Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Security Log Management", Jacob Babbin et al

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKSCLGMN.RVW 20060821 Security Log Management , Jacob Babbin et al, 2006, 1-59749-042-3, U$49.95/C$69.95 %A Jacob Babbin %A Dave Kleiman %A Everett F.
    Message 1 of 1 , Oct 2, 2006
      BKSCLGMN.RVW 20060821

      "Security Log Management", Jacob Babbin et al, 2006, 1-59749-042-3,
      %A Jacob Babbin
      %A Dave Kleiman
      %A Everett F. Carter
      %A Jeremy Faircloth
      %A Mark Burnett
      %C 800 Hingham Street, Rockland, MA 02370
      %D 2006
      %E Esteban Gutierrez
      %G 1-59749-042-3
      %I Syngress Media, Inc.
      %O U$49.95/C$69.95 781-681-5151 fax: 781-681-3585 www.syngress.com
      %O http://www.amazon.com/exec/obidos/ASIN/1597490423/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/1597490423/robsladesin03-20
      %O Audience a- Tech 2 Writing 1 (see revfaq.htm for explanation)
      %P 333 p.
      %T "Security Log Management: Identifying Patterns in the Chaos"

      Chapter one reviews the problem of masses of data. The text suggests
      that there are solutions, and even gives some examples, but the
      writing seems to be intended only for an audience that is already
      skilled, working, and well familiar with those very solutions.
      Sections of sample code are provided (here and at other places in the
      book), but they tend to be of limited utility because significant
      chunks of the actual functional parts are missing. Various tools for
      IDS (intrusion detection system) reporting are described in chapter
      two. Fewer tools are listed for firewall reporting in three.
      Although entitled "Systems and Network Device Reporting," chapter four
      looks solely at Web server logs, and that only for a single type of
      attack or situation. However, the restriction of topic is somewhat
      ameliorated by the best writing in the book: the coverage of the
      analysis is clear and an excellent introduction to WEb server
      forensics. Chapter five has scripts for text reporting (illustrated
      by graphical presentation of the data, so it is somewhat misleading).
      Chapter six suggests that you should do Enterprise Security
      Management, and notes some of the difficulties you may encounter, but
      doesn't provide any help. Despite the title of "Managing Log Files
      with Microsoft Log Parser," chapter seven merely talks about generic
      file management. Chapter eight does provide some Microsoft Log Parser
      SQL code for reporting, and has a few other useful suggestions. More
      Log Parser SQL code, this time for formatting CSV (comma separated
      version) data, is in chapter nine.

      Basically, if you already know how to deal with event logs, log data,
      and log data analysis, this book will provide you with some
      suggestions about tools that you might want to try. If you are
      already struggling with network forensics and intrusion detection, the
      material in this volume won't help much.

      copyright Robert M. Slade, 2006 BKSCLGMN.RVW 20060821

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      The danger in weakening encryption is that our infrastructure
      would become even less secure.
      - Bill Crowell, former NSA deputy director
      Dictionary of Information Security www.syngress.com/catalog/?pid=4150
    Your message has been successfully submitted and would be delivered to recipients shortly.