Thursday, November 10, 2005

Sample Extrusion Detection Chapter Posted

My publisher just posted Chapter 4: Enterprise Network Instrumentation from my new book, Extrusion Detection: Security Monitoring for Internal Intrusions. The table of contents, preface, foreword by Marcus Ranum, and index are also all online. Marcus' foreword (.pdf) is a different than most; he interviews me. For example:

"MJR: I’ve noticed you’re a fan of Bruce Lee! It’s interesting to me how a lot of us security guys find parallels between computer/network security and the martial arts/art of war. Remember Lee’s great “It’s like a finger pointing away to the moon” speech? What do you think would be the equivalent for a student of computer security? What do you think Bruce would tell us?

RB: I am indeed a fan of Bruce Lee, and I’ve practiced several martial arts... I advise that intruders should be viewed as smart (sometimes smarter than you) and unpredictable, and able to beat your defenses. Bruce would probably agree. He would train to be ready for whatever his opponent would deliver, and he would have techniques in place to deal with the consequences of not blocking an initial punch or kick. Rather than failing catastrophically when an opponent lands a blow, Bruce would take advantage of the attacker’s proximity to initiate a different sort of counterattack or improved defense."

The chapters are as follows:

  1. Network Security Monitoring Revisited

  2. Defensible Network Architecture

  3. Extrusion Detection Illustrated

  4. Enterprise Network Instrumentation

  5. Layer 3 Network Access Control

  6. Traffic Threat Assessment

  7. Network Incident Response

  8. Network Forensics

  9. Traffic Threat Assessment Case Study

  10. Malicious Bots



  • Epilogue

  • Appendix A: Collecting Session Data in an Emergency

  • Appendix B: Minimal Snort Installation Guide

  • Appendix C: Survey of Enumeraiton Methods

  • Appendix D: Open Source Host Enumeration


The book should begin shipping tomorrow. If you have any suggestions for errata, please send them to me via richard at taosecurity dot com. Thank you!

No comments: