Save on pre-loved laptops

Customers who viewed this item also viewed

  1. Practical Packet Analysis, 3rd Edition: Using Wireshark to Solve Real-World Network Problems
    Practical Packet Analysis, 3rd Edition: Using Wireshark to Solve Real-World Network Problems
    4.8310
    $32.85
  2. The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference
    The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference
    4.8292
    $69.02
  3. The Linux Command Line, 2nd Edition: A Complete Introduction
    The Linux Command Line, 2nd Edition: A Complete Introduction
    4.82,032
    $23.99
Enjoy fast, free delivery, exclusive deals, and award-winning movies & TV shows.
Buy new:
-14% $51.59
FREE delivery Saturday, November 8
Ships from: Amazon.com
Sold by: Amazon.com
Kindle app logo image

Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.

Read instantly on your browser with Kindle for Web.

Using your mobile phone camera - scan the code below and download the Kindle app.

QR code to download the Kindle App

Follow the author

Richard Bejtlich
Follow
Something went wrong. Please try your request again later.

The Practice of Network Security Monitoring: Understanding Incident Detection and Response Illustrated Edition

by Richard Bejtlich (Author)
{"desktop_buybox_group_1":[{"displayPrice":"$51.59","priceAmount":51.59,"currencySymbol":"$","integerValue":"51","decimalSeparator":".","fractionalValue":"59","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"Bsu6HQ2CUYtjtwgw%2FTQYfEpPIxTjAj2IyPJw28r8cTG%2Ffo7HSjkKaaqBX8UUHXbPt6oOhx1Oqu99gvmAsXkWNEOm1tg0Z61K8ZMG5ZZuBxbjutrHzkIqkqHYrSiXFZjvalDiDw7zsnfyaYlQMseZAA%3D%3D","locale":"en-US","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}, {"displayPrice":"$26.86","priceAmount":26.86,"currencySymbol":"$","integerValue":"26","decimalSeparator":".","fractionalValue":"86","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"Bsu6HQ2CUYtjtwgw%2FTQYfEpPIxTjAj2IuNXE%2BsKi3X%2Bc5yzC9r%2BkujoxQO8tf%2FOL2bSOXWBdlEdmhX2I05roxVOtF5JPt3tYI7hulYsfjnajJWrPTaV%2FUkMZwOSrXKN8TLH%2Bq%2FUOW0pJKIJmuwoLCSxUPdY4BkVSn%2BAAWhE%2FC2%2F2yN8Pv7K63Q%3D%3D","locale":"en-US","buyingOptionType":"USED","aapiBuyingOptionIndex":1}]}

Purchase options and add-ons

Network security is not simply about building impenetrable walls—determined attackers will eventually overcome traditional defenses. The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions.

In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks—no prior experience required. To help you avoid costly and inflexible solutions, he teaches you how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools.

You'll learn how to:
–Determine where to deploy NSM platforms, and size them for the monitored networks
–Deploy stand-alone or distributed NSM installations
–Use command line and graphical packet analysis tools, and NSM consoles
–Interpret network evidence from server-side and client-side intrusions
–Integrate threat intelligence into NSM software to identify sophisticated adversaries

There’s no foolproof way to keep attackers out of your network. But when they get in, you’ll be prepared. The Practice of Network Security Monitoring will show you how to build a security net to detect, contain, and control them. Attacks are inevitable, but losing sensitive data shouldn't be.
Read more
Previous slide of product details
  1. ISBN-10
    1593275099
  2. ISBN-13
    978-1593275099
  3. Edition
    Illustrated
  4. Publisher
    No Starch Press
  5. Publication date
    July 15, 2013
  6. Language
    English
  7. Dimensions
    7 x 0.74 x 9.25 inches
  8. Print length
    376 pages
Next slide of product details

Frequently bought together

This item: The Practice of Network Security Monitoring: Understanding Incident Detection and Response
$51.59
Get it as soon as Saturday, Nov 8
Only 15 left in stock (more on the way).
Ships from and sold by Amazon.com.
+
Practical Packet Analysis, 3rd Edition: Using Wireshark to Solve Real-World Network Problems
$32.85
Only 1 left in stock - order soon.
Ships from and sold by YourOnlineBookstore.
+
The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference
$69.02
In stock
Usually ships within 4 to 5 days.
Ships from and sold by booksXpress.
Total price: $00
To see our price, add these items to your cart.
Details
Added to Cart
Some of these items ship sooner than the others.
Show details Hide details
Choose items to buy together.

What do customers buy after viewing this item?

