The Practice of Network Security Monitoring: Understanding Incident Detection and Response

By Richard Bejtlich

Network protection isn't easily approximately construction impenetrable partitions — decided attackers will finally conquer conventional defenses. the simplest machine protection suggestions combine community safeguard tracking (NSM): the gathering and research of information that can assist you realize and reply to intrusions.

In The perform of community safety Monitoring, Mandiant CSO Richard Bejtlich indicates you the way to exploit NSM so as to add a powerful layer of defense round your networks — no previous adventure required. that can assist you steer clear of high priced and rigid options, he teaches you the way to set up, construct, and run an NSM operation utilizing open resource software program and vendor-neutral tools.

You'll learn the way to:

  • Determine the place to install NSM structures, and measurement them for the monitored networks
  • Deploy stand-alone or disbursed NSM installations
  • Use command line and graphical packet research instruments, and NSM consoles
  • Interpret community proof from server-side and client-side intrusions
  • Integrate probability intelligence into NSM software program to spot refined adversaries

There's no foolproof technique to preserve attackers from your community. but if they get in, you will be ready. The perform of community protection Monitoring will enable you construct a safety internet to become aware of, include, and keep watch over them. assaults are inevitable, yet wasting delicate info should not be.

Show description

Preview of The Practice of Network Security Monitoring: Understanding Incident Detection and Response PDF

Similar Computing books

Recoding Gender: Women's Changing Participation in Computing (History of Computing)

At the present time, ladies earn a comparatively low percent of desktop technological know-how levels and carry proportionately few technical computing jobs. in the meantime, the stereotype of the male "computer geek" seems all over in pop culture. Few humans comprehend that ladies have been an important presence within the early a long time of computing in either the us and Britain.

PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (4th Edition)

It hasn't taken net builders lengthy to find that after it involves developing dynamic, database-driven sites, MySQL and Hypertext Preprocessor offer a profitable open-source blend. upload this ebook to the combo, and there is no restrict to the strong, interactive sites that builders can create. With step by step directions, whole scripts, and professional the right way to advisor readers, veteran writer and database clothier Larry Ullman will get down to company: After grounding readers with separate discussions of first the scripting language (PHP) after which the database software (MySQL), he is going directly to disguise defense, periods and cookies, and utilizing extra internet instruments, with a number of sections dedicated to developing pattern functions.

Game Programming Algorithms and Techniques: A Platform-Agnostic Approach (Game Design)

Video game Programming Algorithms and methods is an in depth assessment of some of the vital algorithms and methods utilized in game programming at the present time. Designed for programmers who're acquainted with object-oriented programming and simple facts constructions, this booklet makes a speciality of useful options that see genuine use within the video game undefined.

Guide to RISC Processors: for Programmers and Engineers

Info RISC layout ideas in addition to explains the variations among this and different designs. is helping readers collect hands-on meeting language programming event

Additional info for The Practice of Network Security Monitoring: Understanding Incident Detection and Response

Show sample text content

Summarizing degree 2 . . . . . . . . . . . . . . subsequent Steps . . . . . . . . . . . . . . . . . . . . . end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . eleven Client-side Compromise Client-side Compromise outlined . . . . . . . . . . . . Client-side Compromise in motion . . . . . . . . . . . Getting the Incident file from a consumer . beginning research with ELSA . . . . . . . . . searching for lacking site visitors . . . . . . . . . examining the Bro dns. log dossier . . . . . . . . . . . . . Checking vacation spot Ports . . . . . . . . . . . . . . . . reading the Command-and-Control Channel . . preliminary entry . . . . . . . . . . . . . . . . . . . enhancing the Shell . . . . . . . . . . . . . . . Summarizing degree 1 . . . . . . . . . . . . . Pivoting to a moment sufferer . . . . . . . . . fitting a Covert Tunnel . . . . . . . . . . 188 189 193 195 198 201 202 203 205 208 209 210 211 214 216 218 219 222 224 225 226 228 229 230 231 231 232 232 233 235 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236 237 238 239 243 245 246 250 251 255 256 257 257 Contents intimately  xiii Enumerating the sufferer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259 Summarizing level 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 12 Extending SO utilizing Bro to trace Executables . . . . . . . . . . . . . . . . . . . Hashing Downloaded Executables with Bro . . . . filing a Hash to VirusTotal . . . . . . . . . . . . utilizing Bro to Extract Binaries from site visitors . . . . . . . . . . . . Configuring Bro to Extract Binaries from site visitors . accumulating site visitors to check Bro . . . . . . . . . . . . . . checking out Bro to Extract Binaries from HTTP site visitors . interpreting the Binary Extracted from HTTP . . . . checking out Bro to Extract Binaries from FTP site visitors . . studying the Binary Extracted from FTP . . . . . . filing a Hash and Binary to VirusTotal . . . . Restarting Bro . . . . . . . . . . . . . . . . . . . . . . . . utilizing APT1 Intelligence . . . . . . . . . . . . . . . . . . . . . . . . utilizing the APT1 Module . . . . . . . . . . . . . . . . . fitting the APT1 Module . . . . . . . . . . . . . . . producing site visitors to check the APT1 Module . . . . trying out the APT1 Module . . . . . . . . . . . . . . . . Reporting Downloads of Malicious Binaries . . . . . . . . . . utilizing the workforce Cymru Malware Hash Registry . The MHR and SO: lively by means of Default . . . . . . . . . The MHR and SO vs. a Malicious obtain . . . selecting the Binary . . . . . . . . . . . . . . . . . . . end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 .

Download PDF sample

Rated 4.24 of 5 – based on 45 votes