Showing posts with label writing. Show all posts
Showing posts with label writing. Show all posts

Monday, December 31, 2018

Notes on Self-Publishing a Book


In this post I would like to share a few thoughts on self-publishing a book, in case anyone is considering that option.

As I mentioned in my post on burnout, one of my goals was to publish a book on a subject ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r than cyber security. A friend from my Krav Maga school, Anna Wonsley, learned that I had published several books, and asked if we might collaborate on a book about stretching. The timing was right, so I agreed.

I published my first book with Pearson and Addison-Wesley in 2004, and my last with No Starch in 2013. 14 years is an eternity in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 publishing world, and even in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last 5 years cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 economics and structure of book publishing have changed quite a bit.

To better understand cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 changes, I had dinner with one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 finest technical authors around, Michael W. Lucas. We met prior to my interest in this book, because I had wondered about publishing books on my own. MWL started in traditional publishing like me, but has since become a full-time author and independent publisher. He explained cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pros and cons of going it alone, which I carefully considered.

By cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end of 2017, Anna and I were ready to begin work on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book. I believe our first "commits" occurred in December 2017.

For this stretching book project, I knew my strengths included organization, project management, writing to express anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r person's message, editing, and access to a skilled lead photographer. I learned that my co-author's strengths included subject matter expertise, a willingness to be photographed for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book's many pictures, and friends who would also be willing to be photographed.

None of us was very familiar with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 process of transforming a raw manuscript and photos into a finished product. When I had published with Pearson and No Starch, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y took care of that process, as well as copy-editing.

Beyond turning manuscript and photos into a book, I also had to identify a publication platform. Early on we decided to self-publish using one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 many newer companies offering that service. We wanted a company that could get our book into Amazon, and possibly physical book stores as well. We did not want to try working with a traditional publisher, as we felt that we could manage most aspects of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 publishing process ourselves, and augment with specialized help where needed.

After a lot of research we chose Blurb. One of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most attractive aspects of Blurb was cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir expert ecosystem. We decided that we would hire one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se experts to handle cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 interior layout process. We contacted Jennifer Linney, who happened to be local and had experience publishing books to Amazon. We met in person, discussed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 project, and agreed to move forward togecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r.

I designed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 structure of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book. As a former Air Force officer, I was comfortable with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "rule of threes," and brought some recent writing experience from my abandoned PhD cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365sis.

I designed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book to have an introduction, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 main content, and a conclusion. Within cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 main content, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book featured an introduction and physical assessment, three main sections, and a conclusion. The three main sections consisted of a fundamental stretching routine, an advanced stretching routine, and a performance enhancement section -- something with Indian clubs, or kettle bells, or anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r supplement to stretching.

Anna designed all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 stretching routines and provided cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vast majority of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content. She decided to focus on three physical problem areas -- tight hips, shoulders/back, and hamstrings. We encouraged cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reader to "reach three goals" -- open your hips, expand your shoulders, and touch your toes. Anna designed exercises that worked in a progression through cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 body, incorporating her expertise as a certified trainer and professional martial arts instructor.

Initially we tried a process whereby she would write section drafts, and I would edit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m, all using Google Docs. This did not work as well as we had hoped, and we spent a lot of time stalled in virtual collaboration.

By cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 spring of 2018 we decided to try meeting in person on a regular basis. Anna would explain her desired content for a section, and we would take draft photographs using iPhones to serve as placeholders and to test cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 feasibility of real content. We made a lot more progress using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se methods, although we stalled again mid-year due to schedule conflicts.

By October our text was ready enough to try taking book-ready photographs. We bought photography lights from Amazon and used my renovated basement game room as a studio. We took pictures over three sessions, with Anna and her friend Josh as subjects. I spent several days editing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 photos to prepare for publication, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n handed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bundled manuscript and photographs to Jennifer for a light copy-edit and layout during November.

Our goal was to have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book published before cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 year, and we met that goal. We decided to offer two versions. The first is a "collector's edition" featuring all color photographs, available exclusively via Blurb as Reach Your Goal: Collector's Edition. The second will be available at Amazon in January, and will feature black and white photographs.

While we were able to set cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 price of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book directly via Blurb, we could basically only suggest a price to Ingram and hence to Amazon. Ingram is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 distributor that feeds Amazon and physical book stores. I am curious to see how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book will appear in those retail locations, and how much it will cost readers. We tried to price it competitively with older stretching books of similar size. (Ours is 176 pages with over 200 photographs.)

