Imagine going to battle without an understanding of the terrain, roads, buildings, weather, or even your own fighting force’s tactics and capabilities. This is the situation faced by many information security professionals when they initially attempt to monitor their network environment. Knowing your network is akin to understanding your military capabilities, strengths, and weaknesses when preparing for an enemy attack. In information security, the enemy will change tactics continually, but you have a “home field advantage” because the battleground is your network. History proves that blindly charging into or defending the unknown will almost certainly end in defeat.

One of the best ways to express this concept comes from Richard Bejtlich, information security professional and author of The Tao of Network Security Monitoring. In a January 2007 post on his blog,^[13] Bejtlich describes the “Self-Defeating Network” as having the following characteristics:

Although you may not have control of or influence over these characteristics, you must make every effort to Know Your Network! Doing so will help you succeed in most of your security-related endeavors. In this chapter, we will explore two primary methods of learning about a network: network taxonomy and network telemetry.