Average Reviews:
(More customer reviews)Are you looking to buy Security Log Management: Identifying Patterns in the Chaos? Here is the right place to find the great deals. we can offer discounts of up to 90% on Security Log Management: Identifying Patterns in the Chaos. Check out the link below:
>> Click Here to See Compare Prices and Get the Best Offers
Security Log Management: Identifying Patterns in the Chaos ReviewWhen I received a review copy of Security Log Management (SLM) last month, I was eager to read it. I saw two very powerful but seldom discussed tools -- Argus and Bro -- mentioned in the table of contents. This indicated some original thinking, which I appreciate. Unfortunately, SLM did not live up to my expectations. When you strip out the pages of scripts and code and the three reprinted chapters, you're left with a series of examples of output from the author's deployment of several tools. Aside from a few examples mentioned in this review, I don't think readers will learn much from SLM.The first problem with SLM is a lack of competent editing. Prior to publication, someone should have read the book from the reader's perspective, asking "what is the reader expected to learn from this section/chapter/book?" In other words, the editor should have asked "how is the reader supposed to implement these recommendations?" For example, Ch 2 mentions using the Bro IDS. Nothing about setting up Bro is included, which would be acceptable if a reference to an online guide or another book was given. That is not the case; the author just assumes readers know about Bro and have it running. The number of Bro users is probably less than 100. If you're one of them, you don't need to read this book!
Bro's DNS and SMTP logging modules are casually demonstrated with no regard for showing the reader how to deploy them. The Web module at least shows a sample mt.bro file, if the reader can figure out what that is or how it fits into the picture. The situation gets worse on p 101 when the author says "the SMTP module can be very powerful in helping to identify several of the 'Marcus Ranum' top mail-related statistics (Chapter 1)." Marcus Ranum is not mentioned at all in Ch 1.
SLM demonstrates two other features that are becoming increasingly common and frustrating in Syngress books, for which I detracted stars from the review. First, the editing is rough. I am perplexed by the inability to standardize on references to tools; e.g., is it bro, Bro, or BRO? Second, and far more worrisome, the last three chapters (7, 8, and 9) of SLM are reprints of chapters 6, 7, and 5 from the Feb 2005 Syngress book Microsoft Log Parser Toolkit. On the positive side, SLM did not have as many fuzzy screen shots as sometimes appear in recent Syngress books. The unexplained small, fuzzy, NetForensics screen shot on p 31 is one unwelcome exception.
In terms of stating a clear purpose and delivering material in a coherent manner, the best chapter in SLM is Ch 6 -- Scalable Enterprise Solutions. I thought the author of this chapter stated his purpose, and then delivered material that readers could use. My only problem with the chapter was reading the definition of ESM 5 times -- on pp 195, 196, 205, 237, and 238!
My favorite part of SLM was the material showing how to put Argus records into a MySQL database. This is not that common, so I was glad to see how the author implements that function.
I'm sorry I can't recommend reading SLM in its current form. Three stars means there is some value, but you could get what you need browsing in the book store. I would like to see a second edition of SLM cut out the reprinted chapters. That cuts the book down to 241 pages. If the 70 or so pages of code are moved online, that reduces the book to 171 pages. That leaves plenty of room to add material that meets readers' needs. An example of a very strong Syngress book on a related (host-based) topic is Host Integrity Monitoring Using Osiris and Samhain by Brian Wotring.Security Log Management: Identifying Patterns in the Chaos OverviewThis book teaches IT professionals how to analyze, manage, and automate their security log files to generate useful, repeatable information that can be use to make their networks more efficient and secure using primarily open source tools. The book begins by discussing the "Top 10" security logs that every IT professional should be regularly analyzing. These 10 logs cover everything from the top workstations sending/receiving data through a firewall to the top targets of IDS alerts. The book then goes on to discuss the relevancy of all of this information. Next, the book describes how to script open source reporting tools like Tcpdstats to automatically correlate log files from the various network devices to the "Top 10" list. By doing so, the IT professional is instantly made aware of any critical vulnerabilities or serious degradation of network performance. All of the scripts presented within the book will be available for download from the Syngress Solutions Web site.Almost every operating system, firewall, router, switch, intrusion detection system, mail server, Web server, and database produces some type of "log file." This is true of both open source tools and commercial software and hardware from every IT manufacturer. Each of these logs is reviewed and analyzed by a system administrator or security professional responsible for that particular piece of hardware or software. As a result, almost everyone involved in the IT industry works with log files in some capacity.* Provides turn-key, inexpensive, open source solutions for system administrators to analyze and evaluate the overall performance and security of their network* Dozens of working scripts and tools presented throughout the book are available for download from Syngress Solutions Web site. * Will save system administrators countless hours by scripting and automating the most common to the most complex log analysis tasks
Want to learn more information about Security Log Management: Identifying Patterns in the Chaos?
>> Click Here to See All Customer Reviews & Ratings Now
0 comments:
Post a Comment