Bejtlich's insights and outlooks when it comes to many different areas of network security monitoring really helped to provide the necessary context for understanding the material, mechanisms, and processes of the field.
There were other readings assigned in the course that were useful, too, of course, and many other sources encountered during the various exercises and research/written work required for the completion of the course that were also beneficial in identifying and illuminating many of the specific areas of concern and of growing knowledge and interest in the network security monitoring field. While Bejtlich (2004) does a tremendous job of introducing and outlining many of the fundamental theories and frameworks within the discipline of network security monitoring, these other sources were also enormously useful in their further commentary on these issues and in the different perspectives that were brought to bear on such things as end-user security, the nature of unstructured attacks, and much more. What was apparent throughout all of the readings I encountered either as a direct part of my coursework or through my own research in finishing the exercises and research projects assigned was the co-influence and intricate connections that exist between the many different concerns and trajectories of network traffic, network security, and network monitoring. While many of the necessary theoretical and practical elements can be discussed and understood independently, it is ultimately through the cohesive and expansive accounting of all of these facets that true knowledge is attained and through which true progress can be made.
Different data types -- and different means of classification that serve entirely different purposes through their classification -- are important to recognize in the most basic practice of monitoring and assessing network traffic, which is of course a fundamental step in monitoring for security's sake. After this, it is through establishing baselines of activity and the monitoring of "normal" activity that allows for an identification of what would be considered "abnormal" and therefore potentially dangerous or malicious activity (Barth, 2008; Bjetlich, 2004). From here, the number of "primary" or otherwise necessary concepts when it comes to actually practicing network security monitoring only grows: one needs to have a grasp on issues of security for end-users, administrators, it servicers and more; different types of attacks and threats -- both planned and unplanned -- need to be understood and prepared for on an ongoing basis; and a multitude of other considerations must be taken into account in order to effectively monitor network activity and potential security threats (Ahmad & Habib, 2010; Furnel, 2008). The readings and exercises encountered in this course have helped to introduce and explore many of these different topics.
Potential Future Directions
One of the reasons this course was so attractive to me in the first place was the degree to which I expected the knowledge I would gain to be directly transferable to the workplace, and I was certainly not disappointed in this regard. It was easy to see -- impossible to miss, in fact -- how each of the mechanisms, relationships, and individual pieces of information acquired throughout the course would be directly applicable to the real-world practice of network security monitoring and the needs of network-dependent organizations. While taking the course did not directly change my plans to pursue a career in a field that requires or is at least related to network security knowledge, it did lead me to consider the singular role of a network security monitor as a viable career in and of itself, at least for a certain period. Ultimately, I think I would like something more varied as a life-long occupation, but including network security knowledge and network monitoring skills in my professional repertoire and experience is definitely something I would like to actively pursue. The substantial amount of information I gathered on network security monitoring through this course has definitely had an impact on my practical appraisal of this area.
Ahmad, N. & Habib, M. (2010). Analysis of Network Security Threats and Vulnerabilities by Development & Implementation of a Security Network Monitoring Solution. Blekinge Institute of Technology (thesis).
Barth, W. (2008). Nagios: System and Network Monitoring. San Francisco: Open Source Press.
Bejtlich, R. (2004). The Tao of Network Security Monitoring: Beyond Intrusion
Detection. New York: Pearson.
Furnell, S. (2008). End-user security culture: A lesson that will…