REVIEW: "Security Monitoring", Chris Fry/Martin Nystrom

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

BKSECMON.RVW   20091009

"Security Monitoring", Chris Fry/Martin Nystrom, 2009,
978-0-596-51816-5, U$44.99/C$44.99
%A   Chris Fry
%A   Martin Nystrom
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2009
%G   978-0-596-51816-5 0-596-51816-1
%I   O'Reilly & Associates, Inc.
%O   U$44.99/C$44.99 800-998-9938 fax: 707-829-0104
%O  ( product link shortened)
  ( product link shortened)
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   227 p.
%T   "Security Monitoring"

The preface states that this is not an introduction to security or
network administration, but a more advanced guide, for those who have
the foundational background, to more targeted monitoring aimed at
detecting extrusions.

Chapter one says that there are lots of threats out there, and that
this type of monitoring will protect you better than other safeguards.
(It's hard to judge that assertion when no details of the proposal
have been provided.)  The authors introduce "policy based monitoring"
in chapter two, attempting to support this nomenclature with examples
relating to administrative policies, but it is difficult to see that
this is any different from whitelisting.  Chapter three mentions that
it is important to know the structure and operation of your network,
but most of the content is a description of the Cisco NetFlow utility.
Much of the rest of the material, contrary to the promises of the
preface, is basic network administration.  Choosing what to monitor is
emphasized in chapter four.  (It's a little bit hard to take some of
this seriously when one of the basic references is a CISSP study
guide.)  It is difficult to say why chapter five must discuss the
choice of event sources separately from the prior content, but much of
the book is similarly disjointed, confused, and lacking in structure.
Supposedly about tuning your monitoring, much of chapter six
duplicates the overview of network structure from chapter three.

Chapter seven stands out from the rest of the book.  It reiterates the
often neglected point that you need to ensure that the audit, log, and
monitoring data you think you are collecting is, in fact, being
collected.  The discussion is detailed and comprehensive.  This
chapter, alone, is probably worth the purchase price of the book.

Chapter eight is a review of the previous chapters, first with a
series of case study examples, and with a summery of the list of

With one notable exception, the work is basic and pedestrian
information, with a disorganized composition.  However, chapter seven
is definitely useful to both security and network professionals.

copyright Robert M. Slade, 2009    BKSECMON.RVW   20091009

"Dictionary of Information Security," Syngress               1597491152 /
============= for back issues:
[Base URL] site /
CISSP refs:     [Base URL]mnbksccd.htm
Book reviews:   [Base URL]mnbk.htm
Review mailing list: send mail to

Site Timeline