An interactive book-and-DVD package designed to help readers master the tools and techniques of forensic analysis offers a hands-on approach to identifying and solving problems related to computer security issues; introduces the tools, methods, techniques, and applications of computer forensic investigation; and allows readers to test skills by working with real data with the help of five scenarios. Original. (Intermediate)
Network security is not simply about building impenetrable walls—determined attackers will eventually overcome traditional defenses. The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions. In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks—no prior experience required. To help you avoid costly and inflexible solutions, he teaches you how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools. You'll learn how to: –Determine where to deploy NSM platforms, and size them for the monitored networks –Deploy stand-alone or distributed NSM installations –Use command line and graphical packet analysis tools, and NSM consoles –Interpret network evidence from server-side and client-side intrusions –Integrate threat intelligence into NSM software to identify sophisticated adversaries There’s no foolproof way to keep attackers out of your network. But when they get in, you’ll be prepared. The Practice of Network Security Monitoring will show you how to build a security net to detect, contain, and control them. Attacks are inevitable, but losing sensitive data shouldn't be.
This book equips you with essential knowledge to defend your network against both obvious and subtle attackers. It is particularly beneficial for beginners in network security, offering insights that would have been invaluable years ago. If you have a grasp of TCP/IP protocols and have experience with IDS, you may be wondering what to do next—this book is your guide. Richard Bejtlich presents a practical perspective on Internet security, addressing both security and networking as interconnected issues. It provides a comprehensive understanding of how to master both fields, making it suitable for security professionals at any skill level. The reality is that every network is vulnerable due to numerous systems and flawed applications. While prevention is crucial, it's equally important to prepare for inevitable intrusions. Network security monitoring (NSM) is a vital strategy that helps security staff manage the challenges posed by limited resources and extensive responsibilities. NSM facilitates data collection for improved assessment, detection, and response, ultimately reducing the impact of unauthorized activities. Bejtlich explores the products, people, and processes involved in NSM, using case studies and open-source tools to impart practical knowledge on defending networks and mitigating security incidents. This book is designed to help you develop and apply the skills necessary to detect, prevent, and respond to emergi