"Unix/linux Network log analysis and Traffic monitoring" new book release
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/53/DB/wKiom1RylxSi_GcGAAXqktZbpqQ386.jpg "title=" 6- S.jpg "alt=" Wkiom1rylxsi_gcgaaxqktzbpqq386.jpg "/>
82 percent booking is now available. http://item.jd.com/11582561.html 650) this.width=650; "Src=" http://s3.51cto.com /wyfs02/m02/53/da/wkiol1rymt6chgciaak0wtu86dw953.gif "title=" Xxk.gif "style=" float:left; "alt=" Wkiol1rymt6chgciaak0wtu86dw953.gif "/> |
|
log analysis is the basic skill of a system administrator. the Unix/linux system provides a powerful logging system that provides powerful support for administrators to find and discover problems. This book in the form of storytelling, the author's hands-on experience into it, as if Sherlock Holmes in the context of the entire case to Watson, so that readers in the process of analysis with the author, to understand the Unix/linux log analysis tips. The language of the book is easy to understand, combined with case scenarios, ease of practical operation.
More importantly, system administrators (including various It practitioners) through this book, not only can learn the role of Unix/linux log, but also can extrapolate, standing in a higher perspective on IT Operations and security systems. Only by looking at these problems in a holistic way can we increase the stability and security of the system and free the system administrators from the daily affairs.
--Wu Yuzheng 51CTO deputy Editor-in-chief (former computer World newspaper)
the author of this book, Mr. Li Chenguang is a 51CTO expert blogger, his articles by the technical peer attention. The author was named "Ten Outstanding it blogs" in the China It blog Competition of the year , and a book written by such a good blogger is definitely worth a look. This book details the Unix/linux platform under the Log analysis method and computer forensics skills, and in the form of storytelling, the whole process of log analysis, its biggest highlight is the unix/linux system in the boring technical problems, Through the vivid case shows, each case after reading can let the system administrator has the harvest. You'll never regret reading the book.
-- Cao Yali 51CTO Blog editor,51CTO senior Operations Manager, college
"Unix/linux Network log analysis and Traffic monitoring" This book takes enterprise network security operations as the background, not only detailed analysis of today's more typical security issues, including DDoS attacks, wireless attacks, malicious code, SQL injection and other cases and remediation measures, It is also able to let the enterprise operators understand and familiar with the most popular Ossim open source system, mining network security issues. The author has 10 years of experience to share, whether you are a network engineer, system administrator or information security personnel, will be in this book with the author resonates. The biggest highlight of the book is different from other security books, and it gives the reader a way to solve the problem rather than a simple case study. It is recommended to give it to fish.
--Ningliping 51CTO reading channel supervisor
Li Chenguang Teacher is Chinaunix expert Blogger, in the field of Unix/linux research for many years, the log analysis technology has unique insights. This "unix/linux Network log analysis and traffic monitoring" is the industry's first based on the Unix/linux environment, to explain the application system log collection, analysis method of monographs, is Mr. Li's years of precipitation technology crystallization. The book uses a lot of vivid cases, vividly shows the system vulnerability prevention, malicious code analysis,DoS analysis, malicious traffic filtering and other security protection technology, in-depth analysis of many system administrators of the wrong maintenance methods and misunderstandings, security workers have a good reference value. If you are interested in network security, log analysis, we strongly recommend this book.
--Chinaunix Technology Community
Ops people are very clear, very boring and have to do is the server log file analysis and traffic monitoring. Although there are a lot of related tools and software, it is often not enough to really combine them with their actual work. This "unix/linux Network log analysis and traffic monitoring" is a case-driven form of the Unix/linux system's original logs (raw log) acquisition, Analysis to the log audit and forensics links are detailed introduction and explanation, the content is very rich, the middle also interspersed with a lot of small stories, not boring, let you in a relaxed reading environment to improve their log analysis skills. If you are an OPS person or want to be an OPS person, you deserve it!
--itpub Technology Community
with the increasing severity of cyber threat, more and more users are concerned about the problem of information security. And for unix/linux system security discussion, Li Chenguang teacher's This "unix/linux Network log analysis and traffic monitoring" is obviously very good choice, this book through a vivid case will Unix/linux The security issues under the system are analyzed in a profound way, so that you can better digest the methods and techniques, which are well worth reading.
