Network Traffic Monitoring And Analysis Essay

Protocol capture tools and protocol analyzers are important tools for an information systems security professional. These utilities can be used to troubleshoot issues on the network. They can verify adherence to corporate policies, such as whether or not clear text privacy data is being sent on the network. They can be used to test security countermeasures and firewall deployments and are needed to perform audits, security assessments, network baseline definitions, and identification of rogue IP devices.

An alternative free network analyzer (Packet Sniffer) application available is Capsa it allows you to monitor network traffic, troubleshoot network issues and analyze packets. Teachers and students of network classes use it to demonstrate network

3. Implement effective monitoring of networks through the use of electronic scanning in order to

I have also found out that sniffer can be used to track certain packets that were being sent and received when browsing on the Internet. For example, just searching up www.google.com packets are being linked to others when launched. The packets can be sent to ads, weblinks, or that specific site. This also provided me some personal knowledge about how people can track you based on IP when you ping to another destination. I found the hands-on activity very eye opening to the user using the program. It shows a lot behind the scene of what happens when you search for a simple website link nvcc.edu or google.com. I also found that people who work with networking could also benefit off of using a sniffer. They can determine how the traffic between the connection to another website/user. For instance, if multiple people demanded to search for one certain link and it ends up crashing the site. A network analyzer can see how many packets were received and requested within that period. The network analyzers could determine a solution based on the data provided from the program and help slower the traffic to prevent future crashes or failure to connect within the

OpenAudit application will alert to what traffic is on the network, how the network is setup and identification of how changes are effected.

tools will help to detect intrusions and other suspicious activities on the network. The third challenge is to improve the

For the purpose of this assignment snort will be used as intrusion detections systems which is an open source IDS, snort has the ability to monitor traffics in real time and packet locking its also inspecting each packets as they enters into the network, Snort can be used as packet sniffer to analyse the network traffic in order to detect any bizarre looking packets or payloads which might have malicious data in it. Snort can also detect payloads attacks against the network or host system including but not limited to stealth port scan, and buffer overflows.

Monitored the network congestion in order to achieve the optimal performance out of a network infrastructure.

The National Institute of Standards and Technology (NIST) defines Information Security Continuous Monitoring as “maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions” (Dempsey, et al., 2011). NIST advocates for continuous monitoring of information security systems, by the process of defining the program, establishing it, implementing the program, analyzing and reporting findings, responding to the findings, and reviewing and updating the program. Additionally, they believe that in order to be more cost effective, and to improve efficiency and reliability of the monitoring program, automation would be the way to go. By making use of the latest trends in technology such as machine learning and data mining, algorithms can be developed to detect patterns, which would ordinarily be missed by the human eye. This is especially true of voluminous data where it is time consuming and just plain difficult for personnel to sift through. Such implementations leaves the security professionals with time to tackle the issues which would require human involvement (Dempsey, et al., 2011). One example of an automated monitoring system is a firewall. The job of a firewall is to monitor and regulate the network traffic coming into and out of a system, which could be as small as a single home computer connected to the internet, to several thousands of devices in an organization the size of Amazon or

Proactive System Security and Networking Monitoring ensures your office network infrastructure provides your firm and employees the most reliable continuity of your business activities, reducing the amount of downtime and lost revenue each year.

Despite its impact ping sweeps and port scans are best understood as a huge security threat on today's company's network system.

The National Highway Traffic Safety Administration (NHTSA) defines aggressive driving as "the operation of a motor vehicle in a manner that endangers or is likely to endanger persons or property"—a traffic and not a criminal offense like road rage. Examples include speeding or driving too fast for conditions, improper lane changing, tailgating and improper passing. Approximately 6,800,000 crashes occur in the United States each year; a substantial number are estimated to be caused by aggressive driving. 1997 statistics compiled by NHTSA and the American Automobile Association show that almost 13,000 people have been injured or killed since 1990 in crashes caused by aggressive driving. According to a NHTSA survey, more than 60 percent of

The goal of intrusion detection is to monitor network assets, detect anomalous behavior, and identify misuse within a network (Ashoor, Gore, 2011). An intrusion detection system (IDS) is a device or software application that monitors network system activities for malicious activity or policy violations and produces reports to a management station (Kashyap, Agrawal, Pandey, Keshri, 2013), additionally there are three types of IDS:

Network security has changed significantly over the past years. There is more and more data to monitor and analyze in order to detect the activity of your data and systems. Securing a network has many variables. Password authentication, network access, patches, anti-virus protection, intrusion detection, firewall and network monitoring tools are just a few of the things you can do to protect yourself.

In an e-commerce world, organizations are susceptible to hackers and intruders. Thus creating the information technology protection systems which is used to reduce the possibility of intrusions from occurring. Intrusions occur by uninvited outsiders (sometimes intruders can be internal users like employees) who try to access an organization’s information system using the internet with the intent to gain competitive advantage of some sort. Organizations depend on security technology to avoid loss from security breach, as well as to improve their efficiency and effectiveness. However, firewalls are also vulnerable to errors, and implementing a security technology comes with challenges and critical decisions that can possibly cause a financial burden on the organization if done without seriousness and commitment. “Information security is about managing risk, and managing risk is about discovering and measuring threats to information assets; and taking actions to respond to those threats” (Al-Awadi, & Renaud, 2007, p.3). This paper will discuss a few aspects that are involved with firewalls and intrusion detection systems.