Without revealing too much of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 economic structure, I can say that it's much cheaper to sell directly from Blurb. Their cost structure allows us to price cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 full color edition competitively. However, one of our goals was to provide our book through Amazon, and to keep cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 price reasonable we had to sell cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 black and white edition outside of Blurb.

Overall I am very pleased with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 writing process, and exceptionally happy with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book itself. The color edition is gorgeous and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 black and white version is awesome too.

The only change I would have made to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 writing process would have been to start cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 in-person collaboration from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 beginning. Working togecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r in person accelerated cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 transfer of ideas to paper and played to our individual strengths of Anna as subject matter expert and me as a writer.

In general, I would not recommend self-publishing if you are not a strong writer. If writing is not your forte, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n I highly suggest you work with a traditional publisher, or contract with an editor. I have seen too many self-published books that read terribly. This usually happens when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 author is a subject matter expert, but has trouble expressing ideas in written form.

The bottom line is that it's never been easier to make your dream of writing a book come true. There are options for everyone, and you can leverage cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to create wonderful products that scale with demand and can really help your audience reach cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir goals!

If you want to start cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new year with better flexibility and fitness, consider taking a look at our book on Blurb! When cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Amazon edition is available I will update this post with a link.

Update: Here is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Amazon listing.

Cross-posted from Rejoining cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Tao Blog.

Monday, May 08, 2017

Latest Book Inducted into Cybersecurity Canon

Thursday evening Mrs B and I were pleased to attend an awards seminar for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Cybersecurity Canon. This is a project sponsored by Palo Alto Networks and led by Rick Howard. The goal is "identify a list of must-read books for all cybersecurity practitioners."

Rick reviewed my fourth book The Practice of Network Security Monitoring in 2014 and someone nominated it for consideration in 2016. I was unaware earlier this year that my book was part of a 32-title "March Madness" style competition. My book won cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 five rounds, resulting in its conclusion in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2017 inductee list! Thank you to all those that voted for my book.

Ben Rothke awarded me cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Canon trophy.
Ben Rothke interviewed me prior to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 induction ceremony. We discussed some current trends in security and some lessons from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book. I hope to see that interviewed published by Palo Alto Networks and/or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Cybersecurity canon project in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 near future.

In my acceptance speech I explained how I wrote cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book because I had not yet dedicated a book to my youngest daughter, since she was born after my third book was published.

A teaching moment at Black Hat Abu Dhabi in December 2012 inspired me to write cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book. While teaching network security monitoring, one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 students asked "but where do I install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 .exe on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 server?"

I realized this student had no idea of physical access to a wire, or using a system to collect and store network traffic, or any of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r fundamental concepts inherent to NSM. He thought NSM was anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r magical software package to install on his domain controller.

Four foreign language editions.
Thanks to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 interpretation assistance of a local Arabic speaker, I was able to get through to him. However, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 experience convinced me that I needed to write a new book that built NSM from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ground up, hence cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 selection of topics and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 order in which I presented cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m.

While my book has not (yet?) been translated into Arabic, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are two Chinese language editions, a Korean edition, and a Polish edition! I also know of several SOCs who provide a copy of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book to all incoming analysts. The book is also a text in several college courses.

I believe cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book remains relevant for anyone who wants to learn cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 NSM methodology to detect and respond to intrusions. While network traffic is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 example data source used in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 NSM methodology is data source agnostic.

In 2002 Bamm Visscher and I defined NSM as "cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 collection, analysis, and escalation of indications and warnings to detect and respond to intrusions." This definition makes no reference to network traffic.

It is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 collection-analysis-escalation framework that matters. You could perform NSM using log files, or host-centric data, or whatever else you use for indications and warning.

I have no plans for anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r cybersecurity book. I am currently editing a book about combat mindset written by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 head instructor of my Krav Maga style and his colleague.
Thanks for asking for an autograph!

Palo Alto hosted a book signing and offered free books for attendees. I got a chance to speak with Steven Levy, whose book Hackers was also inducted. I sat next to him during cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book signing, as shown in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 picture at right.

Thank you to Palo Alto Networks, Rick Howard, Ben Rothke, and my family for making inclusion in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Cybersecurity Canon possible. The awards dinner was a top-notch event. Mrs B and I enjoyed meeting a variety of people, including students in local cybersecurity degree programs.

I closed my acceptance speech with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Old Testament, at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 very end of 2nd Maccabees. It captures my goal when writing books:

"So I too will here end my story. If it is well told and to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 point, that is what I myself desired; if it is poorly done and mediocre, that was cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best I could do."

