Skip to Main Content
Security Monitoring
book

Security Monitoring

by Chris Fry, Martin Nystrom
February 2009
Intermediate to advanced content levelIntermediate to advanced
256 pages
7h 43m
English
O'Reilly Media, Inc.
Content preview from Security Monitoring

Practical Considerations for Selecting Targets

My Nokia smartphone drives me crazy alerting me to things that I don’t need to know, that I can’t do anything about, and that interfere with basic operations (such as making phone calls). One particularly annoying message, “Packet Data Started,” often appears just as I’m beginning to dial a number, forcing me to acknowledge the message and restart my number dialing. Nokia thoughtfully included this feature to keep users without unlimited data plans informed that their phone is about to incur data charges. In my case, I have no need to see the message, since I have an unlimited data plan.

Don’t configure your systems like my smartphone, collecting events for which you don’t intend to take action. If you’re able to fully monitor a system, but you can’t do anything about the events that are generated, why bother monitoring it? Event collection is always necessary to support investigations. Even when you’re not actively monitoring events, you must collect the events to support incident response. For targeted monitoring, however, events that you cannot mitigate are a distraction and should not be alerted. For example, Figure 4-6 shows an Oracle alert from a Security Information Manager (SIM) system.

Oracle Application Server alert

Figure 4-6. Oracle Application Server alert

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Applied Network Security Monitoring

Applied Network Security Monitoring

Chris Sanders, Jason Smith
Network Protocols for Security Professionals

Network Protocols for Security Professionals

Yoram Orzach, Deepanshu Khanna

Publisher Resources

ISBN: 9780596157944Errata Page