|
|
|
|
|
|
| ISP Resources |
| ISP-Lists ISP Glossary ISP News The List ISPCON Events Free Newsletters |
|
|
|
||
| internet.commerce | ||
|
Partner With Us |
Security Tools for the Budget Conscious ISP, Part III: Network Forensics Tools and Conclusion
VP Core Competence, Inc. [February 6, 2004] |
 |
Network Forensics Tools
Investigating a network-based attack is much easier if you have a recorded "image"
of traffic sent both before and during the attack. Network forensics tools accomplish
this by continuously capturing passing traffic, either saving all packets onto
massive storage devices or processing packets to store more compact traffic
summaries.
These tools do more than capture and archive traffic—they also assist with forensics analysis by replaying traffic, visualizing flows, isolating suspicious activity, and identifying the point of entry and compromised targets. Forensics analyzers can help you evaluate potential fixes: if you add a firewall filter or IDS signature, would the attack have been successful?
To illustrate, here is a non-exhaustive list of commercial network forensics products:
- Computer Associates eTrust Network Forensics
- Forensics Explorers NetWitness
- NAI InfiniStream Forensics Security
- NIKSUN NetVCR
- Sandstorm NetIntercept
If you can't afford one of these, you can roll your own network forensics platform.
Start with an open source packet capture tool like tcpdump on a hardened system with plenty of storage for near-term buffering and long-term archival.
Then use capture filters like ngrep, protocol analyzers like Ethereal, and network IDS tools like Snort to replay and examine stored packets after an attack.
For insight into network processing and storage requirements associated with rolling your own network forensics platform, read Simson Garfinkel's "Network Forensics: Tapping the Internet."
Conclusion
In this article, we've identified many commercial and open source tools that
can be used to monitor, analyze, and investigate security-related events detected
inside your network and on your servers.
Even so, we've barely scratched the surface of what's available out there. With a little digging, you'll find many other helpful security tools on the websites referenced in this series.
So get started building (or extending) your own security toolbox. Gathering these tools and getting familiar with them under friendly conditions is an essential step in defending your network and servers.
.
|
Security
Tools for the Budget Conscious ISP, Part III:
Network Forensics Tools and Conclusion |
—End
| Related articles: | |||
| [Jan. 27, 2003] | Know Your Enemy | ||
| [Dec. 24, 2001] | White
Paper: Intrusion Detection: Reducing Network Security Risk |
||
| [Sept. 14, 2001] | Simple Assumptions Provide False Security | ||
Also in this series: |
|||
| [Jan. 3-, 2004] | Security
Tools for the Budget Conscious ISP, Part II: Vulnerability Assessment and Audit |
||
| [Jan. 23, 2004] | Security Tools for the Budget Conscious ISP | ||
|
|
| Best of ISP-Planet | ||
|---|---|---|
|
ISP-Planet
Guide
ISP-Planet's Principal Studies Directories:
Q2 2008 Top U.S. ISPs by Subscriber (Updated 08/29/2008)
ISP-Planet's Blogroll | ||
ISP-Planet's
RSS feed
Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers