My Photo
Subscribe to this blog's feed




Recent Comments

LMT Authors

Recent Posts

22 posts categorized "Intrusion Detection" Feed

March 07, 2013

Role of Packet Capture in Network Security (by Jim MacLeod)



While working on my yard this weekend, I started thinking about the tools that I was using. My favorite is probably the weed whacker. While it’s intended for up-close trimming, its design gives it a great deal of versatility. I can use it to trim, edge, weed, mow, or even dig small holes. However, I recognize that it’s not my only tool, and the best results with the least effort will come from using it in combination with other purpose-built devices. Using a weed whacker to mow the lawn is time consuming and requires more effort than pushing the lawn mower, especially since the weed whacker only covers a small area at once, and forces me to choose how deep to go.

Those of us who love packets tend to feel similarly about our packet capture. We know that professional grade tools can monitor networks 24x7, providing statistical information about protocol and node usage, as well as deep dives for captured traffic once we’ve identified what we need to analyze. However, other purpose built tools are better at certain things. Firewall logs show what traffic was forwarded or blocked. Intrusion Detection Systems (IDS) classify traffic based on patterns that have been seen in malicious activity. While we can gather the same information with packet capture, it takes more work to get to the point of finding what needs to be examined, and what can be ignored.


Continue reading "Role of Packet Capture in Network Security (by Jim MacLeod)" »

Posted in Deep Packet Inspection, Forensics & Deep Packet Capture, Intrusion Detection, WildPackets | | Comments (0) | TrackBack (0)

| |

November 06, 2012

What Makes Your Network Weak (By Jim MacLeod)



Your network is going to be attacked. Get used to that idea. At least one of those attacks will succeed, and there’s not a lot you can do to stop it. However, what you can do is delay the inevitable breach and attempt to control what the attacker will be able to do once he or she gets in, and you can proactively prepare your response.

If you don’t believe that you’re vulnerable, take a minute to scan your favorite news feed for security breaches. If you think you’re too big, look at the large examples out there like the White House, large banks, health care systems, and large corporations who presumably have the talent and resources to stop attackers in their tracks. If you think you’re too small to be a target, I recently heard of a friend – an expert in network forensics – whose computer got hijacked by a drive-by download on a web site. Fortunately, the PC was recoverable, but it required pulling the hard drive and mounting it on another PC to clean. Small sites are also attractive to attackers as pivot points to launch larger attacks and as storage points for illegal material, which leaves you as an inadvertent partner of the attack.


Continue reading "What Makes Your Network Weak (By Jim MacLeod)" »

Posted in Deep Packet Inspection, Forensics & Deep Packet Capture, Intrusion Detection, WildPackets | | Comments (0) | TrackBack (0)

| |

September 07, 2012

Enhancing Visibility into Next-Gen Firewalls (by Jim MacLeod)



Businesses increasingly run on data, and data runs on networks. One of the key roles of IT is to monitor those networks for both health and content. Now, with next generation firewalls (NGFW), network administrators can not only enforce security policy, but also monitor network transactions closely using deep packet inspection (DPI).

There’s just one question: given its complexity, can you trust your NGFW if you don’t understand what it’s doing?


What NGFWs Do, in Theory

The basic idea behind a NGFW is to insert L7-specific knowledge into the forwarding decisions of a firewall. For example, http isn’t exclusively found on port 80: there’s also 8000, 8080, etc. Conversely, not everything on port 80 is http: there’s also instant messaging, P2P, etc. Therefore, a rule which allows TCP port 80 will block some http, and allow some non-http. A NGFW validates that the L7 traffic is http, no matter what the L4 port is, so a NGFW rule to allow http should work better than a rule to allow port 80.


Continue reading "Enhancing Visibility into Next-Gen Firewalls (by Jim MacLeod)" »

Posted in Cloud Computing, Intrusion Detection, Switching & Routing | | Comments (1) | TrackBack (0)

| |

July 06, 2012

Security Threats Continued: Why They Are Targeting Your Business? (by Jim MacLeod)

Over the last few posts, I’ve dissected the major security threats that are happening on your network today. The first piece dissected the “Who,” mainly how do you classify these perpetrators based on a set characteristics that they share. The next post took a look at the “How” hackers enter your network and what you can do to help safeguard it. For the final piece of this series we will look at the “Why.”

Cyber Terrorism attack level

Where is your Attack Level?

While there are lots of sociological theories and studies on why people vandalize and steal, this post will focus the “Why” on the current most common motives that drive hackers to penetrate your network.

  1. 1.    “Lulz”
  2. 2.    Profit
  3. 3.    Ideology

Continue reading "Security Threats Continued: Why They Are Targeting Your Business? (by Jim MacLeod)" »

Posted in Intrusion Detection, Law Enforcement, Malware & Crimeware, WildPackets | | Comments (0) | TrackBack (0)

| |

June 08, 2012

Security Threats: The Who, the How, the Why (By Jim MacLeod)



As networks grow more complex, the process of securing and managing endpoints, applications and confidential information has become more challenging than ever before. Last year alone saw a dizzying array of security incidents and breaches, including Symantec, SONY, Fox News, and others. Security is becoming more and more essential to business operations, but traditional defenses aren't working to the degree that companies require. Meeting the new security service levels starts with understanding each type of threat to establish a unified security program.

While every attack is unique in its origin, execution, and range, defending against cyber attacks today can be abstracted down to three of the classic five W’s: Who, How/What and Why. The other two W’s, Where and When, are constant for network defense: your network, 24/7/365.

This blog post will introduce the elements of these categories, then present a deep dive on the Who category.


