Record Detail Back
THE PRACTICE OF NETWORK SECURITY MONITORING THE PRACTICE OF NETWORK SECURITY MONITORING
- Share to:
This chapter introduces the principles of network security monitoring (NSM), which is the collection, analysis, and escalation of indications and warnings to detect and respond to intrusions. NSM is a way to find intruders on your network and do something about them before they damage your enterprise. NSM began as an informal discipline with Todd Heberlein’s development of the Network Security Monitor in 1988. The Network Security Monitor was the first intrusion detection system to use network traffic as its main source of data for generating alerts, and the Air Force Computer Emergency Response Team (AFCERT) was one of the first organizations to informally follow NSM principles. In 1993, the AFCERT worked with Heberlein to deploy a version of the Network Security Monitor as the Automated Security Incident Mea- surement (ASIM) system. I joined the AFCERT in 1998, where, together with incident handler Bamm Visscher, I codified the definition of NSM for a Search Security webcast in late 2002. I first published the definition in book form as a case study in Hacking Exposed, Fourth Edition.1 My goal since then has been to advocate NSM as a strategic and tactical operation to stop intruders before they make your organization the headline in tomorrow’s newspaper.
Richard Bejtlich - Personal Name
978-1-59327-509-9
NONE
THE PRACTICE OF NETWORK SECURITY MONITORING THE PRACTICE OF NETWORK SECURITY MONITORING
Information Technology
English
2013
1-380
LOADING LIST...
LOADING LIST...