Skip to Main Content
Security Monitoring
book

Security Monitoring

by Chris Fry, Martin Nystrom
February 2009
Intermediate to advanced content levelIntermediate to advanced
256 pages
7h 43m
English
O'Reilly Media, Inc.
Content preview from Security Monitoring

Chapter 3. Know Your Network

Imagine going to battle without an understanding of the terrain, roads, buildings, weather, or even your own fighting force’s tactics and capabilities. This is the situation faced by many information security professionals when they initially attempt to monitor their network environment. Knowing your network is akin to understanding your military capabilities, strengths, and weaknesses when preparing for an enemy attack. In information security, the enemy will change tactics continually, but you have a “home field advantage” because the battleground is your network. History proves that blindly charging into or defending the unknown will almost certainly end in defeat.

One of the best ways to express this concept comes from Richard Bejtlich, information security professional and author of The Tao of Network Security Monitoring. In a January 2007 post on his blog,[13] Bejtlich describes the “Self-Defeating Network” as having the following characteristics:

  • Unknown

  • Unmonitored

  • Uncontrolled

  • Unmanned

  • Trusted

Although you may not have control of or influence over these characteristics, you must make every effort to Know Your Network! Doing so will help you succeed in most of your security-related endeavors. In this chapter, we will explore two primary methods of learning about a network: network taxonomy and network telemetry.

Network Taxonomy

Imagine you receive a report from your monitoring staff that “IP address 10.10.10.20 was seen performing a buffer overflow attack ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Applied Network Security Monitoring

Applied Network Security Monitoring

Chris Sanders, Jason Smith
Network Protocols for Security Professionals

Network Protocols for Security Professionals

Yoram Orzach, Deepanshu Khanna

Publisher Resources

ISBN: 9780596157944Errata Page