If you'd like a copy of The Practice of Network Security Monitoring cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best deal is to buy print and electronic editions from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 publisher's Web site. Use code NSM101 to save 30%. I like having cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 print version for easy review, and I carry cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 digital copy on my tablet and phone.

Thank you to everyone who voted and who also bought a copy of my book!

Update: I forgot to thank Doug Burks, who created Security Onion, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 software used to demonstrate NSM in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book. Doug also contributed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 appendix explaining certain SO commands. Thank you Doug! Also thank you to Bill Pollack and his team at No Starch Press, who edited and published cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book!

Thursday, June 13, 2013

Pre-Order The Practice of Network Security Monitoring Before Price Hike

When my publisher and I planned and priced my new book The Practice of Network Security Monitoring, we assumed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book would be about 250 pages. As we conclude cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 copyediting process and put print in layout format, it's clear cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book will be well over 300. The current estimate is 328, but I think it could approach 350 pages.

Because of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 much larger page count, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 publisher and I agreed to reprice cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book. The price will rise from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 current list of $39.95 for paperback and $31.95 for ebook to $49.95 for paperback and $39.95 for ebook.

However, those prices will not go into effect until next Friday, June 21st. That means if you preorder at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 NoStarch.com Web site before next Friday, you will get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 current lower prices. Furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rmore, use preorder code NSM101 to save 30% off list. If you use NSM101 as your discount code it shows No Starch that you got word of this from me.

Those of you who already preordered have already taken advantage of this deal. Thanks for your orders!

We're still on track for publication by July 22, in time for books on hand at my new Network Security Monitoring 101 class in Las Vegas. Seats for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 two editions of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class (weekend and weekday) continue to fill.

If you live in Europe or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Middle East or Africa, you may want to attend my new class in Istanbul in September. I hope cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 protestors and government can manage cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir differences in time for this great new Black Hat event!

Monday, April 29, 2013

Practice of Network Security Monitoring Table of Contents

Since many of you have asked, I wanted to provide an updated Table of Contents for my upcoming book, The Practice of Network Security Monitoring. The TOC has only solidified in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last day or so. I delayed responding until I completed all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 text, which I did this weekend.

You can preorder cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book through No Starch. Please consider using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 discount code NSM101 to save 30%.

I'm still on track to publish by July 22, 2013, in time to teach two sessions of my new course, Network Security Monitoring 101, in Las Vegas. I'll be using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new book's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365mes for inspiration but will likely have to rebuild all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 labs.

I expect cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book to approach cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 350 page mark, exceeding my initial estimates for 256 pages and 7 chapters. Here's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest Table of Contents.

  • Part I, “Getting Started,” introduces NSM and how to think about sensor placement.
    • Chapter 1, “NSM Rationale,” explains why NSM matters, to help you gain cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 support needed to deploy NSM in your environment.
    • Chapter 2, “Collecting Network Traffic: Access, Storage, and Management,” addresses cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 challenges and solutions surrounding physical access to network traffic.

  • Part II, “Security Onion Deployment,” focuses on installing SO on hardware, and configuring SO effectively.
    • Chapter 3, “Stand-alone Deployment,” introduces SO, and explains how to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 software on spare hardware to gain initial NSM capability at low or no cost.
    • Chapter 4, “Distributed Deployment,” extends Chapter 3 to describe how to install a dispersed SO system.
    • Chapter 5, “SO Housekeeping,” discusses maintenance activities for keeping your SO installation running smoothly.

  • Part III, “Tools,” describes key software shipped with SO, and how to use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se applications.
    • Chapter 6, “Command Line Packet Analysis Tools,” explains cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 key features of Tcpdump, Tshark, Dumpcap, and Argus in SO.
    • Chapter 7, “Graphical Packet Analysis Tools,” adds GUI-based software to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mix, describing Wireshark, Xplico, and NetworkMiner.
    • Chapter 8, “Consoles,” shows how NSM suites like Sguil, Squert, Snorby, and ELSA enable detection and response workflows.

