TaoSecurity

Future Books

Role: Co-author
Publisher: Addison-Wesley
Availability: July 2011
Subject: Brand-new cases from the Jones, Bejtlich, and company team! We are working on this book now.

Role: Author, with several contributors
Publisher: Addison-Wesley; November 2005, ISBN 0321349962
Availability: Amazon.com
Reviews and Citations: Amazon.com, Tony Stevenson, USENIX Login (.pdf), Information Security Magazine
Subject: Extrusion Detection helps security architects and engineers control and instrument their networks, and helps analysts investigate security events. Extrusion Detection is a sequel to my first book, but this one is focused on monitoring client-side intrusions. Readers will learn theory, techniques, and tools to implement network security monitoring (NSM) for internal intrusions. This book believes that a defensible network can be built and operated only if the people, products, and processes enable pervasive network awareness.
Excerpts: Foreword by Marcus Ranum; Chapter 4 ("Enterprise Network Instrumentation") and chapter 3 ("Extrusion Detection Illustrated"), all in .pdf format
Errata: here
Downloads: none yet
Miscellaneous: not applicable

Role: Co-author, with Keith Jones and Curtis Rose
Publisher: Addison-Wesley; October 2005, ISBN 0321240693
Availability: Amazon.com
Reviews and Citations: Amazon.com, IEEE Cipher, USENIX Login (.pdf), Information Security Magazine
Subject: Real Digital Forensics is a hands-on guide to digital forensics. We provide host-, network-, and memory-based evidence on a DVD for readers to analyze, and then explain how to extract information from that evidence.
Excerpts: Chapter 1: Windows Live Response (.pdf)
Errata: here
Downloads: none yet
Miscellaneous: The book Web site is www.realdigitalforensics.com

Role: Author
Publisher: Addison-Wesley; July 2004, ISBN 0321246772
Availability: Amazon.com
Reviews and Citations: Amazon.com, BN.com, Slashdot, Computerworld,LinuxSecurity.com, IEEE Cipher, USENIX Login (.pdf), Information Security, Dru Lavigne, BMonday.com, (IN)SECURE magazine (.pdf), Firewall.cx.
Subject: My first solo book, The Tao of NSM is a comprehensive overview of the products, people, and processes needed to implement network security monitoring.
Excerpts: foreword; Chapters 2 and 10 ("What is NSM?" and "Alert Data: NSM Using Sguil"), chapter 11 ("Best Practices"), and chapter 18 ("Tactics for Attacking NSM"), all in .pdf format; chapter 10 is browsable at Informit.com
Errata: here -- note the fixed references to figures in Appendix A for the TCP sequence number discussion
Downloads: The traffic captures referenced in chapter 4 are available here. They are in .tar.gz format (Windows users can use WinZip or 7-Zip to access them) and about 2 MB prior to extraction. The papers discussed in Appendix B are available here (17 MB).

Role: Contributor, chapter 8 ("Collecting Network-Based Evidence") and chapter 14 ("Analyzing Network Traffic")
Publisher: McGraw-Hill/Osborne, July 2003
Availability: Amazon.com listing
Subject: Incident Response was the best IR book in the early 2000's. I contributed material to chapters 8 and 14, although Kevin modified them to suit his needs.
Excerpts: none
Errata: none
Downloads: none
Miscellaneous: not applicable

Role: Contributor, "Case Study: Network Security Monitoring"
Publisher: McGraw-Hill/Osborne, February 2003
Availability: Amazon.com
Subject: Hacking Exposed put Foundstone on the map. This book featured the first formal publication of the term "network security monitoring" as defined by the NSM community.
Excerpts: none
Errata: none
Downloads: See HackingExposed.com
Miscellaneous: none