TAILIEUCHUNG - What Is Network Security Monitoring?

Network reconnaissance cannot be prevented entirely. If Internet Control Message Protocol (ICMP) echo and echo-reply is turned off on edge routers, ping sweeps can be stopped, but at the expense of network diagnostic data. However, port scans can easily be run without full ping sweeps; they just take longer because they need to scan IP addresses that might not be live. Intrusion detection systems (IDSs) at the network and host levels can usually notify an administrator when a reconnaissance attack is underway. This enables the administrator to better prepare for the coming attack or to notify the Internet service provider. | Page 25 Thursday June 17 2004 8 40 AM What Is Network Security Monitoring Now that we ve forged a common understanding of security and risk and examined principles held by those tasked with identifying and responding to intrusions we can fully explore the concept of NSM. In Chapter 1 we defined NSM as the collection analysis and escalation of indications and warnings to detect and respond to intrusions. Examining the components of the definition which we do in the following sections will establish the course this book will follow. Indications and Warnings It makes sense to understand what we plan to collect analyze and escalate before explaining the specific meanings of those three terms in the NSM definition. Therefore we first investigate the terms indications and warnings. Appreciation of these ideas helps put the entire concept of NSM in perspective. The . Department of Defense Dictionary of Military Terms defines an indicator as an item of information which reflects the intention or capability of a potential enemy to adopt or reject a course of action. 1 I prefer the definition in a . Army intelligence 1. This definition appears in http doctrine jel doddict data i . This sentence marks the first use of the word information in this chapter. In a personal communication from early 2004 Todd Heberlein makes the point that one entity s information is another entity s data. For example a sensor may interpret packets as data and then forward alerts which it considers information. An intrusion management system IMS treats the incoming alerts as data which it correlates for an analyst as information. The analyst treats the IMS output as data and sends information to a supervisor. This book does not take as strict a view concerning these two words but the distinction is enlightening. 25 Page 26 Thursday June 17 2004 8 40 AM Chapter 2 What Is Network Security Monitoring training document titled Indicators in

• An ninh - Bảo mật
• Secure Network
• Risk Analysis
• Network Systems
• Communicate
• Distance Vector Routing
• Link State Routing
• Network Layer
• CCNA Security
• Lecture CCNA Security
• Managing Secure Network
• Cisco SecureX Architecture
• Wireless sensor network
• Secure location
• Independent attack
• Collusion attack
• Secure localization against malicious attacks
• information technology
• international certification
• network cisco
• cisco exam
• Cisco Secure VPN
• Network security
• management network
• Network Security Fundamentals
• Guide to Network Security Fundamentals
• Information security
• Securing the Network Infrastructure
• Network cable plant
• Secure removable media
• Secure Windows Vista Networking
• network hardware
• router
• network resources
• digital media hub
• using Windows Vista
• wireless Hardware
• công nghệ thông tin
• tin học
• internet
• computer network
• microsoft office
• System security
• Ebook Network and system security
• Secure organization
• Preventing system intrusions
• Guarding against network intrusion
• Incorporating security
• Lecture Network security
• Computer hacking
• Internet security
• Secure electronic transactions
• Secure Socket Layer
• SSL Record Protocol
• Java network programming
• Basic network concepts
• Sockets for clients
• Sockets for servers
• Secure sockets
• Nonblocking I/O
• IP multicast
• International Journal of computer science & communication networks
• A secure binomial tree
• Binomial key tree approach
• Social Network Analysis
• Compute the average encryption
• Energy efficient
• Attack probability
• Secure routing protocols
• Multi hop communication connections
• Protecting advanced communications
• Harden File Transfer Protocol
• Secure remote access
• Operational security
• Harden physical security
• Secure the physical environment
• CCNA Security Partner
• Network Foundation Protection
• Cisco Configuration Professional
• Cisco NFP Framework
• Secure management
• Lecture notes on Computer and network security
• Computer security
• Wifi communications
• Stream ciphers
• Secure wired
• Networking essentials plus
• Lecture Networking essentials plus
• Ensuring network security
• Networks secure
• Healthy network environment
• Data protection
• CCIE exam
• Network Design
• IP Routing
• Windows Networking
• Access Network
• Secure Networks