Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Passive Network Analysis
Stephen Barish

In sports, it's pretty much accepted wisdom that home teams have the advantage; that's why teams with winning records on the road do so well in the playoffs. But for some reason we rarely think about "the home field advantage" when we look at defending our networks. After all, the best practice in architecting a secure network is a layered, defense-in-depth strategy. We use firewalls, DMZs, VPNs, and configure VLANs on our switches to control the flow of traffic into and through the perimeter, and use network and host-based IDS technology as sensors to alert us to intrusions.

Comments Mode:
Passive Network Analysis 2007-09-30
Anonymous
A great tool that can be used to perform passive OS fingerprinting in Windows is NetworkMiner. It uses the OS signature databases from both p0f and Ettercap. NetworkMiner can also extract files sent over the network in a similar manner as York and NetworkActiv, but better since NetworkMiner also can...

[ more ]  [ reply ]
Passive Network Analysis 2007-09-30
H
Sir:

Kudos to Mr. Barish for pointing out the efficacy of internal traffic analysis. The amount of good information generated by the devices handling traffic within a network and the accurate analysis of that traffic to achieve even a reasonable amount of situational awareness [or 'keep the bubbl...

[ more ]  [ reply ]
Passive Network Analysis 2007-10-14
Anonymous
While at Sandia National Laboratories I worked on a project called NetState. The program performs passive fingerprinting of OS's (using a p0f module) and of applications. The program keeps all data in an sql database allowing you to see the evolution of applications and OS's on the network. More ...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus