Saturday, April 21, 2007

NetSecAnalyst: The Handbook

Yeah, there are people asking me about the progress of my book - Network Security Analyst: The Handbook.

My initial idea is to have all my blog posts regarding usages of network security tools to be included and packaged into the book, but I realize that this won't make it a good book for Network Security Analyst. I have more thoughts about the book lately hence I can't have it shipped sooner. There are four primary sections for the book which I think very important for network security analyst wannabe -

Network Security Analyst: The RoadMap
What are good foundations and technical knowledge that should be acquired to become good network security analyst? I hope The RoadMap can answer question like that, until now I haven 't seen any books discussing about this topic yet.

Network Security Analyst: The WorkFlows
What are the methodologies and mechanisms that are used by network security analyst to handle their tasks? The routine daily tasks, the automated and manual process of performing analysis, situation handling and so forth.

This is more of how to think or work like a network security analyst. I will try to standardize the common work flows but you are free to extend it to your own way.

Network Security Analyst: The Tools
What are the tools that are commonly used by Network Security Analyst and how they use them? I believe this part should be demonstrating the NSM based tools usage, one should understand this is not the real meat of network security analyst, this is more of helper section to show various examples in using the network security tools. This section will usually be updated as I will import it from my blog and modify it to be more organized and readable. I suggest you read this book to get yourself ready when comes to using most of network security tools -

http://www.awprofessional.com/bookstore/product.asp?isbn=0321246772&rl=1

I truly believe that learning to use tools itself won't make you a good analyst, the right thing to do should be study on how to interpret the results that generated by the tools, this is always not been emphasized but I would see most of analysts will agree with me.

Network Security Analyst: The Case Study
How Network Security Analyst handles the (Intrusion/Extrusion)incidents in real world?

This will load up few incident scenarios and how Network Security Analyst starts his analysis process, examination, escalation and confirmation to decision making. This will make a good round up of what have been studied from previous three sections, and applying it to the real world scenario. One of the site that I suggest you look at should be -

http://www.honeynet.org/misc/chall.html

There are many challenges offered by honeynet community, knowledge sharing is always interesting.

I think this is the final layout for my handbook, hopefully I won't dream of any new ideas for the book again -

Sec 1 - Net Sec Analyst: The RoadMap
Sec 2 - Net Sec Analyst: The Workflows
Sec 3 - Net Sec Analyst: The Tools
Sec 4 - Net Sec Analyst: The Case Study

All the sections are actually correlated, everyone are welcomed to give me suggestions and inputs, what do you think? I don't have skill to write, but no one can stop me from writing anyway.

P/S: For the book, ayoi will be one of the contributor. I would love to spare my time to develop Network Security Analyst LiveCD(we called it raWPacket LiveCD) using freesbie and ship it together with the release of the book, time is always constraint. However I'm glad that I have chfl4gs with me now in developing the liveCD. Stay tuned!!!!!

Btw, I'm looking for non-paid editor(this is free ebook) as I don't know good english. If you would like to help, please let me know.

Peace (;])

7 comments:

Johncrackernet said...

I'm still waiting your book Geek00l....Can you give free book to me?? Hehehehe.....I agree with you. "To become a good security analyst, learning to use tools itself won't make a good analyst. The right thing to do should be study on how to interpret the results that generated by the tools"...To use a tool is very easy, but to analyze alert generated by a tool is not easy. An analyst should have knowledge,ideas,experience and skills to analyze alert. Analyst should have knowledge on latest vulnerabilities, exploits or attack patterns used by ethical/non-ethical hacker/script kiddies.

Anonymous said...

Sounds like a good book to me. When do you expect it to be released?

Anonymous said...

I think geek00l is still for my parts. I have to audit/adjust few things for the case study materials (sensitive materials maa). In few weeks time I will have them finished. Sorry for the delay tho.

Anonymous said...

geek00l, me edits english good.

Put another way, I can tell you when something sounds good, and when something doesn't, and I have some understanding of the content. Feel free to drop me a line with what you need.

~~ kraigus

Anonymous said...

To support you, i will purchase your book. Any discount ? hehe

you're great guy.

Anonymous said...

chfl4gs has told me that the livecd will release soon.

good job, keep going.

anything need my help just let me know :P but i dont think i can help you much.

Chris said...

I could assist with editing. Please e-mail me, and let me know what you need.