Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Security Log Management", Jacob Babbin et al

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Security Log Management", Jacob Babbin et al
Date: Mon, 02 Oct 2006 11:27:22 -0800 
BKSCLGMN.RVW   20060821

"Security Log Management", Jacob Babbin et al, 2006, 1-59749-042-3,
U$49.95/C$69.95
%A   Jacob Babbin
%A   Dave Kleiman
%A   Everett F. Carter
%A   Jeremy Faircloth
%A   Mark Burnett
%C   800 Hingham Street, Rockland, MA   02370
%D   2006
%E   Esteban Gutierrez
%G   1-59749-042-3
%I   Syngress Media, Inc.
%O   U$49.95/C$69.95 781-681-5151 fax: 781-681-3585 www.syngress.com
%O  http://www.amazon.com/exec/obidos/ASIN/1597490423/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1597490423/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1597490423/robsladesin03-20
%O   Audience a- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   333 p.
%T   "Security Log Management: Identifying Patterns in the Chaos"

Chapter one reviews the problem of masses of data.  The text suggests
that there are solutions, and even gives some examples, but the
writing seems to be intended only for an audience that is already
skilled, working, and well familiar with those very solutions. 
Sections of sample code are provided (here and at other places in the
book), but they tend to be of limited utility because significant
chunks of the actual functional parts are missing.  Various tools for
IDS (intrusion detection system) reporting are described in chapter
two.  Fewer tools are listed for firewall reporting in three. 
Although entitled "Systems and Network Device Reporting," chapter four
looks solely at Web server logs, and that only for a single type of
attack or situation.  However, the restriction of topic is somewhat
ameliorated by the best writing in the book: the coverage of the
analysis is clear and an excellent introduction to WEb server
forensics.  Chapter five has scripts for text reporting (illustrated
by graphical presentation of the data, so it is somewhat misleading). 
Chapter six suggests that you should do Enterprise Security
Management, and notes some of the difficulties you may encounter, but
doesn't provide any help.  Despite the title of "Managing Log Files
with Microsoft Log Parser," chapter seven merely talks about generic
file management.  Chapter eight does provide some Microsoft Log Parser
SQL code for reporting, and has a few other useful suggestions.  More
Log Parser SQL code, this time for formatting CSV (comma separated
version) data, is in chapter nine.

Basically, if you already know how to deal with event logs, log data,
and log data analysis, this book will provide you with some
suggestions about tools that you might want to try.  If you are
already struggling with network forensics and intrusion detection, the
material in this volume won't help much.

copyright Robert M. Slade, 2006   BKSCLGMN.RVW   20060821


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
The danger in weakening encryption is that our infrastructure
would become even less secure.
                          - Bill Crowell, former NSA deputy director
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Security Log Management", Jacob Babbin et al, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Next by Date:  [CISSP-D] ISO 17799 / ISO 27001, laurahamp
Next by Thread:  [CISSP-D] ISO 17799 / ISO 27001, laurahamp
Indexes:  [Date] [Thread] [Top] [All Lists]