CHAPTER 9
Cyber Network Defense Using Advanced Log Analysis
This chapter describes an approach for Cyber Network Defense (CND) based upon Advanced Log Analysis (ALA) including the following:
- A lightweight process for CND that minimizes time and resources, but supports thorough investigation and eradication of threats
- A comprehensive set of scripts for network monitoring and ALA for packet and text logs using open source tools
- An agile strategy for escalating defenses against emerging threats
- An overall cyber investigation process and open source toolset
- An operational scenario for eradicating browser-based spyware, which is a much more prevalent and malicious threat than most imagine
- Practical instructions for implementing the processes and techniques described in the chapter
The sections are practical and instructional, explaining in sequence how, why, and when each technique applies. The chapter covers advanced techniques for Gawk, Wireshark, tcpdump, and data carving packets into files. It also includes implementation instructions for network sensors, ALA platforms, and cyber investigations.
WILEY.COM CODE DOWNLOADS FOR THIS CHAPTER
The wiley.com code downloads for this chapter are found at www.wiley.com/go/cybersecurity on the Download Code tab. The code is in the Chapter 9 download and individually named according to the names throughout the chapter.
Introduction to Cyber Network Defense
When I implemented network sensors and intrusion detection systems (IDS) on a new ...
Get Cybersecurity: Managing Systems, Conducting Testing, and Investigating Intrusions now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
