Network Security Through Data Analysis
Author: Michael Collins
Publisher: O’Reilly Media
One of the most crucial tasks of network administrators is to keep the network secure – or as secure as possible. In order to do this, they must know of which components the network is made and how these components are used. In short, they have to have an accurate picture of the situation. This book explains how to reach that goal.
About the author
Michael Collins is the chief scientist for RedJack, a network security and data analysis company. Prior to his work at RedJack, Dr. Collins was a member of the technical staff at the CERT/Network Situational Awareness group at Carnegie Mellon University.
Inside the book
The book is divided into three sections. The first one deals with data: how it’s collected (via sensors), stored and organized (in traditional databases, Big Data systems, etc.).
The second part does an excellent job in covering tools used for analysis, visualization and reporting. The tools covered are the SiLK toolkit, the R environment, intrusion detection systems, reference and lookup tools, and a wide array of additional tools such as netcat, nmap, Scapy, Wireshark, and so on.
The final section focuses on how to analyze all the collected data, and touches on exploratory data analysis, traffic volume and behaviour analysis, converting network traffic into graph data, correlating network traffic with ports used, and finally shows how to accurately map and inventory a network.
Perhaps that last chapter could be among the early ones, but despite this, the book is very well structured.
It’s goal is to create a clear picture of the situation on the network in order to give the administrator a basis on which to make the right security decisions.
You can tell that the author has consciously eschewed much of the theory, and has concentrated on teaching how to spot – and react to – abusive network behavior, whether it comes from inside or outside the network.
He also made sure to note that it’s important to choose what elements of the network to secure. He is aware that, otherwise, there will simply be too much data to analyze, and that it probably won’t be because of lack of resources.
This is by no means a book that holds all the knowledge network admin should possess, but it’s a great way to review it and see if they have missed something. The book also contains good references for further reading.