THE TAO OF NETWORK SECURITY MONITORING Beyond Intrusion Detection - R. Bejtlich

This sale is for a book:

The Tao of Network Security Monitoring

Beyond Intrusion Detection 

by Richard Bejtlich

2004

Regular Price: US$74.99

Description:

Book has never been used, with no highlights, underlining, notes or such, or missing pages. Some dirt and wear present. Creased cover pages. I would rate the book condition as 7.5/10. See photos of ACTUAL item!

The book only, no other materials included (such as CD, manuals, pass codes, etc). Comes from a smoke-free home! Immediate shipping from Toronto, Canada. NO TAX, No Duties!

DETAILS:

·      Publisher: Addison-Wesley Professional

·      Authoors: Richard Bejtlich

·      Edition: Paperback, 48 pages, 2009

·      Language: English

·      ISBN-10: 0321246772

·      ISBN-13: 978- 0321246776

·      Dimensions: 9.4 x 2 x 9 inches

·      Condition: New other (Never used, shelfwear, 7.5/10)

·      Retail Price: US$74.99

DESCRIPTION:

Welcome to The Tao of Network Security Monitoring: Beyond Intrusion Detection. The goal of this book is to help you better prepare your enterprise for the intrusions it will suffer. Notice the term “will.” Once you accept that your organization will be compromised, you begin to look at your situation differently. If you’ve actually worked through an intrusion—a real compromise, not a simple Web page defacement—you’ll realize the security principles and systems outlined here are both necessary and relevant.

This book is about preparation for compromise, but it’s not a book about preventing compromise. Three words sum up my attitude toward stopping intruders: prevention eventually fails. Every single network can be compromised, either by an external attacker or by a rogue insider. Intruders exploit flawed software, misconfigured applications, and exposed services. For every corporate defender, there are thousands of attackers, enumerating millions of potential targets. While you might be able to prevent some intrusions by applying patches, managing configurations, and controlling access, you can’t prevail forever. Believing only in prevention is like thinking you’ll never experience an automobile accident. Of course you should drive defensively, but it makes sense to buy insurance and know how to deal with the consequences of a collision.

Once your security is breached, everyone will ask the same question: now what? Answering this question has cost companies hundreds of thousands of dollars in incident response and computer forensics fees. I hope this book will reduce the investigative workload of your computer security incident response team (CSIRT) by posturing your organization for incident response success. If you deploy the monitoring infrastructure advocated here, your CSIRT will be better equipped to scope the extent of an intrusion, assess its impact, and propose efficient, effective remediation steps. The intruder will spend less time stealing your secrets, damaging your reputation, and abusing your resources. If you’re fortunate and collect the right information in a forensically sound manner, you might provide the evidence needed to put an intruder in jail.

Audience

This book is for security professionals of all skill levels and inclinations. The primary audience includes network security architects looking for ways to improve their understanding of their network security posture. My goal is to provide tools and techniques to increase visibility and comprehension of network traffic. If you feel let down by your network-based intrusion detection system (NIDS), this book is definitely for you. I explain why most NIDS deployments fail and how you can augment existing NIDS with open source tools.

Because this book focuses on open source tools, it is more likely to be accepted in smaller, less bureaucratic organizations that don’t mandate the use of commercial software. Furthermore, large organizations with immense bandwidth usage might find some open source tools aren’t built to handle outrageous traffic loads. I’m not convinced the majority of Internet-enabled organizations are using connections larger than T-3 lines, however. While every tool and technique hasn’t been stress-tested on high-bandwidth links, I’m confident the material in this book applies to a great majority of users and networks.

If you’re a network security analyst, this book is also for you. I wrote this book as an analyst, for other analysts. This means I concentrate on interpreting traffic, not explaining how to install and configure every single tool from source code. For example, many books on “intrusion detection” describe the Transmission Control Protocol/Internet Protocol (TCP/IP) suite and how to set up the Snort open source IDS engine with the Analysis Console for Intrusion Databases (ACID) interface. These books seldom go further because they soon encounter inherent investigative limitations that restrict the usefulness of their tools. Since my analytical techniques do not rely on a single product, I can take network-based analysis to the next level. I also limit discussion of odd packet header features, since real intrusions do not hinge on the presence of a weird TCP flag being set. The tools and techniques in this book concentrate on giving analysts the information they need to assess intrusions and make decisions, not just identify mildly entertaining reconnaissance patterns.

This book strives to not repeat material found elsewhere. You will not read how to install Snort or run Nmap. I suggest you refer to the recommended reading list in the next section if you hunger for that knowledge. I introduce tools and techniques overlooked by most authors, like the material on protocol anomaly detection by Brian Hernacki, and explain how you can use them to your advantage.

Technical managers will appreciate sections on best practices, training, and personnel issues. All the technology in the world is worthless if the staff manning it doesn’t understand their roles, responsibilities, and escalation procedures. Managers will also develop an intuition for the sorts of information a monitoring process or product should provide. Many vendors sell services and products named with combinations of the terms “network,” “security,” and “monitoring.” This book creates a specific definition for network security monitoring (NSM), built on a historical and operational foundation.

International Buyers - Please Note:

·  Import duties, taxes and charges are not included in the item price or shipping charges. These charges are the buyer's responsibility.

·  Please check with your country's customs office to determine what these additional costs will be prior to bidding/buying.

Payment:
Contact must be made within 1 day, and payment must be received within 3 days, or item will be relisted and non-paying buyer reported to eBay.
I can accept both US and Canadian $$.

I gladly accept:

• PayPal
• cash on pickup 

Please plan your payment accordingly, before bidding!

SHIPPING:

Item will be shipped through Canada Post the next business day upon payment is received.
Shipping to Canada and USA is fix priced as shown in shipping details section.
Shipping to Canada: Most items in Canada are normally sent as Expedited parcel. Shipping can be upgraded to Xpresspost (1-3 business days) which include insurance up to CDN$100 (additional insurance can be purchased) and web tracking.

Shipping to USA: Items under 1 kg (after packaging) will be sent as Small Packet Ssurface (Optionally, shipping can be upgraded to Small Packet Air, Expedited or Xpresspost).
Items over 1Kg (after packaging) will be sent as Expedited Parcel, which offers web tracking, insurance up to CDN$100 (additional insurance can be purchased) and takes about 7 business days.
Optionally, all items can be upgraded to Xpresspost (about 5 days, CDN$100 insurance, tracking)

International shipping: Rates for most items will be calculated upon the termination of the sale, based on the destination country.
Upon the auction end, I will send you the invoice with all available shipping options with prices. All parcels are priced by the weight and destination. Please check Canada Post web-site or contact me prior the sale to check actual shipping cost. By purchasing the item, you agree with Canada Post pricing model.

Insurance and tracking number are optional (with additional cost for the buyer), and if not chosen, buyer carries all responsibility for the lost/damaged shipment!

Local pickup is welcome and FREE, but cash is the only payment option in case of pickup.
Will ship worldwide.


PLEASE NOTE - RETURN!
All items are sold "AS IS" and sales are final. I will describe each item to the best of my ability and state any malfunction or discrepancies of which I am aware. Please ask questions if you have any, before placing your bid. Returns are accepted only if item is misspresented. Buyer must contact seller before the return, for authorization.

Add TORONTO GARAGE SALE to your Favorite Sellers List

Feedback:
Check my perfect feedback .... bid with confidence!
When the transaction is complete I'll leave positive feedback, and would appreciate the same in return.

Make sure to visit my eBay store for more interesting items!