Page 1 of 1 Start over
Previous set of slides

  1. Most purchased

    in this set of products

  2. Highest rated

    in this set of products
    The Linux Command Line, 2nd Edition: A Complete Introduction
    William Shotts
    Paperback
    #1 Best Seller
    $23.99
    Get it as soon as Saturday, Nov 8
    FREE Shipping on orders over $35 shipped by Amazon

  3. Lowest Price

    in this set of products
    Blue Team Field Manual (BTFM) (Field Manual Series)
    Alan J White
    Paperback
    $14.99
    Get it as soon as Saturday, Nov 8
    FREE Shipping on orders over $35 shipped by Amazon
  9. PowerShell for Sysadmins: Workflow Automation Made Easy
    Adam Bertram
    Paperback
    $24.82
    Get it as soon as Saturday, Nov 8
    FREE Shipping on orders over $35 shipped by Amazon
  10. DevOps for the Desperate: A Hands-On Survival Guide
    Bradley Smith
    Paperback
    $28.45
    Get it as soon as Saturday, Nov 8
    FREE Shipping on orders over $35 shipped by Amazon
Next set of slides

Customers also bought or read

Page 1 of 1Start over
Previous page
  5. Blue Team Field Manual (BTFM) (Field Manual Series)
    Paperback
    $14.99
    Delivery Saturday
  8. Hacking: The Art of Exploitation, 2nd Edition
    Paperback
    $37.49
    FREE delivery Saturday
  12. The Tao Of Network Security Monitoring: Beyond Intrusion Detection
    Paperback
    $68.65
    FREE delivery Fri, Nov 28
  14. Incident Response & Computer Forensics, Third Edition
    Paperback
    $29.14
    Delivery Saturday
  17. Black Hat Bash: Creative Scripting for Hackers and Pentesters
    Paperback
    $44.52
    FREE delivery Mon, Dec 1
  18. Cisco Networking All-in-One For Dummies
    Paperback
    $27.00
    Delivery Saturday
  20. Web Security for Developers: Real Threats, Practical Defense
    Paperback
    $9.78
    $3.99 delivery Wed, Nov 12
  22. Cyberjutsu: Cybersecurity for the Modern Ninja
    Paperback
    $29.99
    Delivery Saturday
  23. Practical Linux Forensics: A Guide for Digital Investigators
    Paperback
    $40.29
    $3.99 delivery Fri, Nov 21
Next page
Loading...

Editorial Reviews

Review

"A comprehensive guide. Certain to make the reader a better information security practitioner, and their network more secure."
—Ben Rothke, Slashdot

"If you are in cyber security, this is a must read. The book is the best resource for tools I have seen anywhere."
—Stephen Northcutt, SANS Institute 

"A very well written technical book. I would recommend this for anyone getting into the field of incident response who doesn't have a great understanding of NSM."
—Greg Hetrick, PaulDotCom 

"Deploying NSM not only means you can quickly identify, contain, and remediate intrusions, it gives you insight into the network as a whole."
—Michael W. Lucas, author of Absolute OpenBSD, 2nd Edition 

"The Practice of Network Security Monitoring: the best surveillance book you'll read anytime soon."
—Peter N. M. Hansteen, author of The Book of PF 

"This gem from No Starch Press covers the life-cycle of Network Security Monitoring (NSM) in great detail and leans on Security Onion as its backbone. I recommend an immediate download of the latest version of Security Onion and a swift purchase of Richard’s book."
—Russ McRee, senior security analyst, Microsoft 

"The principles Bejtlich outlines for running your security monitoring are the kind of best practice you should apply to any important server."
—Mary Branscombe, ZDNet 

"If you want to know what to do when intruders arrive on your network and how to best prepare for that eventuality, you must read this book."
—Sandra Henry-Stocker, ITWorld

"Bejtlich is a master of his craft and also possesses the rare gift of being able to share his knowledge in a comprehensible way."
—Richard Austin, IEEE Cipher

"As tech books go, it's a pretty fun ride."
—Michael Larsen, Testhead

About the Author

Richard Bejtlich is Chief Security Strategist at FireEye, and was formerly Chief Security Officer at Mandiant. He also served as Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). He is a graduate of Harvard University and the United States Air Force Academy. His previous works include The Tao of Network Security Monitoring, Extrusion Detection, and Real Digital Forensics (all from Addison-Wesley). He blogs (http://taosecurity.blogspot.com/) and writes on Twitter as @taosecurity.

Product details

About the author

Follow authors to get new release updates, plus improved recommendations.
Richard Bejtlich

Richard Bejtlich

Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Mr. Bejtlich has been an author for two decades. Please see www.linkedin.com/in/richardbejtlich/ for details on Mr. Bejtlich's biography. As an Amazon Associate I earn from qualifying purchases.