  • Part IV, “NSM in Action,” discusses how to use NSM processes and data to detect and respond to intrusions.
    • Chapter 9, “Collection, Analysis, Escalation, and Resolution,” shares my experience building and leading a global Computer Incident Response Team (CIRT).
    • Chapter 10, “Server-Side Compromise,” is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first NSM case study, wherein you’ll learn how to apply NSM principles to identify and validate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 compromise of an Internet-facing application.
    • Chapter 11, “Client-Side Compromise,” is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second NSM case study, offering an example of a user being victimized by a client-side attack.
    • Chapter 12, “Extending SO,” covers tools and techniques to expand SO’s capabilities.
    • Chapter 13, “Proxies and Checksums,” concludes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 main text by addressing two challenges to conducting NSM.

  • The Conclusion offers a few thoughts on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future of NSM, especially with respect to cloud environments and workflows.
  • Appendix A, “Security Onion Scripts and Configuration,” includes information from SO developer Doug Burks on core SO configuration files and control scripts.

I hope you enjoy cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book and consider cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new class! If you have comments or questions, please post cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m here on via @taosecurity.

Monday, February 11, 2013

Practical Network Security Monitoring Book on Schedule

First cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 good news: my new book Practical Network Security Monitoring is on track, and you can pre-order with a 30% discount using code NSM101.

I'm about 1/3 of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 way through writing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book. Since I announced cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 project last month, I've submitted chapters 1, 2, and 3. They are in various stages of review by No Starch editors and my technical editors. I seem to be writing more than I expected, despite trying to keep cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book at an introductory level. I find that I want to communicate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 topic sufficiently to make my point, but I try to avoid going too deeply into related areas.

I'm also encountering situations where I have to promise to explain some concepts later, racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r than explain everything immediately. I believe once I get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first chapter ironed out with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 editor, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 rest will be easier to digest. I'm taking a fairly methodical approach (imagine that), so once cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 foundation in chapter 1 is done cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 rest is more straightforward.

I'm keeping a fairly aggressive schedule. Basically I have to write a chapter each week, get it to my technical editors, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n spend additional time working with No Starch to get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 text legible and ready for print. All of this is happening in parallel in order to have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 books in print by Black Hat. That means cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 text must done by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first week in April. My family is helping me stay on track by giving me time and space to write, especially on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 weekends. Thank you!

When working on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 examples, I've been very pleased with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 performance of VMWare Workstation 9. I have one copy installed on Windows 7, where I write with Word. I have a second copy installed on Ubuntu Server, where it acts like a "VMWare Server." I used to run a real ESXi server on server-class hardware. Now, to save electricity and to more tailor my computer power to my requirements, I run a Shuttle DS61 with a Core i5-3450S 2.80GHz CPU, 16 GB RAM, 750 GB HDD, and two onboard NICs. The two NICs are really awesome in a device this small -- 190(L) x 165(W) x 43(H) mm. With two NICs, I can devote one for management and one for network traffic collection and interpretation. I use a Net Optics Dual Port Aggregator Tap for access to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wire.

I use VMWare Workstation this way. I run a Linux VM on Workstation on my Windows 7 laptop. I connect via Workstation to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Workstation instance on Ubuntu on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 DS61. Then I create whatever VMs I need on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 DS61. For example, I created a Security Onion server and sensor to test that setup. With 16 GB RAM, I have plenty of RAM for both, plus anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r VM that I'm running as my "production" Security Onion sensor for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 lab network.

Writing is going well, despite cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fact that I last wrote a book in 2005. I promised my youngest daughter, who wasn't born until 2006, that this new book is for her. If you have any questions on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 writing process, please post cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m here or ask me on Twitter.

Wednesday, January 16, 2013

How to Win This TCP/IP Book

Last week I wished this blog happy tenth birthday and announced plans for a new book on network security monitoring. I also mentioned a contest involving a book give-away. I finally figured out a good way to select a winner, and it involves your participation in my current writing project!

Thanks to No Starch Press I have a brand-new, shrink-wrapped copy of The TCP/IP Guide, a mammoth 1616 page hardcover book by Charles M. Kozierok.

Here's what you have to do to try to win this book: submit a case study on how network security monitoring helped you detect, respond to, and contain an intrusion in your environment.

You don't have to reveal your organization, but I want to know some general information like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 number of users and computers. Readers need to know cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sort of environment where NSM worked for you, but I don't want you to reveal your organization (unless you want to).

Tell cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reader what happened, what NSM data you used, how you used it, and how you handled cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 incident. Extra points go to writers who include log excerpts and screen captures.

I will include cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 submission in my new book, subject to editing by myself and No Starch, for readability and comprehension.

The deadline for submission is 10:00 pm eastern time, Saturday 26 January (sorry for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 earlier typo). I managed to extend cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 deadline a little. Quality trumps quantity here -- I'm not looking for anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r chapter!

