Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Rob Slade, doting grandpa of R
January 25, 2010, 6:27 pm
rate this thread
"Security Monitoring", Chris Fry/Martin Nystrom, 2009,
%A Chris Fry
%A Martin Nystrom http://xianshield.org
%C 103 Morris Street, Suite A, Sebastopol, CA 95472
%G 978-0-596-51816-5 0-596-51816-1
%I O'Reilly & Associates, Inc.
%O U$44.99/C$44.99 800-998-9938 fax: 707-829-0104 firstname.lastname@example.org
%O (Amazon.com product link shortened)
(Amazon.com product link shortened)
%O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P 227 p.
%T "Security Monitoring"
The preface states that this is not an introduction to security or
network administration, but a more advanced guide, for those who have
the foundational background, to more targeted monitoring aimed at
Chapter one says that there are lots of threats out there, and that
this type of monitoring will protect you better than other safeguards.
(It's hard to judge that assertion when no details of the proposal
have been provided.) The authors introduce "policy based monitoring"
in chapter two, attempting to support this nomenclature with examples
relating to administrative policies, but it is difficult to see that
this is any different from whitelisting. Chapter three mentions that
it is important to know the structure and operation of your network,
but most of the content is a description of the Cisco NetFlow utility.
Much of the rest of the material, contrary to the promises of the
preface, is basic network administration. Choosing what to monitor is
emphasized in chapter four. (It's a little bit hard to take some of
this seriously when one of the basic references is a CISSP study
guide.) It is difficult to say why chapter five must discuss the
choice of event sources separately from the prior content, but much of
the book is similarly disjointed, confused, and lacking in structure.
Supposedly about tuning your monitoring, much of chapter six
duplicates the overview of network structure from chapter three.
Chapter seven stands out from the rest of the book. It reiterates the
often neglected point that you need to ensure that the audit, log, and
monitoring data you think you are collecting is, in fact, being
collected. The discussion is detailed and comprehensive. This
chapter, alone, is probably worth the purchase price of the book.
Chapter eight is a review of the previous chapters, first with a
series of case study examples, and with a summery of the list of
With one notable exception, the work is basic and pedestrian
information, with a disorganized composition. However, chapter seven
is definitely useful to both security and network professionals.
copyright Robert M. Slade, 2009 BKSECMON.RVW 20091009
email@example.com firstname.lastname@example.org email@example.com
"Dictionary of Information Security," Syngress 1597491152
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev /
CISSP refs: [Base URL]mnbksccd.htm
Book reviews: [Base URL]mnbk.htm
Review mailing list: send mail to firstname.lastname@example.org
- » n3td3v is a global organisation based in the United Kingdom
- — Next thread in » General Computer Security
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — The site's Newest Thread. Posted in » Secure Shell Forum