Related books

Page 1 of 1Start Over
Sponsored
Previous page
  1. Shop the Store on Amazon ›
    Property and Casualty Insurance Exam Success: 5 Full-Length Exams, 600+ Practice Questions & Detailed Answer Explanations for Guaranteed First-Attempt Success (Apex Academic Exam Success)
    Property and Casualty Insurance Exam Success: 5 Full-Length Exams, 600+ Practice Questions & Detailed Answer Explanations for Guaranteed First-Attempt Success (Apex Academic Exam Success)
    4.64.6 out of 5 stars152
    $42.60 List:$49.99
  2. Shop the Store on Amazon ›
    Mastering Windows Server 2022: Comprehensive administration of your Windows Server environment
    Mastering Windows Server 2022: Comprehensive administration of your Windows Server environment
    4.64.6 out of 5 stars89
    $39.26 List:$89.99
  3. Shop the Store on Amazon ›
    Intellectual Property In the Digital Age [Edition 2024]: A Practical Guide on Patents, Trademarks, Copyrights, and Protecting Confidential Information [AI Insight Bonus]
    Intellectual Property In the Digital Age [Edition 2024]: A Practical Guide on Patents, Trademarks, Copyrights, and Protecting Confidential Information [AI Insight Bonus]
    4.74.7 out of 5 stars23
    $49.97
  4. Shop the Store on Amazon ›
    Texas Property and Casualty Study Cards: Texas Property and Casualty Insurance License Exam Prep 2025-2026 and Practice Test Questions [Full Color Cards]
    Texas Property and Casualty Study Cards: Texas Property and Casualty Insurance License Exam Prep 2025-2026 and Practice Test Questions [Full Color Cards]
    5.05.0 out of 5 stars6
    $34.99 List:$40.99
  5. Shop the Store on Amazon ›
    FE Electrical and Computer Exam Prep: The Ultimate Study Guide with 1500+ Practice Problems, Detailed Solutions, In-Depth Reviews, and 4 Mock Exams to Pass with Ease & Achieve EIT Status
    FE Electrical and Computer Exam Prep: The Ultimate Study Guide with 1500+ Practice Problems, Detailed Solutions, In-Depth Reviews, and 4 Mock Exams to Pass with Ease & Achieve EIT Status
    4.44.4 out of 5 stars265
    $42.89 List:$49.99
Next page

Customer reviews

4.6 out of 5 stars
177 global ratings

Customers say

Customers find the book provides a high-level overview of Network Security Monitoring concepts and is thorough in its coverage. They appreciate its readability, with one customer specifically enjoying chapter 12. The book receives mixed feedback regarding its ease of use and staleness, with some customers noting it's a little dated.

Select to learn more

DepthSecurityReadabilityEase of useStaleness
20 customers mention "Depth"20 positive0 negative

Customers appreciate the book's depth, describing it as a thorough guide that provides a high-level overview of hows and whys.

"Starts with the basics and gives thorough explanations. Good reference even if you are a network monitoring guru...." Read more

"I'm new to network security monitoring, and this is an excellent guide...." Read more

"Good solid introduction that addresses some of the gaps that result from teaching yourself or learning as you go." Read more

"A great resource for those looking to establish their NSM." Read more

5 customers mention "Security"4 positive1 negative

Customers appreciate the book's content on network security monitoring, with one customer noting it helps with Security Onion deployment, while another mentions it provides practical guidance for securing network borders.

"Great into to Network Security Monitoring... goes a bit into detail about how to use open source to do it, which can be done with google search, but..." Read more

"This book has a lot of great content regarding Network Security Monitoring in general, but is especially helpful if you are rolling out Security..." Read more

"...This book gives you the ninja skills to actually seal your network borders and measure the level of the threat...." Read more

"The unofficial Security Onion Manual..." Read more

3 customers mention "Readability"3 positive0 negative

Customers find the book easy to read, with one mentioning they particularly enjoyed chapter 12 on extending SO.

"Well organized, thorough, and enjoyable read. Great background information to support practical examples and walk-throughs...." Read more

"I found this book very interesting, which is really something for an infosec book...." Read more

"...I really enjoyed chapter 12 extending SO, being able to track Binaries and do MD5's and compare them against tools like virus total and other..." Read more

4 customers mention "Ease of use"2 positive2 negative

Customers have mixed opinions about the book's ease of use, with one customer finding it easy to understand, while another notes it is not necessarily suitable for beginners.

