MARC details
| 000 -LEADER |
|---|
| fixed length control field |
03360nam a2200241Ia 4500 |
| 003 - CONTROL NUMBER IDENTIFIER |
|---|
| control field |
NULRC |
| 005 - DATE AND TIME OF LATEST TRANSACTION |
|---|
| control field |
20250520100703.0 |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION |
|---|
| fixed length control field |
250520s9999 xx 000 0 und d |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| International Standard Book Number |
9780124172081 |
| 040 ## - CATALOGING SOURCE |
|---|
| Transcribing agency |
NULRC |
| 050 ## - LIBRARY OF CONGRESS CALL NUMBER |
|---|
| Classification number |
QA 76.9.A25 .S36 2014 |
| 100 ## - MAIN ENTRY--PERSONAL NAME |
|---|
| Personal name |
Sanders, Chris |
| Relator term |
author |
| 245 #0 - TITLE STATEMENT |
|---|
| Title |
Applied network security monitoring : |
| Remainder of title |
collection, detection, and analysis / |
| Statement of responsibility, etc. |
Chris Sanders and Jason Smith |
| 260 ## - PUBLICATION, DISTRIBUTION, ETC. |
|---|
| Place of publication, distribution, etc. |
Waltham, MA : |
| Name of publisher, distributor, etc. |
Syngress ; Elsevier, |
| Date of publication, distribution, etc. |
c2014 |
| 300 ## - PHYSICAL DESCRIPTION |
|---|
| Extent |
xxiv, 472 pages : |
| Other physical details |
illustrations ; |
| Dimensions |
24 cm. |
| 365 ## - TRADE PRICE |
|---|
| Price amount |
USD428.29 |
| 504 ## - BIBLIOGRAPHY, ETC. NOTE |
|---|
| Bibliography, etc. note |
Includes index. |
| 505 ## - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
1. The practice of applied network security monitoring -- Section 1. Collection -- 2. Planning data collection -- 3. The sensor platform -- 4. Session data -- 5. Full packet capture data -- 6. Packet string data -- Section 2: Detection -- 7. Detection mechanisms, indicators of compromise, and signatures -- 8. Reputation-based detection -- 9. Signature-based detection with snort and suricata -- 10. The bro platform -- 11. Anomaly-based detection with statistical data -- 12. Using canary honeypots for detection -- Section 3. Analysis -- 13. Packet analysis -- 14. Friendly and threat intelligence -- 15. The analysis process. |
| 520 ## - SUMMARY, ETC. |
|---|
| Summary, etc. |
Applied Network Security Monitoring is the essential guide to becoming an NSM analyst from the ground up. This book takes a fundamental approach, complete with real-world examples that teach you the key concepts of NSM. Network security monitoring is based on the principle that prevention eventually fails. In the current threat landscape, no matter how much you try, motivated attackers will eventually find their way into your network. At that point, your ability to detect and respond to that intrusion can be the difference between a small incident and a major disaster. The book follows the three stages of the NSM cycle: collection, detection, and analysis. As you progress through each section, you will have access to insights from seasoned NSM professionals while being introduced to relevant, practical knowledge that you can apply immediately. The book discusses the proper methods for planning and executing an NSM data collection strategy, provides thorough hands-on coverage of Snort, Suricata, Bro-IDS, SiLK, PRADS, and more, loaded with practical examples that make use of the Security Onion Linux distribution and the first book to define multiple analysis frameworks that can be used for performing NSM investigations in a structured and systematic manner. If you've never performed NSM analysis, Applied Network Security Monitoring will help you grasp the core concepts needed to become an effective analyst. If you are already working in an analysis role, this book will allow you to refine your analytic technique and increase your effectiveness. You will get caught off guard, you will be blind sided, and sometimes you will lose the fight to prevent attackers from accessing your network. This book is about equipping you with the right tools for collecting the data you need, detecting malicious activity, and performing the analysis that will help you understand the nature of an intrusion. Although prevention can eventually fail, NSM doesn't have to. |
| 650 ## - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name entry element |
COMPUTER NETWORKS -- SECURITY MEASURES |
| 700 ## - ADDED ENTRY--PERSONAL NAME |
|---|
| Personal name |
Smith, Jason |
| Relator term |
co-author |
| 942 ## - ADDED ENTRY ELEMENTS (KOHA) |
|---|
| Source of classification or shelving scheme |
Library of Congress Classification |
| Koha item type |
Books |
