Buying Options
Security Monitoring
Print $44.99
Add to Cart
Print+Ebook $49.49
Add to Cart
Ebook $35.99
(Mobi, PDF, ePub)
Add to Cart
Safari Books Online
Add to Cart
What is this?
Print £34.50
Add to Cart
What is this?

Security Monitoring

Proven Methods for Incident Detection on Enterprise Networks

By
Chris Fry, Martin Nystrom
Publisher:
O'Reilly Media
Released:
February 2009
Pages:
256
Press Release
Description
How well does your enterprise stand up against today's sophisticated security threats? In this book, security experts from Cisco Systems demonstrate how to detect damaging security incidents on your global network -- first by teaching you which assets you need to monitor closely, and then by helping you develop targeted strategies and pragmatic techniques to protect them. These recommendations will help you select and deploy the very best tools to monitor your own enterprise network.
Full Description
Table of Contents

  1. Chapter 1 Getting Started

    1. A Rapidly Changing Threat Landscape

    2. Why Monitor?

    3. Challenges to Monitoring

    4. Outsourcing Your Security Monitoring

    5. Monitoring to Minimize Risk

    6. Policy-Based Monitoring

    7. Why Should This Work for You?

    8. Open Source Versus Commercial Products

    9. Introducing Blanco Wireless

  2. Chapter 2 Implement Policies for Monitoring

    1. Blacklist Monitoring

    2. Anomaly Monitoring

    3. Policy Monitoring

    4. Monitoring Against Defined Policies

    5. Types of Policies

    6. Policies for Blanco Wireless

    7. Conclusion

  3. Chapter 3 Know Your Network

    1. Network Taxonomy

    2. Network Telemetry

    3. The Blanco Wireless Network

    4. Conclusion

  4. Chapter 4 Select Targets for Monitoring

    1. Methods for Selecting Targets

    2. Practical Considerations for Selecting Targets

    3. Recommended Monitoring Targets

    4. Choosing Components Within Monitoring Targets

    5. Blanco Wireless: Selecting Targets for Monitoring

    6. Conclusion

  5. Chapter 5 Choose Event Sources

    1. Event Source Purpose

    2. Choosing Event Sources for Blanco Wireless

    3. Conclusion

  6. Chapter 6 Feed and Tune

    1. Network Intrusion Detection Systems

    2. NIDS Deployment Framework

    3. System Logging

    4. NetFlow

    5. Blanco’s Security Alert Sources

    6. Conclusion

  7. Chapter 7 Maintain Dependable Event Sources

    1. Maintain Device Configurations

    2. Monitor the Monitors

    3. Monitor Databases

    4. Automated System Monitoring

    5. System Monitoring for Blanco Wireless

    6. Conclusion

  8. Chapter 8 Conclusion: Keeping It Real

    1. What Can Go Wrong

    2. Case Studies

    3. Real Stories of the CSIRT

    4. Bare Minimum Requirements

    5. Conclusion

  1. Appendix Detailed OSU flow-tools Collector Setup

    1. Set Up the Server

    2. Configuring NetFlow Export from the Router

  2. Appendix SLA Template

    1. Service Level Agreement: Information Security and Network Engineering

  3. Appendix Calculating Availability

  4. Colophon

View Full Table of Contents
Product Details
Title:
Security Monitoring
By:
Chris Fry, Martin Nystrom
Publisher:
O'Reilly Media
Formats:
  • Print
  • Ebook
  • Safari Books Online
Print Release:
February 2009
Ebook Release:
February 2009
Pages:
256
Print ISBN:
978-0-596-51816-5
| ISBN 10:
0-596-51816-1
Ebook ISBN:
978-0-596-80126-7
| ISBN 10:
0-596-80126-2
Customer Reviews
About the Authors

  1. Chris Fry

    Chris Fry has been a member of the Computer Security Incident Response Team (CSIRT) at Cisco Systems, Inc for 5 years, focusing on deployment of intrusion detection, network monitoring tools, and incident investigation. He began his career at Cisco in 1997 as an IT analyst, supporting Cisco's production services. His four years as a Network Engineer in Cisco IT's internal network support organization give him valuable knowledge about and unique insight into monitoring production enterprise networks. Chris holds a BA in Corporate Financial Analysis and an MS in Information and Communication Sciences from Ball State University.

    View Chris Fry's full profile page.

  2. Martin Nystrom

    Martin Nystrom is a senior security analyst with Cisco's Computer Security Incident Response Team (CSIRT), where he leads initiatives to improve monitoring and response in information security. Prior to joining Cisco's CSIRT, Martin was responsible for designing secure architectures for IT projects. Martin worked as an IT architect and a Java programmer for 12 years prior to becoming a security architect, with experience in the pharmaceutical and computer industries. Martin received a bachelor's degree from Iowa State University in 1990, a master's degree from NC State University in 2003, and his CISSP certification in 2004.

    View Martin Nystrom's full profile page.

  3. Martin Nystrom

    Martin Nystrom is a senior security analyst with Cisco's Computer Security Incident Response Team (CSIRT), where he leads initiatives to improve monitoring and response in information security. Prior to joining Cisco's CSIRT, Martin was responsible for designing secure architectures for IT projects. Martin worked as an IT architect and a Java programmer for 12 years prior to becoming a security architect, with experience in the pharmaceutical and computer industries. Martin received a bachelor's degree from Iowa State University in 1990, a master's degree from NC State University in 2003, and his CISSP certification in 2004.

    View Martin Nystrom's full profile page.

Colophon

The image on the cover of Security Monitoring is a man using a telescope. While the telescope is primarily used for the viewing of distant objects, a host of earlier, cruder telescopes were used simply for the purposes of magnification.

Euclid wrote about the reflection and refraction of light, and Aristophanes later showed that a globe filled with water could enlarge objects. Yet the invention of a proper telescope was delayed in part because its effects were thought to be so astonishing that the instrument and its creator were deemed evil. In the 13th century, Roger Bacon documented the effects of magnification and wrote about the use of lenses to study the sky: "The Sun, Moon, and Stars may be made to descend hither in appearance which persons unacquainted with such things would refuse to believe." Subsequent to his observations, Bacon was labeled a magician and imprisoned.

The use of the lens for magnification only became acceptable with the invention and general usage of eyeglasses. Then, in the late 16th and early 17th centuries, eyeglass maker Hans Lippershey of Holland reportedly noticed a church tower jump to the front doorway of his shop when he stared at the tower through two differently shaped lenses at once. Lippershey then succeeded in making the telescope known more widely, and it was he who piqued Galileo Galilei's interest in the instrument sometimes dubbed the "far looker."

Galileo and Lippershey each independently thought he could profit from the distribution of telescopes, and both men also foresaw the military advantages of the instrument. Galileo famously went a step further with his use of the telescope and sought out sun spots, moons of Jupiter, and new "lands" in the sky above. Although Galileo was eventually persecuted for saying that the sun was at the center of the solar system, his and Lippershey's military application of smaller telescopes later became useful to strategists during the U.S. Civil War, when military personnel often used telescopes designed like the one on the cover of this book to spy on their enemies.

The cover image is from the Dover Pictorial Archive. The cover font is Adobe ITC Garamond. The text font is Linotype Birka; the heading font is Adobe Myriad Condensed; and the code font is LucasFont's TheSansMonoCondensed.

  • Book cover of Security Monitoring
Got a Question?
icons
Favicon Service and support by Satisfaction