Customer Reviews


5 Reviews
5 star:
 (1)
4 star:
 (2)
3 star:
 (2)
2 star:    (0)
1 star:    (0)
 
 
 
 
 
Average Customer Review
Share your thoughts with other customers
Create your own review
 
 

The most helpful favourable review
The most helpful critical review


2 of 3 people found the following review helpful
5.0 out of 5 stars A Nuts and Bolts Approach and How-to for NSM
This certainly fell into my lap at an opportune time. With the various revelations being made about the NSA and its tactics, as well as the upsurge in attention being paid to network and application security in general, this book was a welcome arrival in and of itself. There's a lot of attention paid to the "aftermath" of security breaches. We see a lot of books that talk...
Published 15 months ago by Michael Larsen

versus
1 of 1 people found the following review helpful
3.0 out of 5 stars Not like the good old NSM "bibles"
I have read, and own, all Richards books. They have defined the art of Network Forensic and I have used them a lot in my MSc project. However, this book was a bit disappointing as it is basically just a "manual" to the security onion distro.

For that purpose it is excellent and still surprised me with cool hints, I now use everyday! But if you look for...
Published 6 months ago by Rene Thorup


Most Helpful First | Newest First

1 of 1 people found the following review helpful
3.0 out of 5 stars Not like the good old NSM "bibles", 16 Jun 2014
Verified Purchase(What is this?)
This review is from: The Practice of Network Security Monitoring: Understanding Incident Detection and Response (Paperback)
I have read, and own, all Richards books. They have defined the art of Network Forensic and I have used them a lot in my MSc project. However, this book was a bit disappointing as it is basically just a "manual" to the security onion distro.

For that purpose it is excellent and still surprised me with cool hints, I now use everyday! But if you look for a book on NSM go for his older books like "The TAO of NSM" and "Extrusion Detection".
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


3.0 out of 5 stars It's a bit basic for anyone that has a knowledge ..., 17 July 2014
Verified Purchase(What is this?)
It's a bit basic for anyone that has a knowledge of InfoSec or IPS/IDS. Not much in the way of troubleshooting for Security Onion. The steps were followed but it didn't work exactly as described and was left scratching around to find out why.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


2 of 3 people found the following review helpful
5.0 out of 5 stars A Nuts and Bolts Approach and How-to for NSM, 24 Sep 2013
By 
Michael Larsen (San Francisco, CA United States) - See all my reviews
This certainly fell into my lap at an opportune time. With the various revelations being made about the NSA and its tactics, as well as the upsurge in attention being paid to network and application security in general, this book was a welcome arrival in and of itself. There's a lot of attention paid to the "aftermath" of security breaches. We see a lot of books that talk about what to do after you've been hacked, or tools that can help determine if your application can be penetrated, along with tools and recommendations for performing that kind of testing. Less often asked (or covered) is "what can we do to see if people are actually trying to get into our network or applications in the first place?" While it's important to know how we got hacked, I'd like to see where we might get hacked, and sound an early warning to stop those hackers in their tracks.

To that end, Network Security Monitoring (NSM) makes a lot of sense, and an important line of defense. If the networks can be better monitored/protected, our servers are less likely to be hacked. We cannot prevent all breaches, but if we understand them and can react to them, we can make it harder for hackers to get to anything interesting or valuable.

It's with this in mind that Richard Bejtlich has written "The Practice of Network Security Monitoring", and much of the advice in this book focuses on monitoring and protecting the network, rather than protecting end servers. The centerpiece of this book (at least from a user application standpoint) is the open source Security Onion (SO) NSM suite from Doug Burks ([...] The descriptions and the examples provided (as well as numerous sample scripts in the back of the book) help the user get a good feel for the operations they could perform (and control) to collect network data, as well as how to analyze the collected data.

The tools can be run from a single server, but to get the maximum benefit, a more expansive network topology would be helpful. I can appreciate that my ops people didn't quite want to see me "experiment" on a broader network for this book review. After reading it, though, they may be willing to give me the benefit of the doubt going forward ;).

There are lots of individual tools (graphical and command line) that can be used to help collect and analyze network traffic details. Since there are a variety of tools that can be used, the author casts a broad net. Each section and tool gets its own setup, and an explanation as to how to use them. The examples are straightforward and easy enough to follow to get a feel as to how they can be used.

The last part of the book puts these tools into action, and demonstrates examples as to how and where they can be used. The enterprise security cycle is emphasized (planning, resistance, detection, and response), with an emphasis on the last two items. NSM uses its own process flow (collection, analysis, escalation, and resolution). By examining a variety of server side and client side compromises, and how those compromises can be detected and ultimately frustrated, we get a sense of the value and power of this model.

Bottom Line:

My approach to learning about NSM in general comes from being a software tester, and therefore I'm very interested in tools that I can learn and implement quickly. More important, though is the ability to apply a broad array of options. Since I don't really know what I may be called on to test, this varied model of NSM interests me greatly. From an understanding level, i.e. an ease of following along and seeing how it could work and where, I give the book high marks. I'm looking forward to when I can set up a broader and more varied network so I can try out some of the more expansive options.

On the whole, "The Practice of Network Security Monitoring" gets the reader excited about getting deeper into the approach, and looking to where they can get more engaged. As tech books go, it's a pretty fun ride :).
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4.0 out of 5 stars a lot of practical information, 20 Oct 2014
Verified Purchase(What is this?)
This review is from: The Practice of Network Security Monitoring: Understanding Incident Detection and Response (Paperback)
Especially the cases (chapter 10 and 11) give a lot of information about how to analyse a compromise.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4.0 out of 5 stars Four Stars, 25 Sep 2014
Verified Purchase(What is this?)
Mostly good on the kindle not such a good read.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


Most Helpful First | Newest First

This product

The Practice of Network Security Monitoring: Understanding Incident Detection and Response
£22.10
In stock
Add to basket Add to wishlist
Only search this product's reviews