The practice of network security monitoring : understanding incident detection and response /
Richard Bejtlich.
- xxx, 341 pages : illustrations ; 24 cm.
Includes index.
Part I: Getting Started -- Network Security Monitoring Rationale -- Collecting Network Traffic: Access, Storage and Management -- Part II. Security Onion Deployment -- Stand-alone NSM Deployment and Installation -- Distributed Deployment -- SO Platform Housekeeping -- Part III: Tools -- Command Line Packet Analysis Tools -- Graphical Packet Analysis Tools -- NSM Consoles -- Part IV:. NSM in Action -- NSM Operations -- Server-side Compromise -- Client-side Compromise -- Extending SO -- Proxies and Checksums -- Conclusion.