Security Management Strategies for the CIOEmail Alerts
-
Introduction to IDS IPS: Network intrusion detection system basics
This one-page guide, which is a part of the SearchSecurity.com IDS/IPS Security Guide, acts as an introduction to both IDS and network intrusion prevention system (IPS) technology. Here, security professionals will learn how to determine which IDS/IP... guide
-
Security School: Security event log analysis
Learn valuable techniques for sifting through logs to find legitimate security events you need to analyze and respond to before they negatively affect your organization’s bottom line. AIOG
-
Quiz: How DAM can help detect and trace attacks
Take this five-question quiz to reinforce your knowledge of how DAM can help enterprises gain new visibility into their databases to help detect and trace potential attacks. Quiz
-
Chained Exploits: How to prevent phishing attacks from corporate spies
Ever wonder if someone is monitoring everywhere you go on the Internet? In this chapter excerpt from Chained Exploits: Advanced Hacking Attacks from Start to Finish, learn how to keep corporate spies at bay. Book Chapter
-
Nessus 3 Tutorial: How to use Nessus to identify network vulnerabilities
Learn how to use Nessus, an inexpensive vulnerability scanner, with our Nessus Tutorial Guide. It not only examines the benefits of this free open source tool, but also walks you through the processes of using it in the enterprise, from installation ... SearchSecurity Technical
-
Managing traffic: Keeping your content where it belongs
In this Messaging Security School lesson, messaging expert Mike Rothman will outline today's top concerns regarding outbound content security, detail product options on the market today and offer advice in terms of establishing sound business process... Messaging Security School
-
Maintaining and Monitoring Countermeasures -- Part II
Book Chapter
-
Maintaining and Monitoring Countermeasures, Part I
Book Chapter
-
Lesson 2 Quiz, Answer No. 1
Lesson 2 Quiz, Answer No. 1 Security School
-
Snort Intrusion Detection and Prevention Guide
Answers to frequently asked questions related to the open source Snort intrusion detection and prevention system. SearchSecurity Technical
- See More: Essential Knowledge on Monitoring Network Traffic and Network Forensics
-
Shared philosophy aids FBI agent’s move to security startup CrowdStrike
Attackers are already in the network, so if companies aren’t monitoring activity, they’re not doing enough, said Shawn Henry of CrowdStrike. News | 23 Apr 2012
-
Marty Roesch pushes collective analysis, underscores cyberthreat intelligence
Sourcefire CTO Marty Roesch introduced cloud-based analysis for threat intelligence gathering. Network security monitoring platforms like RSA NetWitness may be headed in a similar direction. News | 08 Feb 2012
-
Next generation SIEM could boost network visibility, but platforms must scale, experts say
Can security information and event management systems be the foundation for comprehensive IT data analytics? Powerful correlation engines and sharper analytical capabilities are forthcoming, analysts say. News | 01 Nov 2011
-
EMC to acquire NetWitness in wake of RSA cyberattack
EMC said NetWitness will become a core element of RSA's security management products. Article | 04 Apr 2011
-
NetWitness' CSO on targeted malware, Spectrum malware analysis tool
Eddie Schwartz, CSO of network analysis firm NetWitness, talks about targeted malware in the wake of Stuxnet and the company's new Spectrum malware analysis platform. Article | 31 Jan 2011
-
Security expert calls for overhaul of traditional networks
A new "Zero Trust" security model could help prevent insider attacks and eliminate trustless external networks. News | 04 Oct 2010
-
Deep packet inspection software at root of Red Lambda network security
Systems used to protect universities from litigation by weeding out and documenting peer-to-peer file sharing use are now being aimed at the enterprise. Article | 22 Jul 2010
-
Network forensics tools increasingly aid security response teams
As malware continues to evade signature-based antivirus and intrusion prevention systems some organizations are turning to network capturing and analysis tools to detect anomalies and respond to security threats as they happen. One such vendor, Hernd... Interview | 02 Jun 2010
-
For enterprise firewalls, performance outweighs security functionality
Some network administrators fear too many security features can cause bottlenecks, slowing the network or worse, shutting it down altogether. Article | 04 May 2010
-
Private sector can take lessons from federal network security projects
Ongoing network security initiatives at the federal level, including the Trusted Internet Connections program and the Einstein project are helping provide a roadmap for the private sector, according to a network security expert. Michael Markulec, chi... Interview | 27 Apr 2010
- See More: News on Monitoring Network Traffic and Network Forensics
