Richard Bejtlich is a former Air Force intelligence office and recognized authority on computer security. He is also contributor to the Open Source Sguil project - GUI for the Snort intrusion detection engine. Being a regular reader of the author's security focused blog at http://taosecurity.blogspot.com I eagerly anticipated the book. The Tao did not disappoint me. The book is about very complex subject written in plain language, almost every paragraph has extensive list of references. The 33-page index makes search through "The Tao..." almost Google-like. Readers can find sample chapters at http://www.taosecurity.com/books.html

The book has 5 parts, 18 chapters and 798 pages. It describes what Network Security Monitoring is and what NSM is not and why it is important. It also has very interesting case studies and guide for security professional training. Since target audience of "The Tao..." is security professionals of all skill levels, experienced folks might find some chapters too simple or too detailed. I think author could have scaled back a little on screen dumps and usage tips in Part II where he lists many Open Source tools for network traffic data collection and processing like Ethereal, Tcpdump, Tcpflow, Ngrep and many others. That information can be found on respective websites. Even though author's operating system of choice is FreeBSD, described tools are available for other Open Source and commercial operating systems.

Overall this book is a valuable addition to network administrators and security professionals library. It is a perfect manual for aspiring NSM practitioner.

LUG/IP is a New Jersey non-profit corporation exempt from federal
income taxation under IRS 501(c)3. Donations are tax deductible.
Serving the Trenton-Princeton area.
"Linux" is a trademark of Linus Torvalds.