Please submit your entries as plain text in email to taosecurity at gmail dot com. I won't open .doc or .pdf or ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r files which could contain surprises.

When you take screen captures, save cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m in high-resolution .tif format without compression. Don't take a capture of command-line information; instead, copy cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 text into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 story. When taking screen captures of GUI tools and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 like, don't take a capture of a giant window; resize to something that will be legible on a printed page, witha .

This is an example of a bad screen capture:

This is a good screen capture:

Depending on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 quality of any screen captures, I may ask you to resubmit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to meet cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 publisher's requirements.

If you have any questions, please post cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m here.

The winner will receive cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pictured TCP/IP book. Once my new book arrives, I will ask cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 publisher to mail you a free copy too.

If I receive one or more good runners-up, I will ask cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 publisher to send cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir owners copies of my new book too.

If you have any questions, please submit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m as comments here. Good luck!

Tuesday, January 08, 2013

Bejtlich's New Book: Planned for Summer Publication

Nearly ten years after I started writing my first book, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Tao of Network Security Monitoring, I'm pleased to announce that I just signed a contract to write a new book for No Starch titled Network Security Monitoring in Minutes.

From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book proposal:

Network Security Monitoring in Minutes provides cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tactics, techniques, and procedures for maximum enterprise defense in a minimum amount of time.

Network Security Monitoring (NSM) is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 collection, analysis, and escalation of indications and warnings to detect and respond to intrusions. Network Security Monitoring in Minutes teaches information technology and security staff how to leverage powerful NSM tools and concepts immediately.

Using open source software and vendor-neutral methods, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 author applies lessons he first began applying to military networks in 1998. After reading this book, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 audience will be able to integrate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same winning approaches to better defend his or her company’s data and networks.

Network Security Monitoring in Minutes is an important book because nearly all organizations operate a network. By connecting to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y expose cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir intellectual property, trade secrets, critical business processes, personally identifiable information (PII), and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r sensitive information to attackers worldwide. Without cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network level vigilance provided by this book, organizations will continue to be victimized for months, and in many cases years, before learning cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y have been breached.

This book consists of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following chapters:

Chapter 1, Network Security Monitoring Rationale, explains why NSM matters and help readers gain cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 support needed to deploy NSM in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir environment.

Chapter 2, Accessing Network Traffic, addresses cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 challenges and solutions surrounding physical access to network traffic.

Chapter 3, Sensor Deployment and Configuration, introduces Security Onion (SO), and explains how readers can install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 software on spare hardware to gain an initial NSM capability at low or no cost.

Chapter 4, Tool Overview, guides cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reader through cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 core SO tool set, focusing on those capabilities most likely to help handle digital intrusions.

Chapter 5, Network Security Monitoring Operations, shares cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 author’s experience building and leading a global Computer Incident Response Team (CIRT), such that readers can apply those lessons to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir own operations.

Chapter 6, Server-Side Compromise, is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first NSM case study, wherein readers will learn how to apply NSM principles to identify and validate a compromise of an Internet-facing application.

Chapter 7, Client-Side Compromise, is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second NSM case study, offering readers an example of a user being victimized by a client-side attack. NSM data will again identify and validate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 compromise, prompting efficient incident response.

The Conclusion extends NSM principles beyond cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 enterprise into hosted and Cloud settings, offering future options for those environments.

The Appendix discusses tools that are not open source, but which may be helpful to those conducting NSM operations.

My goal is to finish this short book (roughly 220 pages) in time for publication at Black Hat this summer. Thank you to Pearson/Addison-Wesley for giving me cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 flexibility to write this complementary NSM book, and to No Starch for signing me to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir publishing house.

Friday, September 21, 2007

Tactical Traffic Assessment

When I wrote Extrusion Detection in 2004-5 I used cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 term Traffic Threat Assessment to describe a means of inspecting network traffic for signs of malicious activity. I differentiated among various assessments using this terminology.

  1. A vulnerability assessment identifies vulnerabilities and exposures in assets.

  2. A penetration test identifies at least one way that an adversary could exploit vulnerabilities and exposures to compromise a target or satisfy a related objective.

  3. A traffic threat assessment identifies traffic that indicates a network has already been compromised.


The goal of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 customer determined which of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 actions to perform.

I was not really comfortable with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 term "traffic threat assessment," so I'm going to use Tactical Traffic Assessment starting now. That definition for TTA nicely differentiates between a short-term, focused, tactical effort and a long-term, enterprise-wide, strategic program like Network Security Monitoring.