-
Hardening the network against targeted APT attacks
Mike Chapple offers best practices to defend your network against the latest threat to the security landscape, targeted APT attacks. Tip
-
DNS attack prevention: Inside DNS components vulnerable to attack
DNS attack prevention demands an understanding of the four core DNS components attackers often target. Expert Char Sample explains. Tip
-
Types of DNS attacks reveal DNS defense tactics
A thorough understanding of the types of DNS attacks, including DoS, reflector attacks and DNS cache poisoning, reveal key DNS defense tactics. Tip
-
NMAP NSE tutorial: Network asset and vulnerability identification
In this screencast, expert Mike McLaughlin offers an NMAP NSE tutorial for enterprise network asset and vulnerability identification. Tip
-
How antivirus software works: Virus detection techniques
Antivirus software uses several different virus detection techniques, as described in this tip by expert Lenny Zeltser. Tip
-
Enterprise network forensic analysis: Reconstructing a breach
In the aftermath of a breach, what are the first steps security pros should take? Learn how to get started with enterprise network forensic analysis. Tip
-
How to use the free eEye Retina scanner community edition
In this screencast, learn how to use the free community edition of the eEye Retina scanner. Tip
-
Database monitoring best practices: Using DAM tools
To effectively use DAM tools, admins must prioritize which transactions are important, learn how to collect events, and write and implement database security policies. Tip
-
Netcat tutorial: How to use the free Netcat command-line tool
Helpful for penetration testers and network admins who need to debug infected systems, the netcat command-line tool boasts many free features for enterprise use. Tip
-
Enterprise antivirus protection: Is signature AV worth the money?
There's little doubt that signature-based enterprise antivirus protection is dying, but what technologies should enterprises consider to replace it? Expert Nick Lewis weighs in. Tip
- See More: Tips on Monitoring Network Traffic and Network Forensics
-
Can a malware 'pressure chamber' provide effective malware containment?
Infosec threats expert Nick Lewis discusses the viability of an antimalware "pressure chamber: to help bolster enterprise malware containment. Answer
-
Print-management software security starts with a private IP address
Print-management software shouldn’t provide a great risk to a company provided it uses a private IP address, says expert Mike Chapple. Answer
-
Network topology mapping: How to automate network documentation
Network topology mapping to boost security can be time-consuming. Learn how to automate network documentation with network management tools. Answer
-
What are the best tools for enterprise Windows security logs analysis?
Expert Mike Cobb provides some of the best Windows security log tools available for the enterprise. Answer
-
Firewall network security: Thwarting sophisticated attacks
Firewall network security is still a critical part of securing an enterprise. Learn what sophisticated attacks a firewall can effectively prevent. Answer
-
Detecting mobile devices on a wireless guest network
The approach to detecting mobile devices on wireless guest networks is not the same as managing mobile devices on corporate networks. Our expert explains. Answer
-
How to monitor network traffic: Appliance placement and choke points
Monitoring network traffic is crucial, but where's the best place to put network monitoring tools? Expert Anand Sastry gives advice. Ask the Expert
-
How to block port scan attempts on a public wireless network
Network security expert Anand Sastry explains how to block port scan attempts on a public wireless network at the host level. Ask the Expert
-
Detecting kernel intrusion attacks through network monitoring
Learn how to detect kernel intrusion attacks by monitoring your network closely and thoroughly. Ask the Expert
-
How to decode a cipher: Identifying a cryptographic hash algorithm
While it is possible to identify a cryptographic algorithm by way of cipher bit sequences, it can be difficult, and is sometimes illegal. IAM expert Randall Gamby gives advice and a warning. Ask the Expert
- See More: Expert Advice on Monitoring Network Traffic and Network Forensics
-
network behavior analysis (NBA)
Network behavior analysis (NBA) is a method of enhancing the security of a proprietary network by monitoring traffic and noting unusual actions or departures from normal operation... (Continued) Definition
-
snoop server
A snoop server is a server that uses a packet sniffer program to capture network traffic for analysis. Definition
-
promiscuous mode
In a network, promiscuous mode allows a network device to intercept and read each network packet that arrives in its entirety. This mode of operation is sometimes given to a network snoop server that captures and saves all packets for analysis (for e... Definition