Continue reading "Security Threats: The Who, the How, the Why (By Jim MacLeod)" »

Posted in Deep Packet Inspection, Forensics & Deep Packet Capture, Intrusion Detection, WildPackets | | Comments (1) | TrackBack (0)

| |

June 01, 2012

Six Reasons to Enforce Your Organization’s Web Security (by Casper Manes)


Web-security


You know the Internet can be a dangerous place, full of threats to your systems and time sinks that users can spend hours in without even realizing it, but you may still be on the fence when it comes to whether or not you should do anything about it. Protecting your company and your users from the threats of unrestricted Internet access is a really easy thing to do, so if you are still trying to decide on this, here are six reasons why you should enforce your organization’s web security.

Technical issues

Technical issues usually come down to defending against malware. Whether the threats come from malware infected downloads, compromised websites serving infected media files, or phishing sites designed to steal your users’ credentials, you need to boost your organization’s web security.


Continue reading "Six Reasons to Enforce Your Organization’s Web Security (by Casper Manes)" »

Posted in Intrusion Detection, Malware & Crimeware | | Comments (2) | TrackBack (0)

| |

April 17, 2012

Keeping Your Business Safe From Network Security Threats (by Lisa-Ann Short)


Network_lock


In a world where more and more business is being done exclusively on the web, network security has never been more relevant or more important. The same goes for all industries – from those that help in designing changing rooms, to tech and web companies. If you run a business, or you're responsible for the network of one, there are a great many threats that you could potentially be faced with. Some you may already know about and have accounted for, others may be new to you. So with that in mind, let's take a look at a few of the most common network security threats that a small business may come across - and how you can best avoid them.

Spam emails and other malicious email

Let's start with the most common form of network security breach: spam emails and other malicious forms of mail. Because a business often has a great many email addresses active at any one time, there is plenty of opportunity for unscrupulous individuals to compromise network security. Many times all it takes to create a breach is for a member of staff to click on a link that they thought was genuine. This can lead to malware being downloaded to the individual's workstation, giving whoever is operating that malware access to your entire network. To avoid email issues, it's recommended to always have a spam filter active on your network. In fact, it's best to have one that's too sensitive than one that misses certain threats.


Continue reading "Keeping Your Business Safe From Network Security Threats (by Lisa-Ann Short)" »

Posted in Intrusion Detection, Malware & Crimeware | | Comments (0) | TrackBack (0)

| |

April 04, 2012

Cutting through the Clutter of Firewall Policy Management (by Nimmy Reichenberg)



Firewalls continue to be the first line of defense for organizations, acting like a virtual moat. However, managing firewall policies can be time-consuming and expensive, as changing business needs result in constantly changing firewall policies.

Firewall complexity and bloat directly goes against security best practices – the more complexity you have, the greater the risk of having security gaps and heavier administrative burden. Each new rule added to the policy is like another thread added to a ball of yarn, eventually creating a Gordian knot of management complexity.

Complex firewall configurations result in lengthy and costly audits, as well as increasing risk, as each rule presents an opportunity for manual error to create misconfiguration. Bloated rule sets make troubleshooting connectivity issues that much harder and take more time, while also draining firewall performance, as all packets must be checked against all rule sets, eventually slowing the network from overload.


Continue reading "Cutting through the Clutter of Firewall Policy Management (by Nimmy Reichenberg)" »

Posted in Intrusion Detection, Switching & Routing | | Comments (0) | TrackBack (0)

| |

December 07, 2011

Key Questions a Cyber Security Solution Must Answer (by Jay Botelho)



Do you feel prepared for a cyber-related attack? Although most IDS/IPS systems do a very good job with the “D” (detection) and “P” (prevention), hackers still make their way in. High profile cases are all over the news, and those are just the ones we hear about.

Once an intrusion does occur, IDS/IPS and other security solutions fail to provide network engineers with the details they need to determine the magnitude of the intrusion and assess the impacts, key steps in reassuring yourself, management, and customers that you know exactly what happened, what was compromised and how it will be prevented in the future. In addition to perimeter-based network security, like IDS/IPS and firewall solutions, network recorders with network forensics capabilities are required. Without them, you are potentially exposing your network, and your company’s reputation, to a great deal of damage.


Continue reading "Key Questions a Cyber Security Solution Must Answer (by Jay Botelho)" »

Posted in Intrusion Detection, Law Enforcement, Switching & Routing, WildPackets | | Comments (0) | TrackBack (0)

| |

November 29, 2011

5 Ways to Improve Web Security (by Emmanuel Carabott)



Web security is a vast subject spanning many different levels. Most people start implementing web security using the basic tools, such as a firewall, installing antivirus on the internet gateway or possibly a solution to manage patches on the internet gateway server. This is all well and good, but is it enough? 

Can our web security be improved further? The answer to such a question is yes; it most certainly can be further improved. There are several things that an administrator can do to improve the organization’s web security, so let’s go through the five most important ways in which this can be done.

1. User access control

Malware can infiltrate your organization via the internet in one of two ways. You can either be hit by an automated worm that autonomously searches the internet for victims, or one of your users accesses an infected site thus infecting his machine and possibly spread to other machine or across the whole network. Controlling access rights can greatly reduce the risk of one of your users visiting an infected site thereby starting this undesired chain of events.



Continue reading "5 Ways to Improve Web Security (by Emmanuel Carabott)" »

Posted in Intrusion Detection, Malware & Crimeware, Switching & Routing | | Comments (0) | TrackBack (0)

| |

Next »

LMT Advertisers


LMT Sponsors

News From LMT Sponsors

  • Endace

  • Datacom

  • NetScout

  • WildPackets

  • Sharkfest

  • Anue Systems

  • National Instruments

  • Riverbed

  • Net Optics
  • Garland