"An easy to understand book. Not too heavy w/facts, but it's a great way to get some experience with Wireshark." Read more

"...It's not necessarily for beginners, but readers in all stages of professional development will benefit from the content...." Read more

"...It is a complex topic and this book takes you through a difficult process and gets you up and running with a real soluiton that immediately brings..." Read more

"...Maybe not for advanced or expert users. Also, just slightly out of date so a few things are off a bit but 95% is still current." Read more

3 customers mention "Staleness"1 positive2 negative

Customers have mixed opinions about the book's staleness, with some finding it outdated while one customer notes that 95% of the content is still current.

"...Maybe not for advanced or expert users. Also, just slightly out of date so a few things are off a bit but 95% is still current." Read more

"...just slightly out of date so a few things are off a bit but 95% is still current." Read more

"This is a great book. It's a little dated, so, for instance, when doing installations as in chapters 3 and 4, it would be best to use the more up to..." Read more

A New Candidate for the Cybersecurity Canon
5 out of 5 stars
A New Candidate for the Cybersecurity Canon
Richard Bejtlich is one of the most respected security practitioners in the community. If he publishes something, we should all take notice. In "The Practice of Network Security Monitoring," Bejtlich provides the theory and the hands-on tutorial on how to do network security monitoring the right way. The book is a primer on how to think about network security monitoring and incident response. For seasoned security practitioners, working through the examples in this book will only increase your understanding of the subject. For the beginners in the crowd, Bejtlich provides step-by-step instructions on how to install, configure, and use some of the best open-source tools available that will help any security program improve its network security monitoring capability. Newbies working through the examples in this book will demonstrate to themselves, once and for all, if they have what it takes to work in this field. This book is absolutely a Cybersecurity Canon Candidate and you should have read it by now. You can read the full review, and all of the book reviews in the Cybersecurity Canon Candidate list, at the official website.
Hide
Thank you for your feedback
Sorry, there was an error
Sorry we couldn't load the review

Top reviews from the United States

  • Francis McNally
    5.0 out of 5 stars Don't be blindsided by the IoT - read and put this book into practice!
    Reviewed in the United States on September 3, 2015
    Format: KindleVerified Purchase
    As we enter the murky age of Internet of Things (or "Internet of Insecure Things", "Internet of Evil Things", "Botnet of Things", take your pick) monitoring your home network has to become a common skill. Although by no means confined to application in home environments, The Practice of Network Security Monitoring does allow a modestly technically adept user to do just that. This book walks you through understanding the concepts, installing the needed software, configuring network monitoring components, and using some of the many free solutions for detecting unwanted or malicious traffic.

    For those who want to apply this work at home, allow me to make a few suggestions about corollary purchases you may need to make. I recommend dedicating a desktop or tower computer to the task of server. It doesn't need an especially powerful CPU, but it should have a lot of RAM, at least 8 GB. Purchase your RAM with a view to exanding; using 8GB as an example, don't buy 4 2GB sticks, but rather 2 4GB sticks. Later you could by 2 x 4GB or 2 x 8GB sticks to upgrade memory. You will also need at least 1 extra NIC (Network Interface Card), which will be in permanent 'listen only' (aka "promiscuous") mode. You will be using the free Security Onion solution, running on the free Ubuntu 12.04 Linux, so you can skip buying a license for Windows if you purchase everything from scratch. Finally you will need at least one network device that can duplicate traffic. The book will explain the difference between spanning (or 'mirroring') and tapping, but unless you are a sufficiently knowledgeable about networking, you will probably do well to buy a Dualcomm DCSW-1005 USB Powered 5-Port 10/100 Fast Ethernet Switch TAP (Port Mirroring) - it is drop dead simple to install and use.
    You really can do this - enjoy!
    14 people found this helpful
    Helpful
     Report
  • steven p dietz
    5.0 out of 5 stars Great Read for anyone practicing NSM.
    Reviewed in the United States on May 16, 2015
    Format: PaperbackVerified Purchase
    I thought the Practice of Network Security Monitoring was a great book. I see companies spend millions of dollars on their NSM solution all while there is an open source solution. Spend some money on hardware and network taps and your ready to go! I really like how Bejtlich went into sensor placement and NAT issues. There is nothing worse then doing investigations with with multiple layers or NAT. I would have like to seen a little bit more on how to handle event load that a IDS will produce in a network and maybe some best practices on what signatures to enable.

