Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Security Monitoring", Chris Fry/Martin Nystrom

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKSECMON.RVW 20091009 Security Monitoring , Chris Fry/Martin Nystrom, 2009, 978-0-596-51816-5, U$44.99/C$44.99 %A Chris Fry %A Martin Nystrom
    Message 1 of 1 , Jan 25, 2010
      BKSECMON.RVW 20091009

      "Security Monitoring", Chris Fry/Martin Nystrom, 2009,
      978-0-596-51816-5, U$44.99/C$44.99
      %A Chris Fry
      %A Martin Nystrom http://xianshield.org
      %C 103 Morris Street, Suite A, Sebastopol, CA 95472
      %D 2009
      %G 978-0-596-51816-5 0-596-51816-1
      %I O'Reilly & Associates, Inc.
      %O U$44.99/C$44.99 800-998-9938 fax: 707-829-0104 nuts@...
      %O http://www.amazon.com/exec/obidos/ASIN/0596518161/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0596518161/robsladesin03-20
      %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 227 p.
      %T "Security Monitoring"

      The preface states that this is not an introduction to security or
      network administration, but a more advanced guide, for those who have
      the foundational background, to more targeted monitoring aimed at
      detecting extrusions.

      Chapter one says that there are lots of threats out there, and that
      this type of monitoring will protect you better than other safeguards.
      (It's hard to judge that assertion when no details of the proposal
      have been provided.) The authors introduce "policy based monitoring"
      in chapter two, attempting to support this nomenclature with examples
      relating to administrative policies, but it is difficult to see that
      this is any different from whitelisting. Chapter three mentions that
      it is important to know the structure and operation of your network,
      but most of the content is a description of the Cisco NetFlow utility.
      Much of the rest of the material, contrary to the promises of the
      preface, is basic network administration. Choosing what to monitor is
      emphasized in chapter four. (It's a little bit hard to take some of
      this seriously when one of the basic references is a CISSP study
      guide.) It is difficult to say why chapter five must discuss the
      choice of event sources separately from the prior content, but much of
      the book is similarly disjointed, confused, and lacking in structure.
      Supposedly about tuning your monitoring, much of chapter six
      duplicates the overview of network structure from chapter three.

      Chapter seven stands out from the rest of the book. It reiterates the
      often neglected point that you need to ensure that the audit, log, and
      monitoring data you think you are collecting is, in fact, being
      collected. The discussion is detailed and comprehensive. This
      chapter, alone, is probably worth the purchase price of the book.

      Chapter eight is a review of the previous chapters, first with a
      series of case study examples, and with a summery of the list of

      With one notable exception, the work is basic and pedestrian
      information, with a disorganized composition. However, chapter seven
      is definitely useful to both security and network professionals.

      copyright Robert M. Slade, 2009 BKSECMON.RVW 20091009

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      We are born naked, wet and hungry. Then things get worse.
      victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
      http://twitter.com/NoticeBored http://twitter.com/rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.