Security Monitoring
O'Reilly Media (Verlag)
978-0-596-51816-5 (ISBN)
How well does your enterprise stand up against today's sophisticated security threats? With this book, security experts from Cisco Systems demonstrate how you can detect damaging security incidents on your global network - first by discovering which assets you need to monitor closely, then by helping you develop targeted strategies and pragmatic techniques to identify security incidents. "Security Monitoring" offers six steps to improve network monitoring, based on the authors' years of experience conducting incident response to keep Cisco's global network secure. These steps will guide you through the following: Develop Policies: define the rules, regulations, and criteria against which to monitor; Know Your Network: build knowledge of your infrastructure with network telemetry; Select Your Targets: define the subset of infrastructure where you'll focus monitoring; Choose Event Sources: identify the event types needed to discover policy violations; Feed and Tune: collect data and generate alerts, tuning systems using context; and, Maintain Dependable Event Sources: prevent critical gaps in your event collection and monitoring.
To help you understand this framework, "Security Monitoring" illustrates its recommendations using a fictional mobile telephony provider. Each chapter's approach and techniques are overlaid against this fictional example with diagrams and detailed examples. These recommendations will help you select and deploy the best techniques for monitoring your own enterprise network.
Chris Fry, security investigator for Cisco Systems Computer Security Incident Response Team (CSIRT), joined Cisco in 1997 as an IT analyst specializing in production services support. Fry spent four years as a network engineer within Cisco IT gaining enterprise network knowledge and a unique insight into monitoring production networks. In 2007, he presented Inside the Perimiter: 6 Steps to Improve Your Security Monitoring at the annual conference for the Forum for Incident Response and Security Teams (FIRST) in Seville, Spain, and at the Cisco Networkers conventions in Brisbane, Australia and Anaheim, California. Fry received a BA in Corporate Financial Analysis and an MS in Information and Communication Sciences from Ball State University. He lives in Cary, North Carolina, with his wife, Laurie, and their two sons and daughter. Martin Nystrom is a Member of Technical Staff (MTS) for the Computer Security Incident Response Team (CSIRT) at Cisco Systems. He leads the global security monitoring team and provides guidance for incident response and security initiatives. Prior to joining Cisco's CSIRT, he was responsible for designing and consulting on secure architectures for IT projects. Martin worked as an IT architect and a Java programmer for 12 years prior, where he built his experience in the pharmaceutical and computer industries. He received a bachelor's degree from Iowa State University in 1990, a master's degree from NC State University in 2003, and his CISSP certification in 2004. He is the author of O'Reilly's "SQL Injection Defenses", and the forthcoming, "Practical Security Monitoring for Networks". He is a frequent conference speaker, and was honored on the Java One Rock Star Wall of Fame. He enjoys speaking at FIRST and Cisco Networkers conferences, and providing security guidance to customers via Cisco's Executive Briefing program. Most of Martin's papers and presos can be found at xianshield.org
| Erscheint lt. Verlag | 24.3.2009 |
|---|---|
| Co-Autor | Martin Nystrom |
| Verlagsort | Sebastopol |
| Sprache | englisch |
| Einbandart | Paperback |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Wirtschaft ► Betriebswirtschaft / Management ► Wirtschaftsinformatik | |
| ISBN-10 | 0-596-51816-1 / 0596518161 |
| ISBN-13 | 978-0-596-51816-5 / 9780596518165 |
| Zustand | Neuware |
| Haben Sie eine Frage zum Produkt? |
aus dem Bereich
