This paper attempts to introduce the reader to the Network Security Monitoring (NSM) model and the availability of robust open-source network security utilities to achieve a defensible network. To achieve a secure network, the analyst must fully implement all aspects of the Security Life Cycle. The Security Life Cycle is a process for maintaining an acceptable level of perceived risk of network security. Detection is one component of the process. Open source tools that can be used in the detection phase of the security life cycle include Sguil, MySQL, Snort, Barnyard, Tcpflow, Sancp, P0f, and Ethereal/Tethereal.

This document is in PDF format. To view it click here.