Imagine going to battle without an understanding of the terrain, roads, buildings,
weather, or even your own fighting force’s tactics and capabilities. This is the situation
faced by many information security professionals when they initially attempt to monitor
their network environment. Knowing your network is akin to understanding your
military capabilities, strengths, and weaknesses when preparing for an enemy attack.
In information security, the enemy will change tactics continually, but you have a
“home field advantage” because the battleground is your network. History proves that
blindly charging into or defending the unknown will almost certainly end in defeat.
One of the best ways to express this concept comes from Richard Bejtlich, information
security professional and author of The Tao of Network Security Monitoring. In a January
2007 post on his blog,* Bejtlich describes the “Self-Defeating Network” as having
the following characteristics:
• Unknown
• Unmonitored
• Uncontrolled
• Unmanned
• Trusted
Although you may not have control of or influence over these characteristics, you must
make every effort to Know Your Network! Doing so will help you succeed in most of
your security-related endeavors. In this chapter, we will explore two primary methods
of learning about a network: network taxonomy and network telemetry.
weather, or even your own fighting force’s tactics and capabilities. This is the situation
faced by many information security professionals when they initially attempt to monitor
their network environment. Knowing your network is akin to understanding your
military capabilities, strengths, and weaknesses when preparing for an enemy attack.
In information security, the enemy will change tactics continually, but you have a
“home field advantage” because the battleground is your network. History proves that
blindly charging into or defending the unknown will almost certainly end in defeat.
One of the best ways to express this concept comes from Richard Bejtlich, information
security professional and author of The Tao of Network Security Monitoring. In a January
2007 post on his blog,* Bejtlich describes the “Self-Defeating Network” as having
the following characteristics:
• Unknown
• Unmonitored
• Uncontrolled
• Unmanned
• Trusted
Although you may not have control of or influence over these characteristics, you must
make every effort to Know Your Network! Doing so will help you succeed in most of
your security-related endeavors. In this chapter, we will explore two primary methods
of learning about a network: network taxonomy and network telemetry.