This website uses cookies to ensure you have the best experience. Learn more

Network Security Monitoring Tools Essay

788 words - 3 pages

There are numerous network security devices and tools available to aid in computer network defense, and these tools are often relied upon for protecting against increasingly sophisticated, stealthy, and damaging attacks. When acting alone, the current generation of security devices has an exceedingly difficult time providing an effective defense against such threats, and the situation is particularly grim for targeted or novel attacks.

It has been demonstrated that a number of interoperable systems must be implemented to fully protect a network; a strategy known as Defense in Depth. Due to the multitude of security devices and device categories available, it can be very difficult to identify the correct tools for meeting security goals. Using the Defense in Depth strategy will require an understanding of the interactions between devices occuring within the network.

Due to their complexity and importance to information security, two security systems, Network Intrusion Detection/Prevention Systems (NIDPS) and Security Information and Event Management systems (SIEM), will be explored in this paper. Both have multiple functionalities, including threat-detecting capabilities, and are widely considered essential tools for adequate network defense, particularly in the goal of fortifying valuable assets in the face of an advanced threat. Understanding these systems is vital for any security operation tasked with defending significant networks.

2 Network Intrusion Detection/Prevention Systems

2.1 IDPS Definitions

Although Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) have been grouped together here (IDPS), there are distinctions between them. On the most basic level, both will monitor the network and try to identify malicious activity entering or traveling within the network; the IPS just has the additional functionality of automatically blocking such activity because it usually sits inline with traffic flow. Other than this, they essentially work via the same mechanism and share similar goals.

There four general types of IDPS: Network-Based, Host-Based, Wireless, and Network Behavior Analysis (NBA) [NIST]. In practice, most products are either Network-Based (NIDPS) or Host-Based (HIDPS).

HIDPS observes only a single host (in many cases a vital device such as a database server), which gives them the benefits of seeing unencrypted traffic and having direct input to the machine they are on. Wireless systems have many unique vulnerabilities and Wireless IDPS will not be discussed in this report.

2.2 NIDPS Goals

Some vendors have begun to...

Find Another Essay On Network Security Monitoring Tools

Key Metrics in a Successful IT Security Operation

792 words - 4 pages . Berinato (2005) gives us a few different metrics to review. The first is baseline defenses dcverage. This is the virus, spyware, firewall tools that an organization uses to protect its data. Constant monitoring of the network will product data on how many times threats are detected within the network. Berinato (2005) tells us this metric is usually expressed in a percentage. By monitoring the threats encountered an organization can determine the

Consolidated Electronics Group Incident Response Plan

952 words - 4 pages prevention, and user awareness training (Cichonski P., Grance T., Millar T., & Scarfone K., 2012 p.24). Risks of the various types of possible security incidents should be identified and prioritized based on likelihood and potential harm. Risk assessment should be periodic and ongoing. Host security is achieved by hardening each host on the network. Host hardening includes keeping current on the latest software patches, enabling and monitoring audit

Security Audit

2192 words - 9 pages used are broad. We will seek to incorporate security tools to enhance security of data in the company and within the transmission period through the network. Therefore, we construct a topological representation of critical security models that we intend to implement within the organization. Among the tools are firewalls, proxy servers, encryption facilities, logical security and access controls, antivirus software and auditing systems

Network Security Sensors

922 words - 4 pages There are numerous network security devices and tools available intended to aid in computer network defense, and these tools are often relied upon for protecting against increasingly sophisticated, stealthy, and damaging attacks. This will be an analysis of the features and benefits for various Intrusion Detection/Prevention Systems (IDPS) and other network traffic monitoring tools in regards to defending high value targets against attacks from

Network Security

1567 words - 6 pages Network Security 1. What is network security? Network security has changed significantly over the past years. There is more and more data to monitor and analyze in order to detect the activity of your data and systems. Securing a network has many variables. Password authentication, network access, patches, anti-virus protection, intrusion detection, firewall and network monitoring tools are just a few of the things you can do to