Tactical Traffic Assessment removes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "threat assessment" part out of TTA, since "threat assessment" is more about characterizing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 capabilities and intentions of an adversary and not whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r he has compromised cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 enterprise.

Tactical Traffic Assessment also leaves room for findingnon-security issues like misconfigured devices or ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r troubleshooting-related network problems.

Sunday, January 28, 2007

Is It NSM If...

Frequently I'm asked about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 data sources I cite as being necessary for Network Security Monitoring, namely statistical data, session data, full content data, and alert data. Sometimes people ask me "Is it NSM if I'm not collecting full content?" or "Where's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 statistical data in Sguil? Without it, is Sguil a NSM tool?" In this post I'd like to address this point and answer a question posted as a comment Joe left on my post My Investigative Process Using NSM.

In 2002 while working for Foundstone, I contributed to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fourth edition of Hacking Exposed, pictured at left. On page 2 I defined NSM as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 collection, analysis, and escalation of indications and warning to detect and respond to intrusions. Since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n I've considered modifying that definition to emphasize cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 traffic-centric approach I intended to convey by using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 term "network."

Whenever I speak or write about NSM I emphasize cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 four types of network data most likely to discover and control intrusions. However, I also say and write that you should collect cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 maximum amount of data that is technically, legally, and reasonably possible. For example, it is technically impossible (without spending vast amounts of money) to continuously collect all but a short period of full content traffic in some environments. In ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r cases, it is not legally allowed, or privacy concerns render collecting full content a bad idea. For example, I would hope my ISP avoids storing all user packets because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y claim a security value. With reason as a guide, I would also expect NSM practitioners to avoid storing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 full content of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 traffic passing on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir storage area network or similar.

I like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 approach taken by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 inspiration for The Tao of Network Security Monitoring, namely cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 incomparable Bruce Lee's The Tao of Jeet Kune Do. Bruce Lee didn't advocate slavish devotion to any style. He suggested taking what was valuable from a variety of styles and applying what works in your own situation. I recommend cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same idea with NSM.

Does this mean that one can completely avoid collecting full content data, perhaps relying instead on statistical, session, and alert data? I argue that whatever cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 limitations that prevent continuous full content data collection, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ability to perform on-demand full content data collection is an absolute requirement of NSM.

First, every network probably must have this capability, simply to meet lawful intercept requirements. Second, although I love session data, it is not always able to answer every question I may have about a suspicious connection. This is why approaches like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 DoD's Centaur project are helpful but not sufficient. There is really no substitute for being able to look at full content, even if it's activated in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hopes of catching a future instance of a suspicious event. Third, only full content data can be carefully re-examined by deep inspection applications (like an IDS) once a new detection method is deployed. Session data can be mined, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 lack of all packet details renders detection of certain types of suspicious behavior impossible.

While we're talking about full content, I suppose I should briefly address cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 issue of encryption. Yes, encryption is a problem. Shoot, even binary protocols, obscure protocols, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 like make understanding full content difficult and maybe impossible. Yes, intruders use encryption, and those that don't are fools. The point is that even if you find an encrypted channel when inspecting full content, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fact that it is encrypted has value.

When I discover outbound traffic to port 44444 TCP on a remote server, I react one way if I can read clear HTTP, but differently if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content appears encrypted.

I will admit to filtering full content collection of traditionally encrypted traffic, such as that on 443 TCP, when such collecting such traffic would drastically decrease cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 overall amount of full content I could collect. (For example, with HTTPS I might only save 1 day's worth of traffic; without, maybe 3 days.) In such cases I am making a trade-off that I hope is acceptable given cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 constraints of my environment.

As to why we don't have statistical data in Sguil: I think those who want statistical data can turn to ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r projects like MRTG, Darkstat, or even Wireshark to get interesting statistical data.

In brief, I consider NSM's basic data requirements to be all four types of data mentioned earlier, with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 understanding that collecting full content is expensive. On-demand definitely, continuous if possible.

Tuesday, December 05, 2006

Bejtlich Book Signing Thursday 1230 in DC

I will attend a book signing event at USENIX LISA 06 at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Wardman Park Marriott Hotel in Washington DC from 1230-1330 on Thursday 7 December. Representatives from Reiters will be selling books cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re as part of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conference expo from 1000-1400 on Thursday. Please stop by to say hello if you'd like a book signed.

