Comments on Internal Monitoring
Victor Oppleman, co-author of a great book called Extreme Exploits, is writing a new book. The title is The Secrets to Carrier Class Network Security, and it should be published this summer. Victor asked me to write a chapter on network security monitoring for the new book. Since I do not recycle material, I am working on a chapter with new material. I intend to discuss internal monitoring because I am consulting on such a case now.
Do any of you have stories, comments, suggestions, or other ideas that might make good additions to this chapter? For example, I am considering addressing threat-centric vs. target centric sensor positioning, internal network segmentation to facilitate visibility, tapping trunks, new sorts of taps, sensor clusters, and stealthy internal sensor deployment. Does that give any of you ideas?
Anything submitted will be given credit via an inline name reference like "Bamm Visscher points out that..." or a footnote with your name and a reference to "personal communication" or "blog comment." The chapter is due to Victor next week, so I am not looking for any large contributions. A few paragraphs or even a request to cover a certain topic would be helpful. Thank you.
Do any of you have stories, comments, suggestions, or other ideas that might make good additions to this chapter? For example, I am considering addressing threat-centric vs. target centric sensor positioning, internal network segmentation to facilitate visibility, tapping trunks, new sorts of taps, sensor clusters, and stealthy internal sensor deployment. Does that give any of you ideas?
Anything submitted will be given credit via an inline name reference like "Bamm Visscher points out that..." or a footnote with your name and a reference to "personal communication" or "blog comment." The chapter is due to Victor next week, so I am not looking for any large contributions. A few paragraphs or even a request to cover a certain topic would be helpful. Thank you.
Comments