22 posts categorized "Intrusion Detection" Feed

LMTV Live | Modern Attack Vectors – A Compounded Headache (with Andrew Vladimirov)

EVENT START TIME: 9:30 AM PST - Wednesday, September 5th, 2018

This week we will be talking with Andrew Vladimirov of Arhont Information Security, about the new tricks hackers are using to get their hands on your data and do other nasty things.

Before you implement counter information security measures, do you know what you are protecting against? Do you understand the actual risks your business faces and the attacker strategies that are used?

Determined and skilled hackers employ a combination of social engineering and technical (client/server/application/database/all 7 OSI layers network) attack means which interchange subject to how events unfold and where the next available gap can be found. Until you fully understand how an attacker approaches work in combination of these methods and how these create compounded risks, you will continue building virtual Maginot lines and gasping at being outflanked yet another time. 

In this LMTV session we will discuss the how hackers combining social engineering and technical attacks, make the most devastating and difficult to protect against today.  We will suggest ways you should start planning against these.

LMTV LIVE | Visibility Architectures - Best Practices for Network Monitoring (with Keith Bromley and Recep Ozdag of IXIA)

YouTube Live Event starts at 9:30AM PST, Wednesday, March 22, 2017

Yx_X0tC2This week we will be speaking with Keith Bromley and Recep Ozdag, Senior Manager of Solutions Marketing and VP of Product Management of IXIA, respectively.

Network visibility is an often overlooked but critically important activity for IT. Visibility is what enables you to quickly isolate security threats and resolve performance issues; ultimately ensuring the best possible end-user experience. A proper visibility architecture addresses the strategic end-to-end monitoring goals of the network, whether they are physical, virtual, out-of-band, or inline security visibility.

Join us for the first of several discussions to learn what a visibility architecture is and how it can help you optimize network data capture and analysis.

Continue reading "LMTV LIVE | Visibility Architectures - Best Practices for Network Monitoring (with Keith Bromley and Recep Ozdag of IXIA) " »

LMTV LIVE | Best Practices for Network Tapping (with Keith Bromley of IXIA)

YouTube Live Event starts at 9:30AM PST, Wednesday, February 22, 2017

Yx_X0tC2This week we will be speaking with Keith Bromley, Senior Manager of Solutions Marketing of IXIA.

We promise to do our very best to avoid the usual Taps vs SPAN discussion in this live event. But what we will discuss is the following.

  • Taps are part of a well-planned visibility architecture.
  • Taps should be as easy as set and forget.
  • Taps are placed inline in the network but they are passive and only make a copy of the data, i.e. they don’t divert the main traffic flow.
  • Bypass switches are similar to taps but different from taps as they actually divert the data but also provide fail-over mechanisms for network survivability.
  • A virtual tap is a software version of the standard tap except that this can be loaded onto virtualized servers to capture east-west data in the virtual data center.
  • Some best practices for tap placement
    • Use taps where you can to ensure that you get the best data possible as fast as possible
    • Tap your network ingress and egress points
    • Tap any known choke points

Please join us.

Click to read other LMTV posts by contributors of LoveMyTool »

A Closer Look at UDP Sessions (by Dr. Jin Qian)

A Closer Look at UDP (User Datagram Protocol) Sessions

For many network and security professionals, analyzing network packets for trouble-shooting and security investigation is a daily routine.  One of the most common actions in the analysis is to “follow” a TCP session: display all the packets belonging to a TCP session.

It's well known that a TCP session consists of all the TCP packets that have the same tuple:  from a client IP and port  to a server IP and port or, conversely, from a server IP and port to a client IP and port.   For a UDP session, many professionals will likely think that the same principle will work for UDP, just as in the case of TCP, but unfortunately, that is not the case.  A UDP session is only defined by the client IP and port.  As a result, packets from the same UDP session can be to/from different server IP and port pairs.

 Super graphic and discussion from https://elguber.wordpress.com/

Some readers may wonder why this communication method for UDP sessions is the way it is. The answer lies in the network programming: when an application needs to communicate using UDP, it will bind to a local IP and port. After the binding, this socket can send to and receive from any server and port pair. In other words, all the packets from/to the local IP and port will be relevant to the same UDP-based application.

With this understanding, let's look at two network scenarios.


Continue reading "A Closer Look at UDP Sessions (by Dr. Jin Qian)" »

Optimizing Network Security with Packet Intelligence (by Tom Rowley)

Optimizing Network Security with Packet Intelligence !

Enterprise security teams devote an incredible amount of resources to monitoring and defending their networks. Everyone knows there are professional grade tools that can monitor networks 24x7 providing detailed information about usage as well as enabling the in-depth examination of captured traffic once an Intrusion Detection System (IDS) has identified an activity that needs to be investigated.

Given the amount of success that attackers are having in penetrating network defenses and the deluge of alerts and alarms network teams deal with from IDS on a daily basis, enterprises are in need of better tools and training to go beyond the typical prevention, detection and response security protocols to effectively deal with incident response.

In today’s world, intelligent packet capture is the answer. Most modern forensic investigation solutions (FI) enable network security teams to capture and save a historical record of network activities that occur from the moment an attack is detected. But, one common weakness in existing forensic investigation solutions is that they don’t provide critical packet-level data from the period of time immediately BEFORE attacks are detected.

Is your network locked or not

Consider this example:

Continue reading "Optimizing Network Security with Packet Intelligence (by Tom Rowley)" »