Security Monitoring

Chris Fry, Martin Nystrom

  • 出版商: O'Reilly
  • 出版日期: 2009-03-24
  • 定價: $1,480
  • 售價: 5.0$740
  • 語言: 英文
  • 頁數: 246
  • 裝訂: Paperback
  • ISBN: 0596518161
  • ISBN-13: 9780596518165
  • 相關分類: 資訊安全
  • 立即出貨 (庫存 < 3)



How well does your enterprise stand up against today's sophisticated security threats? In this book, security experts from Cisco Systems demonstrate how to detect damaging security incidents on your global network--first by teaching you which assets you need to monitor closely, and then by helping you develop targeted strategies and pragmatic techniques to protect them.

Security Monitoring is based on the authors' years of experience conducting incident response to keep Cisco's global network secure. It offers six steps to improve network monitoring. These steps will help you:

  • Develop Policies: define rules, regulations, and monitoring criteria
  • Know Your Network: build knowledge of your infrastructure with network telemetry
  • Select Your Targets: define the subset of infrastructure to be monitored
  • Choose Event Sources: identify event types needed to discover policy violations
  • Feed and Tune: collect data, generate alerts, and tune systems using contextual information
  • Maintain Dependable Event Sources: prevent critical gaps in collecting and monitoring events

Security Monitoring illustrates these steps with detailed examples that will help you learn to select and deploy the best techniques for monitoring your own enterprise network.


您的企業在面對當今複雜的安全威脅時表現如何?在這本書中,思科系統的安全專家們展示了如何在您的全球網絡上檢測有害的安全事件 - 首先教您需要密切監控哪些資產,然後幫助您制定有針對性的策略和實用技術來保護它們。


- 制定政策:定義規則、法規和監控標準
- 瞭解您的網絡:通過網絡遙測建立對基礎設施的了解
- 選擇目標:定義要監控的基礎設施子集
- 選擇事件來源:識別需要發現違反政策的事件類型
- 收集和調整:使用上下文信息收集數據、生成警報並調整系統
- 維護可靠的事件來源:防止在收集和監控事件方面出現關鍵漏洞