| | |  | Microsoft | Home » » Extrusion Detection: Security Monitoring for Internal Intrusions | | | | | | | Description: | | Overcome Your Fastest-Growing Security Problem: Internal, Client-Based Attacks Today's most devastating security attacks are launched from within the company, by intruders who have compromised your users' Web browsers, e-mail and chat clients, and other Internet-connected software. Hardening your network perimeter won't solve this problem. You must systematically protect client software and monitor the traffic it generates. Extrusion Detection is a comprehensive guide to preventing, detecting, and mitigating security breaches from the inside out. Top security consultant Richard Bejtlich offers clear, easy-to-understand explanations of today's client-based threats and effective, step-by-step solutions, demonstrated against real traffic and data. You will learn how to assess threats from internal clients, instrument networks to detect anomalies in outgoing traffic, architect networks to resist internal attacks, and respond effectively when attacks occur. Bejtlich's The Tao of Network Security Monitoring earned acclaim as the definitive guide to overcoming external threats. Now, in Extrusion Detection, he brings the same level of insight to defending against today's rapidly emerging internal threats. Whether you're an architect, analyst, engineer, administrator, or IT manager, you face a new generation of security risks. Get this book and protect yourself. Coverage includes - Architecting defensible networks with pervasive awareness: theory, techniques, and tools
- Defending against malicious sites, Internet Explorer exploitations, bots, Trojans, worms, and more
- Dissecting session and full-content data to reveal unauthorized activity
- Implementing effective Layer 3 network access control
- Responding to internal attacks, including step-by-step network forensics
- Assessing your network's current ability to resist internal attacks
- Setting reasonable corporate access policies
- Detailed case studies, including the discovery of internal and IRC-based bot nets
- Advanced extrusion detection: from data collection to host and vulnerability enumeration
About the Web Site Get book updates and network security news at Richard Bejtlich's popular blog, taosecurity.blogspot.com, and his Web site, www.bejtlich.net.
| | | Product Details: | | | Author:
| Richard Bejtlich | | Paperback:
| 416 pages | | Publisher:
| Addison-Wesley Professional | | Publication Date:
| November 18, 2005 | | Language:
| English | | ISBN:
| 0321349962 | | Package Length:
| 9.1 inches | | Package Width:
| 6.9 inches | | Package Height:
| 1.1 inches | | Package Weight:
| 1.6 pounds | | Average Customer Rating:
|  based on 9 reviews |
| | | | Customer Reviews: | |
Average Customer Review:
Write an online review and share your thoughts with other customers.
 Another 5 Star Book by BejtlichJan 22, 2009
This is my 2nd book by Bejtlich that I have read, with the first being The Tao of Network Security Monitoring: Beyond Intrusion Detection While the Tao of NSM focused mainly on detecting attacks coming in from the perimeter, this book focused on Network Security Monitoring principles as applied to traffic going out of the network.
Bejtlich starts out by doing an overview of Network Security Monitoring, referencing his earlier book as a more in-depth treatise on NSM. He then goes on to the theory and illustration of "Extrusion Detection." ("'The process of identifying unauthorized activity by inspecting outbound network traffic.") We see Extrusion Detection illustrated with the 4 types of NSM data. (Full Content, Session, Statistical, and Alert)
We then moved onto "Enterprise Network Instrumentation," which included discussions on network/packet capture equipment, some I had never seen before: SPAN Regeneration Taps, Link Aggregator Taps, etc.
The next section was probably my favorite: Enterprise Sink Holes. What a fantastic way to discover a local compromised host scanning your internal network. This section also had some great ways to do short-term containment (with a Sink Hole) on a loose worm. (The coolest, in my opinion, being Unicast Reverse Path Forwarding)
Next we have sections on Traffic Threat Assessments, Network Incident Response, and Network Forensics. The book finishes up with a case study on traffic threat assessment and a discussion on Malicious Bots.
I have to give this book 5 stars out of 5 for it's fresh and unique look at internal and outbound intrusions. Richard doesn't rehash what a thousand other network security pros have written.
Josh
0 of 1 found the following review helpful:
superMar 08, 2007
Thanks a lot, we are very happy to have this book in our library!
0 of 1 found the following review helpful:
 I learned a lotNov 15, 2006
This is a solid book and a detailed read. I was on the fence about giving it 4 or 5 stars; if I could I'd give it 4.5. While it didn't blow my socks off, I would suggest it to anybody interested in security monitoring in general. In terms of monitoring internal threats specifically it also has some useful information.
0 of 1 found the following review helpful:
Excellent BookJul 20, 2006
Richard Bejtlich done great job again. Tao of Network security and this one are best companion. Well written. Extrusion topic is mostly companies preferred to spend budget or time and ignore. Although NSM methodologies are repeated but fun to read again. Traffic threat assessment, designing defensive network, and incident response are well written,
1 of 1 found the following review helpful:
Excellent Book!Jul 15, 2006
I have had the pleasure of reading Extrusion Detection: Security Monitoring for Internal Intrusions by Richard Bejtlich. Richard Bejtlich picks up where he last left off with his first book Tao of Network Security Monitor: Beyond Intrusion Detection. His new book deals with a subject that many businesses don't wish to think about, and what over 50% of attacks come from, Security breaches that come from the inside an organization. It is very unfortunate that this fact was not taken into consideration in Microsoft's XP SP2 firewall.
Richard starts with a short review of network definitions. One concept I really like is the Defensible Network which he states is not necessarily a secure network, "quite accurate".
Richard includes a listing networking monitoring tools with where you can go to obtain them; Full Content Data, Session Data, and Statistical.
This book includes good illustrations, explained pieces of code (more toward the second half of the book), and includes pictures of familiar hardware.
A new definition for me was "the sink hole", that redirects unknown traffic away from the customers.
This book is a good read and a very good book to keep in one's reference library. I will be obtaining Richard Bejtlich's Tao of Network Security Monitor: Beyond Intrusion Detection and I suspect this will be just as good.
| | |
|