I'll return to LISA on Friday to teach Network Security Monitoring with Open Source Tools. You can still sign up onsite if you'd like to attend. Thank you.

Monday, October 16, 2006

Extrusion Detection Sightings

I've noticed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 term extrusion detection appearing more frequently, usually tied to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest buzzphrase -- "insider threat." The GSA-loving magazine Federal Computer Weekly recently mentioned cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following:

Emerging tools known as extrusion-detection systems are helping government agencies and private companies detect whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r sensitive information is leaving cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir organizations...

“Our goal is to monitor traffic from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 inside going out,” said Daniel Hedrick, product manager at Vericept and a former intelligence officer in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Air Force. “If I see content going out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 door, with or without cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 approval or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 knowledge of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 user, I will automatically encrypt it.”
(emphasis added)

Wow, that's something. So once this "content" is "encrypted," what does cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 intended recipient do with it? I'm hoping this is an example of a writer misreporting Mr. Hedrick's answers to questions.

I mildly dislike seeing terms become hyphenated (e.g., "extrusion-detection") for no reason. I strongly dislike people claiming to invent terms. Consider cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following SearchSecurity.com story:

Symantec Corp. says its latest products and partnerships will thwart online outlaws who attempt to raid company databases for sensitive information that can be used for a variety of fraud...

Symantec executives cited cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 growing number of data breaches and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 resulting exposure of confidential information as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 motivating factors behind cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 release of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tool. "It has a feature that I call extrusion detection, which alerts administrators when sensitive data is leaving cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network," Steve Trilling, Symantec's vice president of research and advanced development, said in an interview recently. "And it operates on a copy of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network traffic, so it doesn't slow anything down."
(emphasis added)

Now I know who coined cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 phrase extrusion detection... not. As I wrote three years ago, Robert Mozkowitz and Franke Knobbe have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best claims, dating back to November 1999.

Finally, this morning I stepped one toe into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 audiobook world by recording an excerpt of my latest book Extrusion Detection within a joint Addison-Wesley and SearchSecurity.com (free) project. I don't know why people pirate my books when more and more parts are appearing online in one form or anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r!

When this recording (about 10 minutes) is available, I'll post a notice here. If you find cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 idea interesting, please let me know.

Thanks also for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 many kind comments about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 birth of my daughter. My family (including me, obviously!) appreciates it greatly. I also like seeing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sites that blindly repost my content (without attribution) reporting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 addition to my family. :)

Wednesday, October 04, 2006

Chapter 3 from Extrusion Online

In addition to Chapter 18 from Tao, I noticed Chapter 3 from my third book, Extrusion Detection: Security Monitoring for Internal Intrusions is also online at SearchSecurityChannel.com.

This book has been getting some attention because it starts with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 premise that your internal network is compromised. Given that assumption, how do you detect, contain, and eradicate intruders on your network? The model applies well to insider and outsider threats.

I consider Extrusion to be a companion volume to Tao, and as such I recommend reading Tao first and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n Extrusion. Real Digital Forensics is a book where network security monitoring, network incident response, and network forensics are intergrated with host- and memory-centric security operations.

Chapter 18 from Tao Online

With cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 launch of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new SearchSecurityChannel.com site, I can report that chapter 18 of my first book, The Tao of Network Security Monitoring: Beyond Intrusion Detection is now available online. Chapter 18 is "Tactics for Attacking Network Security Monitoring." It outlines technical means attackers may degrade or deny operations to detect and respond to intrusions.

Keep an eye on SearchSecurityChannel.com. I am working with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 editor on a plan to contribute regular content for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 site.

Tuesday, July 25, 2006

Keith Jones Podcast on Real Digital Forensics

Keith Jones was interviewed about our book Real Digital Forensics. The site conducting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 interview is Let's Talk Computers. You can reach cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 audio in Real Audio or Windows Media format here.

You can tell this interviewer has been around cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 block. He actually broadcasts on real AM and FM radio. The whole interview is about 13 minutes long and very informative.

Friday, June 30, 2006

Tuning Snort Article in Sys Admin Magazine

Keep an eye on your local news stands or mail box for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 August 2006 issue of Sys Admin magazine. They published an article I wrote titled Tuning Snort. I describe simple steps one should take with Snort to reduce cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 number of unwanted alerts. I used a beta of Snort 2.6.0 when writing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 article a few months ago.

