If you work in security then this book fills a gap in what most other security books cover - how to detect when your security is breached so that you can plug the leak and fix the damage as quickly as possible.
It is impossible to secure any network so that it is impossible to break in if the network has any sort of connection to other networks (eg. the internet). This book deals with how to minimise the effect that such a breach of all your security measures can have by showing you how to implement a completely separate layer of security that is there simply to aid with detecting such breaches ant to determine the extent of the damage done so that it can be most effectively fixed.
The book discusses both why you need to consider security monitoring and also takes an in depth look at a range of security monitoring tools and how to both implement them effectively on your network and also how to use them to detect a breach and analyse just what damage was done.
The first couple of chapters provide an introduction to network security monitoring, why you need it, and how and where to implement it. The next section of the book discusses a product called "Security onion" which is a combination of a Linux operating system and a large collection of security tools that can be implemented to provide for most of your security monitoring needs. The third section of the book then introduces you to a selection of the security monitoring tools that SO provides and explains what each is for. This is then followed by a section that gives reasonably realistic examples of some different types of intrusion and explains both which tools to use and how to use them to determine exactly what happened.
This article written by Stephen Chapman, Felgall Pty Ltd.