The Tao of Network Security Monitoring by Richard Bejtlich

The Tao of Network Security Monitoring by Richard Bejtlich

Author:Richard Bejtlich
Language: eng
Format: epub
Publisher: Pearson Education Limited (US titles)
Published: 2005-12-07T05:00:00+00:00


Tasks

NSM engineers should be proficient in at least one scripting language and one programming language. Most find shell or PERL scripting to be very helpful. Shell scripts can be used to automate repetitive tasks such as administering sensors. In fact, advanced system administration cannot be done without scripting expertise. PERL is especially useful for parsing logs.

For programming languages, knowledge of C is required by anyone wishing to move to the next level of NSM expertise. Most exploit code is written in C, as are many tools. Exploit code, especially code that takes advantage of buffer-overflow vulnerabilities, invariably contains shell code. Shell code is written in assembly language and is specific to the processor architecture of the target. To follow the workings of buffer-overflow exploits, knowledge of assembly language is required.

A good way to acquire and improve scripting and programming skills is to contribute to or maintain an open source project. SourceForge.net (http://www.sourceforge.net) contains thousands of open source projects, any of which might pique the interest of an NSM analyst. Contributing documentation, beta tests, code corrections, or additional functions to an open source project helps the community and the analyst.



Download



Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.