Passive Network Analysis

Passive Network Analysis
Stephen Barish

In sports, it's pretty much accepted wisdom that home teams have the advantage; that's why teams with winning records on the road do so well in the playoffs. But for some reason we rarely think about "the home field advantage" when we look at defending our networks. After all, the best practice in architecting a secure network is a layered, defense-in-depth strategy. We use firewalls, DMZs, VPNs, and configure VLANs on our switches to control the flow of traffic into and through the perimeter, and use network and host-based IDS technology as sensors to alert us to intrusions.

Expand all | Post comment

Passive Network Analysis 2007-09-30
Anonymous

Passive Network Analysis 2007-09-30
H

Passive Network Analysis 2007-10-14
Anonymous

While at Sandia National Laboratories I worked on a project called NetState. The program performs passive fingerprinting of OS's (using a p0f module) and of applications. The program keeps all data in an sql database allowing you to see the evolution of applications and OS's on the network. More information about the program is available at http://netstate.ca.sandia.gov/

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/infocus/1894/983#983