. 188
Case Studiesp. 189
KPN-CERTp. 189
Northrop Grummanp. 192
Real Stories of the CSIRTp. 194
Stolen Intellectual Propertyp. 194
Targeted Attack Against Employeesp. 195
Bare Minimum Requirementsp. 196
Policyp. 196
Know the Networkp. 197
Select Targets for Effective Monitoringp. 198
Choose Event Sourcesp. 198
Feed and Tunep. 199
Maintain Dependable Event Sourcesp. 200
Conclusionp. 201
Detailed OSU flow-tools Collector Setupp. 203
SLA Templatep. 207
Calculating Availabilityp. 211
Indexp. 215
Table of Contents provided by Ingram. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program