O'Reilly logo

The Tao of Network Security Monitoring Beyond Intrusion Detection by Richard Bejtlich

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

3. Deployment Considerations

This chapter lays the foundation for Part II, where I discuss NSM products. A product is worthless unless it can see packets. Before analysts investigate events, security engineers must devise a way to access network traffic, and system administrators must install hardware and software to support NSM applications. Network administrators must ensure that NSM platforms are remotely accessible. Before solving any of these problems, however, it's appropriate to consider the threat model that drives product deployment choices.

Threat Models and Monitoring Zones

The threat model represents the threats for which the NSM solution is engineered and the assets it is supposed to monitor. A threat model is an expression of expectations. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required