基于数据分析的网络安全
全新正版 极速发货
¥ 30.05 4.6折 ¥ 66 全新
库存3件
广东广州
认证卖家担保交易快速发货售后保障
作者(美)柯林(Michael Collins) 著 著作
出版社东南大学出版社
ISBN9787564150075
出版时间2014-10
装帧平装
开本16开
定价66元
货号1201026481
上书时间2024-11-22
商品详情
- 品相描述:全新
- 商品描述
-
作者简介
Michael Collins是RedJack有限责任公司的首席科学家。这家公司位于美国华盛顿特区,从事网络安全和数据分析。Michael主要负责网络仪器和流量分析,尤其是大流量数据集。
目录
《影印版 基于数据分析的网络安全》目录参见目录图
内容摘要
《基于数据分析的网络安全(影印版)(英文版)》分成3个部分,包括采集和组织数据的流程、多种分析工具以及几个不同的分析场景和技术。它很适合网络管理员和熟悉脚本的运行安全分析员。传统的入侵检测和日志分析已经不足以保护今天的复杂网络。在这本实用指南里,安全研究员michael collins为你展示了多个采集和分析网络流量数据集的技术和工具。你将理解你的网络是如何被利用的以及有哪些必要手段来保护和改善它。
精彩内容
If you compare rwfilter's option-based filtering against tcpdurnp's BPF filtering,it's immediately obvious that rwfilter's approach is much more primitive.This was an intentional decision: rwfilter is focused on processing large volumes as quickly as possible,and the overhead involved in processing some kind of parseable language was deemed too expensive.
The place where this usually trips people up is the lack ofobvious not and o r operators.For example,ifyou want to filter out all web sessions,you may try to filter traffic where one port is 80,and the other is ephemeral.The initial attempt might be:
rwfilter--sport=80,1024-65535--dport=80,1024-65535--pass=stdout
The problem is that this will also pass any flows where the source and destination port are both 80,and flows where the source and destination port are both ephemeral.To deal with problems like this,rwfilte r has a collection ofhelper functions,which combined with the--fail option and multiple fllters should be able to address any of these problems.
In the case of ports,the--aport option refers to either the source or the destination port.Using--apo rt and two filters,you can identify the appropriate sessions as follows:
rwfilter--aport=80--pass=stdout I rwfilter--input-pipe=stdin
--aport=1024-65535--pass=stdout
The first filter identiFies anything engaged in port 80 traffic,and the second takes thatset and identifies anything that also used an ephemeral port.
相关推荐
— 没有更多了 —
以下为对购买帮助不大的评价