-
footprinting
In the study of DNA, footprinting is the method used to identify the nucleic acid sequence that binds with proteins. Definition
-
computer forensics (cyberforensics)
Computer forensics, also called cyberforensics, is the application of computer investigation and analysis techniques to gather evidence suitable for presentation in a court of law. Definition
-
network forensics
Network forensics is the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents. Definition
-
information signature
To fight terrorism, the Information Awareness Office (IAO) of the U.S. Defense Advanced Research Projects Agency (DARPA) is planning to develop a system that uses a super database of recorded online transactions and analytical programming that will i... Definition
-
inverse mapping
Inverse mapping is a procedure used to create associations between real or virtual objects that involves some type of reversal of another process or concept. Definition
-
bridge
In telecommunication networks, a bridge is a product that connects a local area network (LAN) to another local area network that uses the same protocol (for example, Ethernet or token ring). Definition
-
probe
In telecommunications generally, a probe is an action taken or an object used for the purpose of learning something about the state of the network. Definition
-
DNSSEC deployments: The top 5 concerns and how to avoid them
A DNSSEC deployment is possibly the best mitigation for cache poisoning attacks. Learn how to avoid the top five concerns in DNSSEC deployments. Podcast
-
File integrity monitoring software benefits for the enterprise
In this video, Spryo Malaspinas offers a primer on file integrity software basics and file integrity monitoring software benefits for enterprises. Video
-
Dan Guido on teaching penetration testing courses; intrusion analysis
The iSec Partners consultant talks about his penetration testing courses at NYU, his research on intrusion analysis and rethinking intrusion defense. Video
-
PCI compliance requirement 10: Auditing
Diana Kelley and Ed Moyle of Security Curve review PCI compliance requirement 10: "Track and monitor all access to network resources and cardholder data." Video
-
How to use Nmap to scan a network
Peter Giannoulis takes a look at everybody's favorite, freely available port scanner and OS identifier: Nmap. Video
-
Hardening the network against targeted APT attacks
Mike Chapple offers best practices to defend your network against the latest threat to the security landscape, targeted APT attacks. Tip
-
Introduction to IDS IPS: Network intrusion detection system basics
This one-page guide, which is a part of the SearchSecurity.com IDS/IPS Security Guide, acts as an introduction to both IDS and network intrusion prevention system (IPS) technology. Here, security professionals will learn how to determine which IDS/IP... guide
-
Can a malware 'pressure chamber' provide effective malware containment?
Infosec threats expert Nick Lewis discusses the viability of an antimalware "pressure chamber: to help bolster enterprise malware containment. Answer
-
Print-management software security starts with a private IP address
Print-management software shouldn’t provide a great risk to a company provided it uses a private IP address, says expert Mike Chapple. Answer
-
DNSSEC deployments: The top 5 concerns and how to avoid them
A DNSSEC deployment is possibly the best mitigation for cache poisoning attacks. Learn how to avoid the top five concerns in DNSSEC deployments. Podcast
-
DNS attack prevention: Inside DNS components vulnerable to attack
DNS attack prevention demands an understanding of the four core DNS components attackers often target. Expert Char Sample explains. Tip
-
Types of DNS attacks reveal DNS defense tactics
A thorough understanding of the types of DNS attacks, including DoS, reflector attacks and DNS cache poisoning, reveal key DNS defense tactics. Tip
-
Network topology mapping: How to automate network documentation
Network topology mapping to boost security can be time-consuming. Learn how to automate network documentation with network management tools. Answer
-
Shared philosophy aids FBI agent’s move to security startup CrowdStrike
Attackers are already in the network, so if companies aren’t monitoring activity, they’re not doing enough, said Shawn Henry of CrowdStrike. News
-
What are the best tools for enterprise Windows security logs analysis?
Expert Mike Cobb provides some of the best Windows security log tools available for the enterprise. Answer
- See More: All on Monitoring Network Traffic and Network Forensics
About Monitoring Network Traffic and Network Forensics
Get tips and information on network forensics, monitoring network traffic and traffic analysis through traffic monitoring tools and software, and discover how the technologies can help expose potential hacker threats and vulnerabilities and identify strange traffic patterns.