Sunday, November 4, 2007

NSM readup, for later use

I am still behind my own schedule for my NSM setup, guess my wife and our newborn (2 months old) is taking up most of my time :-)

Anyway, I want to keep a few pointers to good articles and websites for later. Once again from Taosecurity :-)
Russ McRee followed his excellent discussion of NSM and Sguil in the October InfoSecMag with a new article called Argus – Auditing network activity (.pdf), published in the November 2007 ISSA Journal. It's another great read.

UPDATE 1:
Great NSM demo from Taosecurity, using session analysis and full content, basically perfect for education: http://taosecurity.blogspot.com/2007/11/analyzing-protocol-hopping-covert.html


UPDATE2:
Taosecurity again of course: What is NSM? NSM vs. IDS, with pointer to a slide show from 2002 :-) It still holds water! One of the good ones:
“IDS” is only a product; NSM is an operation
incorporating products, people, and processes

No comments: