REVIEW: "Security Monitoring", Chris Fry/Martin Nystrom

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Jan 25, 2010.

  1. BKSECMON.RVW 20091009

    "Security Monitoring", Chris Fry/Martin Nystrom, 2009,
    978-0-596-51816-5, U$44.99/C$44.99
    %A Chris Fry
    %A Martin Nystrom http://xianshield.org
    %C 103 Morris Street, Suite A, Sebastopol, CA 95472
    %D 2009
    %G 978-0-596-51816-5 0-596-51816-1
    %I O'Reilly & Associates, Inc.
    %O U$44.99/C$44.99 800-998-9938 fax: 707-829-0104
    %O http://www.amazon.com/exec/obidos/ASIN/0596518161/robsladesinterne
    http://www.amazon.co.uk/exec/obidos/ASIN/0596518161/robsladesinte-21
    %O http://www.amazon.ca/exec/obidos/ASIN/0596518161/robsladesin03-20
    %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
    %P 227 p.
    %T "Security Monitoring"

    The preface states that this is not an introduction to security or
    network administration, but a more advanced guide, for those who have
    the foundational background, to more targeted monitoring aimed at
    detecting extrusions.

    Chapter one says that there are lots of threats out there, and that
    this type of monitoring will protect you better than other safeguards.
    (It's hard to judge that assertion when no details of the proposal
    have been provided.) The authors introduce "policy based monitoring"
    in chapter two, attempting to support this nomenclature with examples
    relating to administrative policies, but it is difficult to see that
    this is any different from whitelisting. Chapter three mentions that
    it is important to know the structure and operation of your network,
    but most of the content is a description of the Cisco NetFlow utility.
    Much of the rest of the material, contrary to the promises of the
    preface, is basic network administration. Choosing what to monitor is
    emphasized in chapter four. (It's a little bit hard to take some of
    this seriously when one of the basic references is a CISSP study
    guide.) It is difficult to say why chapter five must discuss the
    choice of event sources separately from the prior content, but much of
    the book is similarly disjointed, confused, and lacking in structure.
    Supposedly about tuning your monitoring, much of chapter six
    duplicates the overview of network structure from chapter three.

    Chapter seven stands out from the rest of the book. It reiterates the
    often neglected point that you need to ensure that the audit, log, and
    monitoring data you think you are collecting is, in fact, being
    collected. The discussion is detailed and comprehensive. This
    chapter, alone, is probably worth the purchase price of the book.

    Chapter eight is a review of the previous chapters, first with a
    series of case study examples, and with a summery of the list of
    topics.

    With one notable exception, the work is basic and pedestrian
    information, with a disorganized composition. However, chapter seven
    is definitely useful to both security and network professionals.

    copyright Robert M. Slade, 2009 BKSECMON.RVW 20091009

    --
    ======================

    "Dictionary of Information Security," Syngress 1597491152
    http://blogs.securiteam.com/index.php/archives/author/p1/
    http://blog.isc2.org/isc2_blog/slade/index.html
    http://twitter.com/rslade http://twitter.com/NoticeBored
    ============= for back issues:
    [Base URL] site http://victoria.tc.ca/techrev/
    CISSP refs: [Base URL]mnbksccd.htm
    Book reviews: [Base URL]mnbk.htm
    Review mailing list: send mail to
    or
     
    Rob Slade, doting grandpa of Ryan and Trevor, Jan 25, 2010
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "A Guide to Forensic Testimony", Fred Chris Smith/Rebecca Gurley Bace

    Rob Slade, doting grandpa of Ryan and Trevor, Jul 29, 2003, in forum: Computer Security
    Replies:
    0
    Views:
    1,354
    Rob Slade, doting grandpa of Ryan and Trevor
    Jul 29, 2003
  2. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Official (ISC)^2 Guide to the CISSP Exam", Susan Hansche/John Berti/Chris Hare

    Rob Slade, doting grandpa of Ryan and Trevor, Jul 30, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    969
    Rob Slade, doting grandpa of Ryan and Trevor
    Jul 30, 2004
  3. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Network Security Assessment", Chris McNab

    Rob Slade, doting grandpa of Ryan and Trevor, Oct 15, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    704
    Rob Slade, doting grandpa of Ryan and Trevor
    Oct 15, 2004
  4. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "WarDriving: Drive, Detect, Defend", Chris Hurley/Frank Thornton/Michael Puchol

    Rob Slade, doting grandpa of Ryan and Trevor, Nov 11, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    602
    Rob Slade, doting grandpa of Ryan and Trevor
    Nov 11, 2004
  5. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Network Security Assessment", Steve Manzuik/Andre Gold/Chris Gatford

    Rob Slade, doting grandpa of Ryan and Trevor, Dec 23, 2009, in forum: Computer Security
    Replies:
    0
    Views:
    1,563
    Rob Slade, doting grandpa of Ryan and Trevor
    Dec 23, 2009
Loading...

Share This Page