-- Citibank IT168 Security Channel Editor
the book from Unix/linux System of raw log (raw log) acquisition and analysis, and gradually into the log audit and computer forensics link. The book provides a number of cases, each case with a vivid note of the network after the invasion, management personnel to carry out the process of system forensics and recovery, case analysis techniques with the storyline, so that the reader immersive to test their own emergency response and computer forensics ability.
This book is used in the case of the author from the system maintenance and forensics work summarized, screened out, these content to improve network maintenance level and event analysis ability has important reference value. If you are concerned about cyber security, the case in the book will certainly resonate with you. This book is suitable for unix/linux system administrators and information security professionals with some experience.
1. Why did you write this book?
Domestic has published a lot of internet security, such as defense books, most of which are Windows platform-based. But most of the Internet application servers are architected on the Unix/linux system, and readers need to know about the security cases of these systems. So I am determined to write a book based on Unix/linux , from a white hat perspective, for everyone on the Enterprise network unix/linux system in the face of various network threats, how to find clues to the problem through the log information, repair network vulnerabilities, Build a secure network environment.
2. Features and structure of the book
The case covers typical types of attacks in today's web applications, such as DDoS, malicious code, buffer overflow,Web application attacks, IP fragmentation attacks, man-in-the-middle attacks, wireless network attacks, and SQL injection attacks. Each story first describes a security incident. Then by the Administrator on-site survey, collect various information (including log files, topology map and device configuration file), and then the various security incident alarm information cross-correlation analysis, and guide the reader to analyze the cause of the intrusion, the reader into the case. Finally, the author gives the ins and outs of the invasion process, at the end of each case to put forward a precautionary approach to such attacks and remedial measures, the focus is to tell the reader how to conduct system and network forensics, find and repair various loopholes, so as to effectively defend.
there are three chapters in the book.
First Log Analysis Foundation (section 1~ 3 Span style= "font-family: ' The song Body '; > chapter), is the foundation of the book, for the it operators are particularly important, summarized systematically Unix/linux system and various network application log characteristics, distribution location and the role of each field, including Apache log, Ftp log, Squid log, Samba log, Iptables log, Dns log, Dhcp
Second Log analysis Combat (section 4~ 12 Span style= "font-family: ' The song Body '; > chapter), according to the author's own experience of the adaptation of some small stories, reproduced the author of the various network intrusion events encountered in the occurrence, development and treatment methods, preventive measures, and a network operation on the road encountered on the "bloody" lesson to warn everyone, if not upgrade the patch will be how, What happens if you do not secure the system. Examples include web website crashes, dns fault, encounter DoS attack, Solaris placement backdoor, encounter overflow attack, rootkit attack, worm attack, database is sql inject, server becomes springboard, ip fragment attack, etc.
The third part of the network traffic and log monitoring (chapter IV ), with a large number of examples to explain the flow monitoring principles and methods, such as open source software xplico application skills,NetFlow The application in the abnormal traffic. The paper also introduces the establishment of a network log traffic monitoring network with open source Ossim security system.
This book, from the perspective of cyber security personnel, shows how the network intrusion occurs when you are confronted with a multitude of clues about how to tap into key issues and ultimately solve them. The case of the book in the original scenario-based description, through a fresh it scene, reflects the IT practitioners in the work of the difficulties encountered. In the case of interactive questioning and open-ended answers, readers unknowingly grasp some important network security knowledge and practical technical solutions.
in the case of this book IP Address, domain name information are fictitious, and the solution involved in the download site and a variety of information query site is true, with a high reference value. The book has a large number of system logs , which are important evidence of network failure forensics processing, because of the confidentiality issues involved, all the logs have been technical processing.
Due to the tight time, limited capacity, the book is unavoidable, but also please readers to my blog a lot of mistakes.
3. The experimental environment of this book
This book is selectedUNIXPlatform forSolarisand theFreeBSD,Linuxplatform mainly forRed Hatand theDebian Linux. The Forensic Investigation Tool Panel isDeft 8.2and theBack Track5. In thehttp://chenguang.blog.51cto.com(Author's blog) providesDeft-vmware,Bt5-vmware,Ossim-vmwarevirtual machines for readers to download study studies.
This article is from the "Lee Chenguang Original Technology blog" blog, please be sure to keep this source http://chenguang.blog.51cto.com/350944/1581805
"Unix/linux Network log analysis and Traffic monitoring" new book release