Half of this book is filled with detailed command lines and procedures to follow to run Security Onion. These details have since become quite dated. the prose around this remains useful. Before diving into the details of running tools, the book explores what network security monitoring is and why it is important. The various techniques (and legal concerns) are also covered. This part has much better stood the test of time. A key principle is that no matter what the defenses, a bad actor will find their way into your network. You need to expect that and be able to find them and prevent too much damage from happening. (Sometimes that means letting them stay for a while so they can be tracked.)
No comments:
Post a Comment