Re: Need help/info

[Stephen Mullins <steve.mullins.work () gmail com>]

These are definitely great books.  I recommend every shop I'm in keep
copies on the shelves as references and for Jr. Analysts or those that
don't come from a Network Security Monitoring background.  Nowhere
else that I'm aware of really spells out what NSM is and how to do it
right like Bejtlich's Tao.

Steve Mullins

On Mon, May 25, 2009 at 2:27 PM, Richard Bejtlich <taosecurity () gmail com> wrote:
> On Wed, May 20, 2009 at 6:25 PM, ubernewbie <duppyconqueror33 () gmail com> wrote:
> > I work for a small company with a hub/spoke network. I've been tasked with
> > setting up an IDS(Snort) to begin monitoring security related events and
> > basically build out a security program/infrastructure.  Do any of you have
> > any good sites/forums that go into the process of intrusion detection. I can
> > get the alerts from snort but there are so many that it it's hard to make
> > heads or tails. I'm looking for ideas on what to look for and what to pay
> > specific attention to.  Also any good websites that alert/explain new
> > vulnerabilities would be great. Any help would be appreciated.
>
> Hello,
>
> If you're looking for a good book or two, my Tao and Extrusion books will help:
>
> http://www.taosecurity.com/books.html
>
> If you're looking for blogging on the subject, try my blog:
>
> http://taosecurity.blogspot.com
>
> I also wrote a series for TechTarget called Snort Report:
>
> http://searchsecuritychannel.techtarget.com/tips/index/0,289482,sid97_tax307691,00.html
>
> If you're looking for a good Wiki, try:
>
> http://nsmwiki.org
>
> If you're looking for the best suite for network security monitoring, try:
>
> http://www.sguil.net
>
> Good luck!
>
> Richard