Go Back   Wireless and Wifi Forums > News > Newsgroups > alt.computer.security
REVIEW: "Extrusion Detection", Richard Bejtlich

REVIEW: "Extrusion Detection", Richard Bejtlich

REVIEW: "Extrusion Detection", Richard Bejtlich. Discuss REVIEW: "Extrusion Detection", Richard Bejtlich, on Wireless Forums.

Register FAQ Forum Rules Members List Calendar Search Today's Posts Advertise Mark Forums Read

 
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-14-2011, 11:48 PM
Rob Slade, doting grandpa of Ryan and Trevor
Guest
  
Posts: n/a
Default REVIEW: "Extrusion Detection", Richard Bejtlich
BKEXTDET.RVW 20101023

"Extrusion Detection", Richard Bejtlich, 2006, 0-321-34996-2,
U$49.99/C$69.99
%A Richard Bejtlich www.taosecurity.com taosecurity.blogspot.com
%C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
%D 2006
%G 0-321-34996-2
%I Addison-Wesley Publishing Co.
%O U$49.99/C$69.99 416-447-5101 800-822-6339 bkexpress@aw.com
%O http://www.amazon.com/exec/obidos/AS...bsladesinterne
http://www.amazon.co.uk/exec/obidos/...bsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASI...bsladesin03-20
%O Audience a+ Tech 3 Writing 2 (see revfaq.htm for explanation)
%P 385 p.
%T "Extrusion Detection:Security Monitoring for Internal Intrusions"

According to the preface, this book explains the use of extrusion
detection (related to egress scanning), to detect intruders who are
using client-side attacks to enter or work within your network. The
audience is intended to be architects, engineers, analysts, operators
and managers with an intermediate to advanced knowledge of network
security. Background for readers should include knowledge of
scripting, network attack tools and controls, basic system
administration, TCP/IP, as well as management and policy. (It should
also be understood that those who will get the most out of the text
should know not only the concepts of TCP/IP, but advanced level
details of packet and log structures.) Bejtlich notes that he is not
explicitly addressing malware or phishing, and provides references for
those areas. (It appears that the work is not directed at information
which might detect insider attacks.)

Part one is about detecting and controlling intrusions. Chapter one
reviews network security monitoring, with a basic introduction to
security (brief but clear), and then gives an overview of monitoring
and listing of some tools. Defensible network architecture, in
chapter two, provides lucid explanations of the basics, but the later
sections delve deeply into packets, scripts and configurations.
Managers will understand the fundmental points being made, but pages
of the material will be impenetrable unless you have serious hands-on
experience with traffic analysis. Extrusion detection itself is
illustrated with intelligible concepts and examples (and a useful
survey of the literature) in chapter three. Chapter four examines
both hardware and software instruments for viewing enterprise network
traffic. Useful but limited instances of layer three network access
controls are reviewed in chapter five.

Part two addresses network security operations. Chapter six delves
into traffic threat assessment, and, oddly, at this point explains the
details of logs, packets, and sessions clearly and in more detail. A
decent outline of the advance planning and basic concepts necessary
for network incident response is detailed in chapter seven (although
the material is generic and has limited relation to the rest of the
content of the book). Network forensics gets an excellent overview in
chapter eight: not just technical points, but stressing the importance
of documentation and transparent procedures.

Part three turns to internal intrusions. Chapter nine is a case study
of a traffic threat assessment. It is, somewhat of necessity,
dependent upon detailed examination of logs, but the material demands
an advanced background in packet analysis. The (somewhat outdated)
use of IRC channels in botnet command and control is reviewed in
chapter ten.

Bejtlich's prose is clear, informative, and even has touches of
humour. The content is well-organized. (There is a tendency to use
idiosyncratic acronyms, sometimes before they've been expanded or
defined.) This work is demanding, particularly for those still at the
intermediate level, but does examine an area of security which does
not get sufficient attention.

copyright, Robert M. Slade 2010 BKEXTDET.RVW 20101023

======================
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
"Dictionary of Information Security," Syngress 1597491152
http://blogs.securiteam.com/index.ph...ves/author/p1/
http://twitter.com/rslade
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
Book reviews: [Base URL]mnbk.htm
Review mailing list: send mail to techbooks-subscribe@egroups.com
or techbooks-subscribe@topica.com


Reply With Quote
Reply


« Where read draft versions of "The Wikileaks Threat"? | Xerobanks Browser...LIES... »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mail from iTunes store, one week after buying iPhone Jackzwick alt.cellular.attws 20 06-26-2009 09:56 PM


All times are GMT. The time now is 08:41 AM.

Wireless Support Forum - Archive - Top - Privacy Policy - Terms of Use


Powered by vBulletin® Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 PL2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45