BKSECMON.RVW 20091009 "Security Monitoring", Chris Fry/Martin Nystrom, 2009, 978-0-596-51816-5, U$44.99/C$44.99 %A Chris Fry %A Martin Nystrom http://xianshield.org %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 2009 %G 978-0-596-51816-5 0-596-51816-1 %I O'Reilly & Associates, Inc. %O U$44.99/C$44.99 800-998-9938 fax: 707-829-0104 nuts@ora.com %O http://www.amazon.com/exec/obidos/ASIN/0596518161/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0596518161/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0596518161/robsladesin03-20 %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation) %P 227 p. %T "Security Monitoring" The preface states that this is not an introduction to security or network administration, but a more advanced guide, for those who have the foundational background, to more targeted monitoring aimed at detecting extrusions. Chapter one says that there are lots of threats out there, and that this type of monitoring will protect you better than other safeguards. (It's hard to judge that assertion when no details of the proposal have been provided.) The authors introduce "policy based monitoring" in chapter two, attempting to support this nomenclature with examples relating to administrative policies, but it is difficult to see that this is any different from whitelisting. Chapter three mentions that it is important to know the structure and operation of your network, but most of the content is a description of the Cisco NetFlow utility. Much of the rest of the material, contrary to the promises of the preface, is basic network administration. Choosing what to monitor is emphasized in chapter four. (It's a little bit hard to take some of this seriously when one of the basic references is a CISSP study guide.) It is difficult to say why chapter five must discuss the choice of event sources separately from the prior content, but much of the book is similarly disjointed, confused, and lacking in structure. Supposedly about tuning your monitoring, much of chapter six duplicates the overview of network structure from chapter three. Chapter seven stands out from the rest of the book. It reiterates the often neglected point that you need to ensure that the audit, log, and monitoring data you think you are collecting is, in fact, being collected. The discussion is detailed and comprehensive. This chapter, alone, is probably worth the purchase price of the book. Chapter eight is a review of the previous chapters, first with a series of case study examples, and with a summery of the list of topics. With one notable exception, the work is basic and pedestrian information, with a disorganized composition. However, chapter seven is definitely useful to both security and network professionals. copyright Robert M. Slade, 2009 BKSECMON.RVW 20091009