SecurityCertified

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Saturday, August 21, 2010

Consider Reading Network Flow Analysis

Posted on 5:42 AM by Unknown
If I could write an Amazon.com book review of Network Flow Analysis by Michael W Lucas, I would give it five stars. Why won't I? The reason is that Michael asked me to be the technical reviewer for the book, and I don't feel comfortable publishing a review when I am potentially identified with the content. Michael did such an awesome job writing his newest book that my tech edit was fairly easy. However, I would prefer to say a few words on my blog rather than assign stars at Amazon.com.

(Note: for those of you who do some research and find my review of the excellent Linux Firewalls by Michael Rash, you'll see I issued a disclaimer that I wrote the foreword. I felt that writing a foreword is different than tech editing, because a tech editor is partially responsible for the content of the entire book. A foreword author is more or less writing an endorsement, like a review that's published in the book itself. You may not agree with this differentiation -- it's up to you.)

Why do I like Network Flow Analysis? As I've said before, Michael W Lucas is probably my favorite technical author. He is complete, accurate, and entertaining like no one else. He has an uncanny ability to know what the reader needs to accomplish a technical task. I consider many of his books the definitive works in their fields. With Network Flow Analysis, Michael teachers readers how to implement a NetFlow-based monitoring architecture using open source tools and code. He focuses on using Flow-Tools for analysis and Softflowd for capture when NetFlow export is unavailable or undesirable. He adds other tools and approaches when needed, including visualization with Gnuplot. I found that section to be interesting because he provides background on using Gnuplot before enlisting its help with flow data. Michael also provides conversion mechanisms for devices exporting NetFlow v9.

If you want to implement a NetFlow-based instrumentation architecture using open source, or perhaps integrate various platforms into a commercial analysis engine, Network Flow Analysis is the book for you.

Tweet
Email ThisBlogThis!Share to XShare to Facebook
Posted in reviews | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • DojoCon Videos Online
    Props to Marcus Carey for live streaming talks from DojoCon . I appeared in my keynote , plus panels on incident response and cloud secur...
  • Bejtlich Speaking at TechTarget Emerging Threats Events in Seattle and New York
    I will be speaking at two events organized by TechTarget , for whom I used to write my Snort Report and Traffic Talk articles. The one-da...
  • SANS WhatWorks Summit in Forensics and Incident Response
    I wanted to remind everyone about the SANS WhatWorks Summit in Forensics and Incident Response in DC, 8-9 July 2010. The Agenda looks gre...
  • A Book for the Korean Cyber Armies
    I've got a book for the Korean cyber armies, North and South. That's right, it's my first book , The Tao of Network Security Mo...
  • Sguil 0.7.0 on Ubuntu 9.10
    Today I installed a Sguil client on a fresh installation of Ubuntu 9.10. It was really easy with the exception of one issue I had to troubl...
  • Microsoft Updates MS09-048 to Show XP Vulnerable to 2 of 3 CVEs
    Microsoft published a Major Revision of MS09-048 to show that Windows XP Service Pack 2 and Windows XP Service Pack 3* are now Affected So...
  • Understanding Responsible Disclosure of Threat Intelligence
    Imagine you're hiking in the woods one day. While stopping for a break you happen to find a mysterious package off to the side of the t...
  • Embedded Hardware and Software Pen Tester Positions in GE Smart Grid
    I was asked to help locate two candidates for positions in the GE Smart Grid initiative. We're looking for an Embedded Hardware Penetr...
  • BeyondTrust Report on Removing Administrator: Correct?
    Last week BeyondTrust published a report titled BeyondTrust 2009 Microsoft Vulnerability Analysis . The report offers several interesting ...
  • Human Language as the New Programming Language
    If you've read the blog for a while you know I promote threat-centric security in addition to vulnerability-centric security. I think ...

Categories

  • afcert
  • Air Force
  • analysis
  • announcement
  • apt
  • attribution
  • bestbook
  • blackhat
  • books
  • breakers
  • bro
  • bruins
  • certification
  • china
  • cisco
  • cissp
  • cloud
  • clowns
  • commodore
  • conferences
  • controls
  • correlation
  • counterintelligence
  • cybercommand
  • cyberwar
  • dfm
  • education
  • engineering
  • feds
  • fisma
  • freebsd
  • GE
  • ge-cirt
  • hakin9
  • history
  • impressions
  • information warfare
  • ipv6
  • law
  • leadership
  • malware
  • mandiant
  • microsoft
  • mssp
  • nsm
  • offense
  • oisf
  • packetstash
  • philosophy
  • pirates
  • powerpoint
  • press
  • psirt
  • reading
  • redteam
  • reviews
  • russia
  • sans
  • sec
  • sguil
  • snorby
  • spying
  • threat model
  • threats
  • Traffic Talk
  • training
  • tufte
  • tv
  • ubuntu
  • usenix
  • verizon
  • vulnerabilities
  • wisdom
  • writing

Blog Archive

  • ►  2013 (16)
    • ►  September (1)
    • ►  August (1)
    • ►  June (2)
    • ►  April (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (6)
  • ►  2012 (60)
    • ►  December (4)
    • ►  November (5)
    • ►  October (3)
    • ►  September (10)
    • ►  August (2)
    • ►  July (6)
    • ►  June (6)
    • ►  May (4)
    • ►  April (2)
    • ►  March (9)
    • ►  February (6)
    • ►  January (3)
  • ►  2011 (108)
    • ►  December (3)
    • ►  November (7)
    • ►  October (11)
    • ►  September (9)
    • ►  August (18)
    • ►  July (10)
    • ►  June (5)
    • ►  May (4)
    • ►  April (13)
    • ►  March (17)
    • ►  February (2)
    • ►  January (9)
  • ▼  2010 (193)
    • ►  December (14)
    • ►  November (11)
    • ►  October (6)
    • ►  September (16)
    • ▼  August (15)
      • GE Looking for Business Response Team Leader
      • Bejtlich on Silver Bullet Podcast
      • Review of Least Privilege Security Posted
      • Bejtlich Teaching at Black Hat Abu Dhabi 2010
      • Review of IT Security Metrics Posted
      • Review of Practical Lock Picking Posted
      • Consider Reading Network Flow Analysis
      • World's Worst Security Visualization?
      • Do You Use Visualization in Production?
      • Review of Wireshark Network Analysis Posted
      • Hexcompare and Finding New Tools
      • Conti and Easterly on Cyber Warriors
      • August 2010 Digital Forensics Magazine Published
      • July 2010 Hakin9 Magazine Published
      • Project Vigilant Is a Publicity Stunt
    • ►  July (26)
    • ►  June (15)
    • ►  May (15)
    • ►  April (15)
    • ►  March (16)
    • ►  February (19)
    • ►  January (25)
  • ►  2009 (123)
    • ►  December (10)
    • ►  November (17)
    • ►  October (21)
    • ►  September (13)
    • ►  August (20)
    • ►  July (21)
    • ►  June (21)
Powered by Blogger.

About Me

Unknown
View my complete profile