DefensiveDepthLeave a Comment on Book Review Posted: “Network Flow Analysis”

Book Review Posted: “Network Flow Analysis”

Amazon as just posted my 5 star review of Network Flow Analysis

This is the second book of Lucas’s that I have read.  I read Absolute FreeBSD, and thoroughly enjoyed it–So I went into this book with high expectations.  Overall, I feel like this is a solid read for those network administrators that want to go deeper, and have the time to go deeper into network flow analyses.

NFA is a very technical book, which can make for a very boring read, but like Absolute FreeBSD, Lucas is able to maintain a light, interesting tone, even while discussing the configuration of gnuplot. (!)

From a technical perspective, NFA is very useful for getting your (open source) network flow analysis system up and going–But be aware that it will take time, especially if you want the flexibility of what FlowTracker/FlowGrapher can offer, versus the less flexible, but easier to use/learn CUFlow.

Lucas gives great practical examples of using flows to monitor & troubleshoot issues on your network.  The examples are sprinkled through the book, and then a few case studies take up the last 7 pages of the book.

I found it interesting that the back cover claimed that you will learn how to:

-Identify network, server, router, and firewall problems before they become critical

-Find defective and mis-configured software

-Quickly find virus-spewing machines, even if they are on a different continent

These scenarios were covered, but in appallingly anemic sections–For instance, the “Quickly find virus-spewing machines, even if they are on a different continent” scenario was covered on 1 page. (186-187)

I guess I was thinking that since the above scenarios was a fairly large point in the description of the book, that they would be covered in a bit more detail.

One more nitpick:  Lucas describes Conficker as both a Virus and a Worm–It is most definitely a worm, not a virus–There is a difference…

The above nitpicks are not enough to diminish the 5 star rating I am giving NFA: I found it to be a great addition to my reference bookshelf, and I’m sure it will be creased and dogeared as I attempt to implement my own NetFlow analysis system this next year.

-Josh Brower

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

search previous next tag category expand menu location phone mail time cart zoom edit close