内容简介
AppliedNetworkSecurityMonitoringistheessentialguidetobecominganNSManalystfromthegroundup.ThisbooktakesafundamentalapproachtoNSM,completewithdozensofreal-worldexamplesthatteachyouthekeyconceptsofNSM.Networksecuritymonitoringisbasedontheprinciplethatpreventioneventuallyfails.Inthecurrentthreatlandscape,nomatterhowmuchyoutry,motivatedattackerswilleventuallyfindtheirwayintoyournetwork.Atthatpoint,itisyourabilitytodetectandrespondtothatintrusionthatcanbethedifferencebetweenasmallincidentandamajordisaster.ThebookfollowsthethreestagesoftheNSMcycle:collection,detection,andanalysis.Asyouprogressthrougheachsection,youwillhaveaccesstoinsightsfromseasonedNSMprofessionalswhilebeingintroducedtorelevant,practicalscenarioscompletewithsampledata.Ifyou'veneverperformedNSManalysis,AppliedNetworkSecurityMonitoringwillgiveyouanadequategrasponthecoreconceptsneededtobecomeaneffectiveanalyst.Ifyouarealreadyapracticinganalyst,thisbookwillallowyoutogrowyouranalytictechniquetomakeyoumoreeffectiveatyourjob.Discussesthepropermethodsfordatacollection,andteachesyouhowtobecomeaskilledNSManalystProvidesthoroughhands-oncoverageofSnort,Suricata,Bro-IDS,SiLK,andArgusLoadedwithpracticalexamplescontainingrealPCAPfilesyoucanreplay,andusesSecurityOnionforallitslabexamplesCompanionwebsiteincludesup-to-dateblogsfromtheauthorsaboutthelatestdevelopmentsinNSM