Information Security Credentials

1389 words - 6 pages key component in the selection process for management-level information security positions. The CISSP certification helps companies identify individuals who have the technical ability, knowledge, and experience to implement solid security practices, perform risk analysis, identify necessary countermeasures, and help an organization as a whole protect its facility, network, systems, and information. Excerpts from ISC2 claimed that "The CISSP

Vulnerability assessment of the company system and recommendations on measures to mitigate or eliminate potential risks

1339 words - 6 pages on 2013/11/18. Phatak, P. (2012). Top 10 security assessment tools. Available from: -tools/ Accessed on 2013/11/15. Rouse, M. (2006). Vulnerability analysis (vulnerability assessment). Available from: Accessed on 2013/11/16. Simpson, MT, Backman, K & Corley, J. (2011). Hand-On Ethical Hacking and Network Defense. 2nd edition. Cengage Learning; USA.

Security in the Business Environment

1919 words - 8 pages . • Awareness programs. • Security risk management processes. • Asset classification. • Security monitoring and security auditing. • Incident response. • Key performance indicators. Control In this SMF, the terms control and controls describe a variety of processes, procedures, or tools for reducing risk to an acceptable level. When a risk is identified, the organization must assess its potential impact, prioritize its

Careers in Computer Science

716 words - 3 pages area networks (WANs), mainframe networks, computer workstations, connections to the Internet equipment • Evaluating and install the computer hardware, networking software’s, operating system software’s and software applications • Network users are provided by problem solving services • Install, maintain, troubleshoot and upgrade Web-server hardware and software • Implement network traffic and security monitoring software, and optimize server

Internet Connectivity

1889 words - 8 pages being transmitted from a client to an AP. 802.11b standard uses WEP (wired equivalent privacy) this has some exploits but there a few tools that can take advantage of them.Interception and unauthorised monitoringTraffic can be intercepted and monitored in a WLAN network, as long as the attacker is in range of the AP. These are some of the interception and monitoring techniques used:Wireless packet analysis - sophisticated attackers are able to

Controls to Diminish Information Security Risks

2320 words - 9 pages company. The security components establish technical controls that are valuable in tackling identifiable threats to the infrastructure (Bass, 2013). Firewalls Firewall access control lists (ACL) labor as a role of the network firewall (Cisco, n.d.). From a practical viewpoint, the firewall establishes a periphery between the public internet and the company’s internal private network (Cisco, n.d.). The firewall safeguards the internal

Similar Essays

Network Management Essay

1528 words - 6 pages secure a network to the best of their ability. The importance of network tools will be introduced last along with benefits they can provide. Network management Network managers are responsible for ensuring efficiency through a network, this includes a number of jobs such as monitoring the network for problems and fixing them before they affect the network users, making sure network security is fully updated and capable of protecting the network

Elements Of Network Security Essay

1606 words - 6 pages program that ensures that the people monitoring the system know how to properly use the tools and how to best discover any attempt at attacking the network. Recovery No matter how well developed a network security system is, there still comes a time when the system is defeated. For this reason, a recovery plan must be established. The plan should provide for a process to regain control of the network, stop any further disruptive effects of the

Corporate Network Management Essay

2150 words - 9 pages card information” are at risk of being intercepted. Potential security threats like the HeartBleed SSL pose huge risks to organisations must be dealt quickly and swiftly to ensure the business and network is not infiltrated. Network management practises and processes can significantly improve situations like the HeartBleed Bug. Proper network management would see the appropriate firewalls set up with rules monitoring the packets of data being sent

Implementing A New Wide Secure Wireless Network At Brigham Young University Hawaii

2628 words - 11 pages . Future requirements • New campus wide secure wireless network • Network security • Monitoring of network to improve the security • Greater authentication and authorization to campus resources • Deploy 802.1x access control • Support existing infrastructure • Sign-in privacy policy for all users • Identify the offender who violates code of conduct • Select new authentication solution which is capable to work under multi-vendor environment