The Practice of Network Security Monitoring: Understanding Incident Detection and Response 1st Edition

As we enter the murky age of Internet of Things (or "Internet of Insecure Things", "Internet of Evil Things", "Botnet of Things", take your pick) monitoring your home network has to become a common skill. Although by no means confined to application in home environments, The Practice of Network Security Monitoring does allow a modestly technically adept user to do just that. This book walks you through understanding the concepts, installing the needed software, configuring network monitoring components, and using some of the many free solutions for detecting unwanted or malicious traffic.For those who want to apply this work at home, allow me to make a few suggestions about corollary purchases you may need to make. I recommend dedicating a desktop or tower computer to the task of server. It doesn't need an especially powerful CPU, but it should have a lot of RAM, at least 8 GB. Purchase your RAM with a view to exanding; using 8GB as an example, don't buy 4 2GB sticks, but rather 2 4GB sticks. Later you could by 2 x 4GB or 2 x 8GB sticks to upgrade memory. You will also need at least 1 extra NIC (Network Interface Card), which will be in permanent 'listen only' (aka "promiscuous") mode. You will be using the free Security Onion solution, running on the free Ubuntu 12.04 Linux, so you can skip buying a license for Windows if you purchase everything from scratch. Finally you will need at least one network device that can duplicate traffic. The book will explain the difference between spanning (or 'mirroring') and tapping, but unless you are a sufficiently knowledgeable about networking, you will probably do well to buy a Dualcomm DCSW-1005 USB Powered 5-Port 10/100 Fast Ethernet Switch TAP (Port Mirroring) - it is drop dead simple to install and use.You really can do this - enjoy!

I thought the Practice of Network Security Monitoring was a great book. I see companies spend millions of dollars on their NSM solution all while there is an open source solution. Spend some money on hardware and network taps and your ready to go! I really like how Bejtlich went into sensor placement and NAT issues. There is nothing worse then doing investigations with with multiple layers or NAT. I would have like to seen a little bit more on how to handle event load that a IDS will produce in a network and maybe some best practices on what signatures to enable.I really enjoyed chapter 12 extending SO, being able to track Binaries and do MD5's and compare them against tools like virus total and other external tools helps stay ahead of the bad guys. It would have been also neat to show how to extract URLs out of SMTP emails and run them against third party analysis. I believe email attachments are not as easy as getting a user to click on URL. I also would of liked to see a little bit more advanced solution that automatically queries virus total via API then the results are sent back into the monitoring solution via syslog, so the analyst never has to leave the console.Overall a great book!

Great into to Network Security Monitoring... goes a bit into detail about how to use open source to do it, which can be done with google search, but a great way to get a quick hands on knowledge in the field.

The "Cybersecurity and Cyberwar" book told you what was going on and how to protect yourself in general. This book gives you the ninja skills to actually seal your network borders and measure the level of the threat. Various methods and opensource tools are used to build a high level of protection for the reader's system.Some of the tools demonstrated have a user interface, but most of the operating system defense requires command line operation so be prepared to do some heavy screen reading. Also, a large amount of filtering of log files may be required to see a pattern in the attacks. Be serious about this or be prepared to be a victim. The current state of network protection doesn't have a middle ground.

Item arrived as advertised--no problems.

High level over view for beginners. Talks about mostly concepts but not much about real world applications.

This book takes what can be a dry topic to some and adds punch and power to explanation and gives you a basis to understand what to look for. Good as a starting point to not be lazy and start understanding threat hunting.

This book has a lot of great content regarding Network Security Monitoring in general, but is especially helpful if you are rolling out Security Onion. There are a lot of videos and online tutorials out there but I like to be able to put my hands on it and have it all in one place. It's not necessarily for beginners, but readers in all stages of professional development will benefit from the content. It is well written and presented in a way that flows nicely. Lots of helpful tips and insight.