Rating:
(10 reviews)
Author: Chris Fry
ISBN : 0596518161
New from $24.17
Format: PDF
Free download Free Security Monitoring: Proven Methods for Incident Detection on Enterprise Networks from 4shared, mediafire, hotfile, and mirror link
How well does your enterprise stand up against today's sophisticated security threats? In this book, security experts from Cisco Systems demonstrate how to detect damaging security incidents on your global network--first by teaching you which assets you need to monitor closely, and then by helping you develop targeted strategies and pragmatic techniques to protect them.
Security Monitoring is based on the authors' years of experience conducting incident response to keep Cisco's global network secure. It offers six steps to improve network monitoring. These steps will help you:
- Develop Policies: define rules, regulations, and monitoring criteria
- Know Your Network: build knowledge of your infrastructure with network telemetry
- Select Your Targets: define the subset of infrastructure to be monitored
- Choose Event Sources: identify event types needed to discover policy violations
- Feed and Tune: collect data, generate alerts, and tune systems using contextual information
- Maintain Dependable Event Sources: prevent critical gaps in collecting and monitoring events
Security Monitoring illustrates these steps with detailed examples that will help you learn to select and deploy the best techniques for monitoring your own enterprise network.
Direct download links available for Free Security Monitoring: Proven Methods for Incident Detection on Enterprise Networks
- Paperback: 256 pages
- Publisher: O'Reilly Media; 1 edition (February 23, 2009)
- Language: English
- ISBN-10: 0596518161
- ISBN-13: 978-0596518165
- Product Dimensions: 0.6 x 7 x 9 inches
- Shipping Weight: 12 ounces (View shipping rates and policies)
Free Security Monitoring: Proven Methods for Incident Detection on Enterprise Networks
This book is not an introduction to network, server, or database administration. Neither is it an introduction to security tools or techniques. You need to have a foundational understanding of these areas and seek to build on them through specialization of your base skills. If you need a more introductory book I highly recommend The Tao of Network Security Monitoring: Beyond Intrusion Detection. This book attempts to take you deeper into your network, guiding you to identify the more sensitive, important parts of the network for focused monitoring. The first chapter is just an overview chapter and introduces the fictitious company used throughout the book, Blanco Wireless. Like most tech books, the good stuff starts in chapter two.
The second chapter discusses the wide variety of approaches for selecting the policies to monitor. It then discusses the the environment in which these policies are to be applied. Chapter three explores two primary methods of learning about a network: network taxonomy and network telemetry. Chapter four provides a third and final foundation, guiding you to select broad targets on which to focus your monitoring. Deep, proactive security monitoring is overwhelming and unproductive if it isn't targeted to specific systems. By selecting monitoring targets, you can narrow your focus to the most critical systems, making the most of your security monitoring equipment and staff.
Once you've worked through the steps of defining security policies, you know your network, and you've selected your targets, you can build on that foundation by choosing your event sources.
There are many good books that discuss the basics of systems administration. This is not one of those books. This book is much deeper and more specific and fills a niche that I think needed to be filled.
If you are in charge of a group of servers, especially as your company's setup becomes larger and more complex, knowing how to check for problems and intruders is vital. It is also something that can be difficult to learn because of the dearth of materials readily available. This book seeks to remedy that problem.
The authors are experienced security analysts and speakers who refined their materials over many years of giving security related presentations at conferences. They know what they are talking about, and their manner of presenting the material is clear and logical. The book's subtitle is "Proven Methods for Incident Detection on Enterprise Networks." It fits.
When I first noticed the deep ties each of the authors have with Cisco, I was concerned that the book might focus solely on their products, but they discuss software and methods from many vendors, including free and open source options. I found their discussions honest, open, and balanced.
The book begins by answering what security monitoring is, why it would be useful and desirable, and discusses several of the challenges involved in doing it well. We then move to the implementation of policies for monitoring, including a good description of the many types of monitoring that can be done, their strengths and weaknesses.
Next, we are led to know our network. This is foundational, but something that many systems administrators and IT workers don't do, either because of time constraints or they just don't think about it.
-
Download Link 2