Once your security is breached, everyone will ask the same question: now
what? Answering this question has cost companies hundreds of thousands of
dollars in incident response and computer forensics fees. This book reduces
the investigative workload of computer security incident response teams
(CSIRT) by posturing organizations for incident response success.
Firewalls can fail. Intrusion-detection systems can be bypassed. Network
monitors can be overloaded. These are the alarming but true facts about
network security. In fact, too often, security administrators' tools can serve as
gateways into the very networks they are defending.
Now, a novel approach to network monitoring seeks to overcome these
limitations by providing dynamic information about the vulnerability of all
parts of a network. Called network security monitoring (NSM), it draws on a
combination of auditing, vulnerability assessment, intrusion detection and
prevention, and incident response for the most comprehensive approach to
network security yet. By focusing on case studies and the application of opensource
tools, the author helps readers gain hands-on knowledge of how to
better defend networks and how to mitigate damage from security incidents.