File Size: 10.30 Mb
Description
This book is about networks: monitoring them, studying them, and using the results of those studies to improve them. “Improve” in this context hopefully means to make more secure, but I don’t believe we have the vocabulary or knowledge to say that confidently— at least not yet. In order to implement security, we must know what decisions we can make to do so, which ones are most effective to apply, and the impact that those decisions will have on our users. Underpinning these decisions is a need for situational awareness.Situational awareness, a term largely used in military circles, is exactly what it says on the tin: an understanding of the environment you’re operating in. For our purposes, situational awareness encompasses understanding the components that make up your network and how those components are used. This awareness is often radically different from how the network is configured and how the network was originally designed.
To understand the importance of situational awareness in information security, I want you to think about your home, and I want you to count the number of web servers in your house. Did you include your wireless router? Your cable modem? Your printer? Did you consider the web interface to CUPS? How about your television set?
To many IT managers, several of the devices just listed won’t have registered as “web servers.” However, most modern embedded devices have dropped specialized control protocols in favor of a web interface—to an outside observer, they’re just web servers, with known web server vulnerabilities. Attackers will often hit embedded systems without realizing what they are—the SCADA system is a Windows server with a couple of funny additional directories, and the MRI machine is a perfectly serviceable spambot.
Content:-
Preface
Part I. Data
1. Organizing Data: Vantage, Domain, Action, and Validity
2. Vantage: Understanding Sensor Placement in Networks
3. Sensors in the Network Domain
4. Data in the Service Domain
5. Sensors in the Service Domain
6. Data and Sensors in the Host Domain
7. Data and Sensors in the Active Domain
Part II. Tools
8. Getting Data in One Place
9. The SiLK Suite
10. Reference and Lookup: Tools for Figuring Out Who Someone Is
Part III. Analytics
11. Exploratory Data Analysis and Visualization
12. On Analyzing Text
13. On Fumbling
14. On Volume and Time
15. On Graphs
16. On Insider Threat
17. On Threat Intelligence
18. Application Identification
19. On Network Mapping
20. On Working with Ops
21. Conclusions
Index
Author Details
"Michael Collins"
You May Also Like These E-Books:-
No comments:
Post a Comment