Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
Editor's Blog and Industry Comments

Incident Detection on Enterprise Networks

09 July, 2009
Security Monitoring from O'Reilly is a reference book for enterprise network engineers by Chris Fry and Martin Nystrom
Security Monitoring was written by two members of Cisco Systems' Computer Security Incident Response Team and brings their experience and in-depth knowledge of network systems to the bookshelves of other network engineers.

It isn't a text book, it isn't a light book to read at the airport and it isn't for those seeking an overview of network security. The book was never meant to be any of those things, it was written by techies to help other techies and in this respect, it fulfills its promise.

The book starts by explaining why monitoring is needed and how to turn around from a reactive fixing and patching pattern of work to one of prevention by 'illuminating the dark corners' of the network to see what horrors are lurking there.

The authors then go on to describe the framework needed to build the right environment - what are you monitoring for and what is the policy framework against which you're going to monitor. This section goes into such areas as blacklisting and regulatory compliance.

Once your framework is established, the next step is to understand the actual network on which it will operate, how its set up and what its boundaries are. This important stage is one which is often not as thoroughly understood as it could be and gaps in knowledge can easily result in intrusions.

Beyond this, the book then goes into the detail of selecting targets and events, tuning the system and maintaining it during network changes and shifts in threat environment. The book is amply illustrated throughout with network schematics and code samples providing the detail needed by network engineers to compare reference material to their own environment.

Despite the book's logical structure taking the engineer through each step in a series of narrative sections, 'Security Monitoring' also serves as an adequate source of reference to dip into when necessary, it doesn't have to be read from cover to cover. A good contents listing at the front is granular enough to find the section you're interested in and good indexing ensures that if you want to search specifically for NIDS Alerts as an event source, you can find it on page 198.

'Security Monitoring' by Chris Fry and Martin Nystrom is published by O'Reilly (ISBN 978-0-596-51816-5) and is available for $44.99 in the USA and Canada, £34.50 in the UK and 36 Euros in Europe.


Bookmark and Share