29 posts categorized "Intrusion Detection" Feed

LMTV LIVE | Visibility Architectures - Best Practices for Network Monitoring (with Keith Bromley and Recep Ozdag of IXIA)

YouTube Live Event starts at 9:30AM PST, Wednesday, March 22, 2017

Yx_X0tC2This week we will be speaking with Keith Bromley and Recep Ozdag, Senior Manager of Solutions Marketing and VP of Product Management of IXIA, respectively.

Network visibility is an often overlooked but critically important activity for IT. Visibility is what enables you to quickly isolate security threats and resolve performance issues; ultimately ensuring the best possible end-user experience. A proper visibility architecture addresses the strategic end-to-end monitoring goals of the network, whether they are physical, virtual, out-of-band, or inline security visibility.

Join us for the first of several discussions to learn what a visibility architecture is and how it can help you optimize network data capture and analysis.

Continue reading "LMTV LIVE | Visibility Architectures - Best Practices for Network Monitoring (with Keith Bromley and Recep Ozdag of IXIA) " »

LMTV LIVE | Best Practices for Network Tapping (with Keith Bromley of IXIA)

YouTube Live Event starts at 9:30AM PST, Wednesday, February 22, 2017

Yx_X0tC2This week we will be speaking with Keith Bromley, Senior Manager of Solutions Marketing of IXIA.

We promise to do our very best to avoid the usual Taps vs SPAN discussion in this live event. But what we will discuss is the following.

  • Taps are part of a well-planned visibility architecture.
  • Taps should be as easy as set and forget.
  • Taps are placed inline in the network but they are passive and only make a copy of the data, i.e. they don’t divert the main traffic flow.
  • Bypass switches are similar to taps but different from taps as they actually divert the data but also provide fail-over mechanisms for network survivability.
  • A virtual tap is a software version of the standard tap except that this can be loaded onto virtualized servers to capture east-west data in the virtual data center.
  • Some best practices for tap placement
    • Use taps where you can to ensure that you get the best data possible as fast as possible
    • Tap your network ingress and egress points
    • Tap any known choke points

Please join us.

Click to read other LMTV posts by contributors of LoveMyTool »

A Closer Look at UDP Sessions (by Dr. Jin Qian)

A Closer Look at UDP (User Datagram Protocol) Sessions

For many network and security professionals, analyzing network packets for trouble-shooting and security investigation is a daily routine.  One of the most common actions in the analysis is to “follow” a TCP session: display all the packets belonging to a TCP session.

It's well known that a TCP session consists of all the TCP packets that have the same tuple:  from a client IP and port  to a server IP and port or, conversely, from a server IP and port to a client IP and port.   For a UDP session, many professionals will likely think that the same principle will work for UDP, just as in the case of TCP, but unfortunately, that is not the case.  A UDP session is only defined by the client IP and port.  As a result, packets from the same UDP session can be to/from different server IP and port pairs.

 Super graphic and discussion from https://elguber.wordpress.com/

Some readers may wonder why this communication method for UDP sessions is the way it is. The answer lies in the network programming: when an application needs to communicate using UDP, it will bind to a local IP and port. After the binding, this socket can send to and receive from any server and port pair. In other words, all the packets from/to the local IP and port will be relevant to the same UDP-based application.

With this understanding, let's look at two network scenarios.


Continue reading "A Closer Look at UDP Sessions (by Dr. Jin Qian)" »

Optimizing Network Security with Packet Intelligence (by Tom Rowley)

Optimizing Network Security with Packet Intelligence !

Enterprise security teams devote an incredible amount of resources to monitoring and defending their networks. Everyone knows there are professional grade tools that can monitor networks 24x7 providing detailed information about usage as well as enabling the in-depth examination of captured traffic once an Intrusion Detection System (IDS) has identified an activity that needs to be investigated.

Given the amount of success that attackers are having in penetrating network defenses and the deluge of alerts and alarms network teams deal with from IDS on a daily basis, enterprises are in need of better tools and training to go beyond the typical prevention, detection and response security protocols to effectively deal with incident response.

In today’s world, intelligent packet capture is the answer. Most modern forensic investigation solutions (FI) enable network security teams to capture and save a historical record of network activities that occur from the moment an attack is detected. But, one common weakness in existing forensic investigation solutions is that they don’t provide critical packet-level data from the period of time immediately BEFORE attacks are detected.

Is your network locked or not

Consider this example:

Continue reading "Optimizing Network Security with Packet Intelligence (by Tom Rowley)" »

LMTV HomeLAN Alerts | The Chinese are Coming (with the Oldcommguy)

Live Event Time - Wednesday, June 10, 2015 - 9:30 AM PST

LMTV HomeLAN BannerIt has been reported that the Chinese government has successfully hacked our Office of Personnel Management, stealing privacy information belonging to over four million Federal workers.

This is the same Communist-sponsored hacker group that was responsible for the recent attack of the Anthem Insurance company earlier this year, our nation's second largest insurance company, stealing similar privacy data belonging to 80 million Americans.

OldcommguyIt is further reported that the Chinese government's ultimate intent is to build a complete data base for every single one of our citizens. One can only imagine the evil intent for such overt intrusion.

Where is the outage?

Please join +Tim O'Neill and +Denny K Miu for a lively discussion this week, which unlike previous "LMTV HomeLAN Alerts" shows will be less about vendor netural technology and more about international geopolitics.

Sheeps be warned.

To help us build our community, please share this live event with your fellow professionals on LinkedIn. For more episodes of LMTV, please visit LoveMyTool.TV or LMTV Sharkfest.

LMTV Interview | John Brosnan of NetFort

NetForte170x200 Today we interviewed +John Brosnan, who co-founded NetFort in 2002 and is currently its CEO.

John has extensive security and networking experience having worked as a Principal Engineer for several years with Digital Equipment Corporation in Ireland, the UK and the US. He has worked on a number of high speed network interconnect projects in the past, specializing in low-level kernel programming.

John's company, NetFort, which is a new sponsor of LoveMyTool, specializes in network and user activity monitoring market and has built up an impressive portfolio of customers around the world.

For more episodes of LMTV, please visit LoveMyTool.TV.