Info Security Lab 4

625 Words Feb 16th, 2015 3 Pages
1. Both Wireshark and NetWitness Investigator can be used for packet capture and analysis. Which tool is preferred for each task, and why?
While both Wireshark and NetWitness Investigator can be used to capture network traffic, the freeware version of NetWitness Investigator has a limitation of 1G of protocol capture per session. Wireshark does not have a limitation on the size of the capture file, which makes it better suited to protocol capture. Wireshark can be used to analyze capture files, but NetWitness Investigator is a seven-layer protocol analyzer that provides detailed protocol analysis and protocol behavior analysis and is much more user-friendly in terms of understanding protocol behavior and protocol analysis.
2. What is the
…show more content…
It is an important network traffic baseline-definition.
6. Why is it important to use protocol capture tools and protocol analyzers as an information systems security professional?
Protocol capture tools and protocol analyzers are important tools for an information systems security professional. These utilities can be used to troubleshoot issues on the network. They can verify adherence to corporate policies, such as whether or not clear text privacy data is being sent on the network. They can be used to test security countermeasures and firewall deployments and are needed to perform audits, security assessments, network baseline definitions, and identification of rogue IP devices.
7. What are some challenges to baseline analysis?
Challenges to baseline analysis include simplifying the data for better analysis, dealing with large-size packet capture files, and working with multiple tools to gain an accurate perspective on the network. It is important to know that base lining is not a one-time task, but a regular part of network monitoring.
8. Why would an information systems security practitioner want to see network traffic on both internal and external network traffic?
Despite the presence of network security devices such as firewalls and other security appliances, today's corporate networks are still vulnerable to both internal and external attacks by hackers intent on creating havoc. By proactively…

More about Info Security Lab 4