    I really enjoyed chapter 12 extending SO, being able to track Binaries and do MD5's and compare them against tools like virus total and other external tools helps stay ahead of the bad guys. It would have been also neat to show how to extract URLs out of SMTP emails and run them against third party analysis. I believe email attachments are not as easy as getting a user to click on URL. I also would of liked to see a little bit more advanced solution that automatically queries virus total via API then the results are sent back into the monitoring solution via syslog, so the analyst never has to leave the console.

    Overall a great book!
    2 people found this helpful
    Helpful
     Report
  • Andrew
    4.0 out of 5 stars Great for most part
    Reviewed in the United States on December 8, 2013
    Format: PaperbackVerified Purchase
    Great into to Network Security Monitoring... goes a bit into detail about how to use open source to do it, which can be done with google search, but a great way to get a quick hands on knowledge in the field.
    Helpful
     Report
  • Robin T. Wernick
    5.0 out of 5 stars Nitty Gritty of Network Security Management
    Reviewed in the United States on March 20, 2014
    Format: PaperbackVerified Purchase
    The "Cybersecurity and Cyberwar" book told you what was going on and how to protect yourself in general. This book gives you the ninja skills to actually seal your network borders and measure the level of the threat. Various methods and opensource tools are used to build a high level of protection for the reader's system.

    Some of the tools demonstrated have a user interface, but most of the operating system defense requires command line operation so be prepared to do some heavy screen reading. Also, a large amount of filtering of log files may be required to see a pattern in the attacks. Be serious about this or be prepared to be a victim. The current state of network protection doesn't have a middle ground.
    7 people found this helpful
    Helpful
     Report
  • Bigskipper
    5.0 out of 5 stars The unofficial Security Onion Manual
    Reviewed in the United States on January 6, 2014
    Format: PaperbackVerified Purchase
    This book has a lot of great content regarding Network Security Monitoring in general, but is especially helpful if you are rolling out Security Onion. There are a lot of videos and online tutorials out there but I like to be able to put my hands on it and have it all in one place. It's not necessarily for beginners, but readers in all stages of professional development will benefit from the content. It is well written and presented in a way that flows nicely. Lots of helpful tips and insight.
    6 people found this helpful
    Helpful
     Report
  • Sean Richards
    3.0 out of 5 stars High level over view
    Reviewed in the United States on October 20, 2017
    Format: KindleVerified Purchase
    High level over view for beginners. Talks about mostly concepts but not much about real world applications.
    4 people found this helpful
    Helpful
     Report
  • W S
    5.0 out of 5 stars Great book
    Reviewed in the United States on May 7, 2021
    Format: PaperbackVerified Purchase
    This book takes what can be a dry topic to some and adds punch and power to explanation and gives you a basis to understand what to look for. Good as a starting point to not be lazy and start understanding threat hunting.
    2 people found this helpful
    Helpful
     Report
  • plogoo
    5.0 out of 5 stars Great Book
    Reviewed in the United States on September 13, 2015
    Format: PaperbackVerified Purchase
    Great book! I have several years experience in NSM and Security Onion. I thought I knew quite a bit but this book expanded upon my knowledge of NSM and Security Onion. Maybe not for advanced or expert users. Also, just slightly out of date so a few things are off a bit but 95% is still current.
    Helpful
     Report

Top reviews from other countries

Translate all reviews to English
  • Blaine Losier
    5.0 out of 5 stars Good Reference
    Reviewed in Canada on October 23, 2018
    Format: PaperbackVerified Purchase
    Good reference for anyone studying in Cyber Security
    Report
  • Fernando Nistal Méndez
    5.0 out of 5 stars Práctico, conciso y didáctico.
    Reviewed in Spain on February 22, 2020
    Format: PaperbackVerified Purchase
    Práctico, conciso y didáctico.
    Report
  • Florent
    4.0 out of 5 stars J'en attendais plus
    Reviewed in France on June 18, 2014
    Format: PaperbackVerified Purchase
    Il s'agit d'un livre type listing d'outils, et en particulier security onion.
    J'attendais de Richard un vrai retour d'expérience avec des cas d'étude complexes, mais là c'est vraiment la base pure et dure de la mise en place d'un système de monitoring.

    Intéressant, mais sans plus. Ca ne restera pas un livre culte.
    Report
  • Amazon Customer
    5.0 out of 5 stars Five Stars
    Reviewed in the United Kingdom on June 3, 2016
    Format: PaperbackVerified Purchase
    Great. Thanks :-)
    Report
  • Jordan Bird
    3.0 out of 5 stars Too basic and too many tutorials
    Reviewed in Germany on April 28, 2021
    Format: PaperbackVerified Purchase
    The content is somewhat basic, with numerous tutorials and installation/configuration walk-throughs, making it more akin to a tutorial or blog than a book.
    Report