Book description
The Practice of Network Security Monitoring teaches IT and security staff how to leverage powerful tools and concepts to identify network intrusions quickly and effectively.
Table of contents
- Dedication
- Foreword
- Preface
-
I. Getting Started
- 1. Network Security Monitoring Rationale
- 2. Collecting Network Traffic: Access, Storage, and Management
- II. Security Onion Deployment
-
III. Tools
- 6. Command Line Packet Analysis Tools
- 7. Graphical Packet Analysis Tools
- 8. NSM Consoles
-
IV. NSM in Action
- 9. NSM Operations
- 10. Server-side Compromise
- 11. Client-side Compromise
-
12. Extending SO
- Using Bro to Track Executables
-
Using Bro to Extract Binaries from Traffic
- Configuring Bro to Extract Binaries from Traffic
- Collecting Traffic to Test Bro
- Testing Bro to Extract Binaries from HTTP Traffic
- Examining the Binary Extracted from HTTP
- Testing Bro to Extract Binaries from FTP Traffic
- Examining the Binary Extracted from FTP
- Submitting a Hash and Binary to VirusTotal
- Restarting Bro
- Using APT1 Intelligence
- Reporting Downloads of Malicious Binaries
- Conclusion
- 13. Proxies and Checksums
- Conclusion
-
A. SO Scripts and Configuration
-
SO Control Scripts
- /usr/sbin/nsm
- /usr/sbin/nsm_all_del
- /usr/sbin/nsm_all_del_quick
- /usr/sbin/nsm_sensor
- /usr/sbin/nsm_sensor_add
- /usr/sbin/nsm_sensor_backup-config
- /usr/sbin/nsm_sensor_backup-data
- /usr/sbin/nsm_sensor_clean
- /usr/sbin/nsm_sensor_clear
- /usr/sbin/nsm_sensor_del
- /usr/sbin/nsm_sensor_edit
- /usr/sbin/nsm_sensor_ps-daily-restart
- /usr/sbin/nsm_sensor_ps-restart
- /usr/sbin/nsm_sensor_ps-start
- /usr/sbin/nsm_sensor_ps-status
- /usr/sbin/nsm_sensor_ps-stop
- /usr/sbin/nsm_server
- /usr/sbin/nsm_server_add
- /usr/sbin/nsm_server_backup-config
- /usr/sbin/nsm_server_backup-data
- /usr/sbin/nsm_server_clear
- /usr/sbin/nsm_server_del
- /usr/sbin/nsm_server_edit
- /usr/sbin/nsm_server_ps-restart
- /usr/sbin/nsm_server_ps-start
- /usr/sbin/nsm_server_ps-status
- /usr/sbin/nsm_server_ps-stop
- /usr/sbin/nsm_server_sensor-add
- /usr/sbin/nsm_server_sensor-del
- /usr/sbin/nsm_server_user-add
-
SO Configuration Files
- /etc/nsm/
- /etc/nsm/administration.conf
- /etc/nsm/ossec/
- /etc/nsm/pulledpork/
- /etc/nsm/rules/
- /etc/nsm/securityonion/
- /etc/nsm/securityonion.conf
- /etc/nsm/sensortab
- /etc/nsm/servertab
- /etc/nsm/templates/
- /etc/nsm/$HOSTNAME-$INTERFACE/
- /etc/cron.d/
- Bro
- CapMe
- ELSA
- Squert
- Snorby
- Syslog-ng
- /etc/network/interfaces
- Updating SO
-
SO Control Scripts
- Index
- About the Author
- Colophon
- B. Updates
- Copyright
Product information
- Title: The Practice of Network Security Monitoring
- Author(s):
- Release date: July 2013
- Publisher(s): No Starch Press
- ISBN: 9781593275099
You might also like
book
Practical Malware Analysis
For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach …
book
Black Hat Python
Black Hat Python explores the darker side of Python's capabilities, helping you test your systems and …
book
Python Crash Course, 2nd Edition
This is the second edition of the best selling Python book in the world. Python Crash …
book
Linux Basics for Hackers
If you’re getting started along the exciting path of hacking, cybersecurity, and pentesting, Linux Basics for …