Author Profile - Dennis Carpio has more than 15 years experience in the networking industry, including 12 years with Net Optics. In his current role as Director of Product Innovation, Dennis works directly with key customers and partners on education about passive network access for secure monitoring solutions as well as identifying future technical advances.
Net Optics is the global leader in building monitoring access devices for use with security and network management tools across the entire network. Their family of taps and monitoring filter devices enables companies to easily deploy the latest intrusion detection and prevention systems, protocol analyzers, forensics appliances and network probes before a threat or network issue arises.
One thing is for certain, and that is cyber warfare is unfortunately no longer found only in speculative fiction; it is with us today. Distributed denial-of-service (DDoS) attacks have been launched against the United States, South Korea, Kyrgyzstan, Estonia and Georgia in recent years, and military and government computer systems around the world are assaulted by intruders daily.
Some attacks come from nation-states, but others are perpetrated by transnational and unaligned rogue groups. Those bent on inflicting harm on nations and citizens not only use networks as an attack vector, but also for organizing, recruiting, and publicizing their beliefs and activities.
On the other side of the fence are the good guys, the members of the cyber intelligence community who aim to understand and track the bad guys, and ultimately stymie their plans. Due to the pervasive use of networks by radical and criminal organizations in the modern world, a great deal can be learned about terrorists by examining their use of the World Wide Web, and how the Internet is used as a vector to attack both public and private systems.
This field of study is called “terrorism informatics,” which is defined as “the application of advanced methodologies and information fusion and analysis techniques to acquire, integrate, process, analyze, and manage the diversity of terrorism-related information for national/international and homeland security-related applications” (Hsinchun Chen et al, eds., Terrorism Informatics. New York: Springer, 2008, p. xv).
Terrorism informatics analyzes information from data-at-rest sources such as blogs, social media, and databases. For other types of analyses, it is necessary to examine data in motion as it travels on a network. Access to data-in-motion is often obtained through lawful intercept activities using Span ports in switches. Unfortunately, there are significant limitations to this monitoring strategy, which I’ve outlined in a more detailed paper below.
Enjoy the read.