Saturday, June 24, 2006

New Review of Extrusion Detection Posted



Tony Stevenson wrote a very thorough review of my newest book, Extrusion Detection: Security Monitoring for Internal Intrusions. Tony really seems to understand this book, unlike cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 author of a recent review for Information Security magazine who completely missed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 point of Extrusion. Tony writes in his review in Windows IT Library:

While it is true that his latest book can be read in isolation from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 previous one, I agree with Bejtlich when he says, "in many ways, Extrusion Detection is an attempt to extend The Tao to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 addressing of internal threats."

By reading both books, and by rigorously applying cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 strategies that are described within cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m, it becomes possible to significantly increase cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 odds in your favor of not having your company's systems violated, eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r from an external threat or from an internally generated attack.

Monday, June 19, 2006

IA Newsletter Article Posted

The Defense Technical Information Center houses a group called cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Information Assurance Technology Analysis Center. IATAC publishes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IA Newsletter. I recently learned that an article I wrote, Network Security Monitoring: Beyond Intrusion Detection, was published in Volume 8, No. 4 (.pdf). I wrote it as a response to an earlier article called The Future of Network Intrusion Detection in Volume 7, No. 3 (.pdf). This earlier article preached cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 common idea that intrusion prevention systems are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future of network intrusion detection. Read my article for an alternative opinion.

Friday, January 06, 2006

Bejtlich FreeBSD Article in February Sys Admin Magazine

The February 2006 issue of Sys Admin magazine features an article I wrote called Keeping FreeBSD Up to Date. This article represents my latest opinions on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 matter, and where possible supersedes my previous work on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 subject.

If you administer any Unix systems, or you want to know more about Unix, I highly recommend subscribing to Sys Admin. I don't know of anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r multi-Unix, multi-topic magazine like it. Every issue has at least one article on a subject I need to understand. In a world where magazine racks are dominated by Windows-centric rags, I like supporting Sys Admin!

Thursday, December 01, 2005

Engineering Disasters in Information Security Magazine

The December 2005 issue of Information Security magazine features an article I wrote titled History Lessons with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 subtitle "Digital security could learn a lot from engineering's great disasters." It is based on this blog entry describing analog engineering disasters like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1931 Yangze River damn failure, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1944 Cleveland LNG tank fire, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1981 Kansas City Hyatt Regency hotel walkway collapse, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1933 Atlanta Marriott parking lot sink hole.

I am considering expanding this topic of digital security disasters to encompass a new book. I would like to take a historical and technical look at digital security failures on a case-by-case basis. Ideally cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cases would be based on testimony from witnesses or participants wishing to (anonymously) share lessons with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir colleagues.

My concept is simple: when a bridge fails in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "analog" world, everyone knows about it. The disaster is visible, and engineers can analyze and learn from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 event. The lessons cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y take away make future bridges stronger and safer. I do not see this happening in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 digital world. Organizations suffer disasters all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time due to poor techniques, tools, configuration, management decisions, and so on. Unfortunately, few people ever hear about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se problems, so cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are repeated elsewhere. The only parties to benefit are intruders. Security engineers never get to learn from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mistakes of ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs.

What would a sample story look like? As a simple example, I know of an ISP who suffered a two hour router ACL drop that allowed remote intruders to exploit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir development network. The ISP suffered a major compromise by Russian intruders that required a dedicated multi-week, guerilla-warfare incident response effort. Several lessons can be learned: (1) a router with an ACL is not a firewall, especially when you can attack any high port using source port 20 TCP; (2) development networks with unpatched machines should not bear publicly routable IP addresses and be Internet facing; and (3) cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is value in monitoring to detect when your defensive measures fail.

Would any of you be willing to share your stories with me? I would be willing to communicate in any reasonable manner you wish to preserve your identities and sensitivities. The goal of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book is to provide real-world cases that can teach lessons to fellow security engineers. I am not trying to embarrass or humiliate anyone. I do not expect to hear any company or personal names, and if you still provide cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m I will not repeat cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book. I am most interested in stories that have plenty of technical details.

Please email your thoughts to richard at taosecurity dot com. Thank you.

Monday, November 21, 2005

Extrusion Detection Shipping

Good news -- several of you have reported receiving copies of my new book Extrusion Detection, ordered through regular online vendors. I'm happy to see Amazon.com finally listing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book as "Usually ships within 24 hours." It appears Buy.com has a great deal, with free shipping and a $29.69 price.

If you have any suggested changes, please let me know within cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next 10 days. I owe corrections to my publisher for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second printing on 2 December. Thank you!