A Network Defender's Guide to Threat Detection

A Network Defender's Guide to Threat Detection
Author :
Publisher :
Total Pages : 202
Release :
ISBN-10 : 9798649104074
ISBN-13 :
Rating : 4/5 (74 Downloads)

Book Synopsis A Network Defender's Guide to Threat Detection by : Richard Medlin

Download or read book A Network Defender's Guide to Threat Detection written by Richard Medlin and published by . This book was released on 2020-05-28 with total page 202 pages. Available in PDF, EPUB and Kindle. Book excerpt: Have you ever found yourself questioning whether your network is in good hands? Did you do everything you could to defend against exploits on your network? Is your employer safe because you have one of the best Security Information Event Management (SIEM) setups you can use monitoring the network for you? Or, maybe you are new to Information Security and you want to learn how to employ a robust Intrusion Detection System (IDS) but you do not know where to start. If you have ever asked yourself any of these questions, or you just want to learn about ELK Stack and Zeek (Bro), you have come to the right place. A quick Google search will show you there isn't a lot of information for configuring Zeek (Bro), ElasticSearch, Logstash, Filebeat, and Kibana- it is rather complicated because the websites will describe how to install, but they don't really lead you to specifics on what else you need to do, or they are really outdated. That is where you must piece together the information yourself, and really research - lucky for you, I did the leg work for you and decided to write this book. Whether you have been in the Information Security industry for many years or you're just getting started this book has something for you. In my time studying over the years I've always found that a lot of books are interesting reads, but they add a lot of fluff. That was not my goal with this book; I wanted to provide you with a straight forward book without the fluff, that will show you exactly what you need - I cover the basics, and then explain the intricacies involved with configuring a SIEM that is reliable. I also provide a step-by-step process, while including any pertinent notes that you need to pay attention to, and lastly providing a breakdown of what is occurring at that time. Having background to each section and knowing what is happening is extremely important to learning and understanding what is happening on your network. Likewise, this book covers a brief overview of different programming languages, and their configuration nuances when applied to Zeek (Bro) and Elk Stack. I tried my best to approach this as if you did not know anything, so that anyone can read this and understand what is happening throughout the installation and configuration process. Let us get to the basics of what will be covered in this book so that you have a good idea of what you will learn. The first section of this book covers the Zeek(Bro) IDS installation and configuration. Furthermore, you will learn about the origin of Zeek (Bro), and the many features that Zeek (Bro) has to offer. This section will walk you through the entire installation process, while providing explanations for the configuration changes that we make on the system. There are a lot of dependencies needed to install Zeek (bro), and I will walk you through that entire process. We will also go over installing PF_ring - a tool for increased capture speeds and network capture optimization. The tool is very useful when capturing data on large networks, and from multiple nodes. In the next section we will go over installing Tor, and Privoxy for network anonymity. You're probably asking yourself why you would want to do that when setting up a SIEM or IDS. The simple answer is that in order to know what's traversing the network, you need to understand what it is doing and how to use it yourself. Sometimes the best defense comes from knowing what the offense is using. Once we install Tor, you can generate some Tor traffic on your network, and watch as one of the custom Zeek (Bro) signatures - I will teach you about in this book - detects this traffic so you can see what it looks like once a notice is generated. It's also good to know how to remain anonymous on the network if you're ever doing any type of forensic investigations too, so learning this is always a plus. ...


A Network Defender's Guide to Threat Detection Related Books

A Network Defender's Guide to Threat Detection
Language: en
Pages: 202
Authors: Richard Medlin
Categories:
Type: BOOK - Published: 2020-05-28 - Publisher:

DOWNLOAD EBOOK

Have you ever found yourself questioning whether your network is in good hands? Did you do everything you could to defend against exploits on your network? Is y
Applied Network Security Monitoring
Language: en
Pages: 497
Authors: Chris Sanders
Categories: Computers
Type: BOOK - Published: 2013-11-26 - Publisher: Elsevier

DOWNLOAD EBOOK

Applied Network Security Monitoring is the essential guide to becoming an NSM analyst from the ground up. This book takes a fundamental approach to NSM, complet
Study Guide to Threat Hunting
Language: en
Pages: 226
Authors: Cybellium
Categories: Computers
Type: BOOK - Published: - Publisher: Cybellium Ltd

DOWNLOAD EBOOK

Welcome to the forefront of knowledge with Cybellium, your trusted partner in mastering the cutting-edge fields of IT, Artificial Intelligence, Cyber Security,
Study Guide to Network Intrusion Detection
Language: en
Pages: 271
Authors: Cybellium
Categories: Computers
Type: BOOK - Published: 2024-10-26 - Publisher: Cybellium Ltd

DOWNLOAD EBOOK

Designed for professionals, students, and enthusiasts alike, our comprehensive books empower you to stay ahead in a rapidly evolving digital world. * Expert Ins
Intelligence-Driven Incident Response
Language: en
Pages: 286
Authors: Scott J Roberts
Categories: Computers
Type: BOOK - Published: 2017-08-21 - Publisher: "O'Reilly Media, Inc."

DOWNLOAD EBOOK

Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identify attackers and learn how they operate.