Monday, April 29, 2013

Practice of Network Security Monitoring Table of Contents

Since many of you have asked, I wanted to provide an updated Table of Contents for my upcoming book, The Practice of Network Security Monitoring. The TOC has only solidified in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last day or so. I delayed responding until I completed all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 text, which I did this weekend.

You can preorder cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book through No Starch. Please consider using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 discount code NSM101 to save 30%.

I'm still on track to publish by July 22, 2013, in time to teach two sessions of my new course, Network Security Monitoring 101, in Las Vegas. I'll be using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new book's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365mes for inspiration but will likely have to rebuild all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 labs.

I expect cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book to approach cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 350 page mark, exceeding my initial estimates for 256 pages and 7 chapters. Here's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest Table of Contents.

  • Part I, “Getting Started,” introduces NSM and how to think about sensor placement.
    • Chapter 1, “NSM Rationale,” explains why NSM matters, to help you gain cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 support needed to deploy NSM in your environment.
    • Chapter 2, “Collecting Network Traffic: Access, Storage, and Management,” addresses cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 challenges and solutions surrounding physical access to network traffic.

  • Part II, “Security Onion Deployment,” focuses on installing SO on hardware, and configuring SO effectively.
    • Chapter 3, “Stand-alone Deployment,” introduces SO, and explains how to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 software on spare hardware to gain initial NSM capability at low or no cost.
    • Chapter 4, “Distributed Deployment,” extends Chapter 3 to describe how to install a dispersed SO system.
    • Chapter 5, “SO Housekeeping,” discusses maintenance activities for keeping your SO installation running smoothly.

  • Part III, “Tools,” describes key software shipped with SO, and how to use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se applications.
    • Chapter 6, “Command Line Packet Analysis Tools,” explains cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 key features of Tcpdump, Tshark, Dumpcap, and Argus in SO.
    • Chapter 7, “Graphical Packet Analysis Tools,” adds GUI-based software to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mix, describing Wireshark, Xplico, and NetworkMiner.
    • Chapter 8, “Consoles,” shows how NSM suites like Sguil, Squert, Snorby, and ELSA enable detection and response workflows.

  • Part IV, “NSM in Action,” discusses how to use NSM processes and data to detect and respond to intrusions.
    • Chapter 9, “Collection, Analysis, Escalation, and Resolution,” shares my experience building and leading a global Computer Incident Response Team (CIRT).
    • Chapter 10, “Server-Side Compromise,” is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first NSM case study, wherein you’ll learn how to apply NSM principles to identify and validate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 compromise of an Internet-facing application.
    • Chapter 11, “Client-Side Compromise,” is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second NSM case study, offering an example of a user being victimized by a client-side attack.
    • Chapter 12, “Extending SO,” covers tools and techniques to expand SO’s capabilities.
    • Chapter 13, “Proxies and Checksums,” concludes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 main text by addressing two challenges to conducting NSM.

  • The Conclusion offers a few thoughts on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future of NSM, especially with respect to cloud environments and workflows.
  • Appendix A, “Security Onion Scripts and Configuration,” includes information from SO developer Doug Burks on core SO configuration files and control scripts.

I hope you enjoy cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book and consider cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new class! If you have comments or questions, please post cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m here on via @taosecurity.

Sunday, April 21, 2013

Bejtlich Teaching New Class at Black Hat in July

I'm pleased to announce I will teach two sessions of a brand-new two day class at Black Hat USA 2013 this summer. The new class is Network Security Monitoring 101. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 overview:

Is your network safe from intruders? Do you know how to find out? Do you know what to do when you learn cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 truth? If you are a beginner, and need answers to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se questions, Network Security Monitoring 101 (NSM101) is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 newest Black Hat course for you.

This vendor-neutral, open source software-friendly, reality-driven two-day event will teach students cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 investigative mindset not found in classes that focus solely on tools. NSM101 is hands-on, lab-centric, and grounded in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest strategies and tactics that work against adversaries like organized criminals, opportunistic intruders, and advanced persistent threats.

Best of all, this class is designed *for beginners*: all you need is a desire to learn and a laptop ready to run a few virtual machines.

Instructor Richard Bejtlich has taught over 1,000 Black Hat students since 2002, and this brand new, 101-level course will guide you into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world of Network Security Monitoring.

Black Hat has three remaining price points and deadlines for registration.

  • "Regular" ends 31 May

  • "Late" ends 24 July

  • "Onsite" starts at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conference

Seats are filling -- it pays to register early!

If you have any questions about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class, please leave a comment here or contact me via Twitter at @taosecurity. Thank you.

I'm also talking with Black Hat about teaching at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir Istanbul and Seattle events later this year.