Wireshark is a popular, free and open-source packet capture tool that enables network and security administrators to take a “deep dive” analysis into traffic moving through a network.Wireshark can be deployed for a variety of purposes including sniffing out security issues, troubleshooting network performance problems, traffic optimization, or as part of the application development and testing process.What Does Wireshark Do?
Wireshark is primarily used to capture packets of data moving through a network. The tool allows users to put network interface controllers (NICs) into promiscuous mode to observe most traffic, even unicast traffic, which is not sent to a controller’s MAC address. However, doing this normally requires superuser permissions and may be restricted on some networks.To read this article in full, please click here
Ethernet is one of the original networking technologies, having been invented nearly 50 years ago. And yet, because of the simplicity by which the communications protocol can be deployed and its ability to incorporate modern advancements without losing backwards compatibility, Ethernet continues to reign as the de facto standard for computer networking.At its core, Ethernet is a protocol that allows computers (from servers to laptops) to talk to each other over wired networks that use devices like routers, switches and hubs to direct traffic. Ethernet works seamlessly with wireless protocols, too.Its ability to work within almost any environment has led to its universal adoption around the world. This is especially true because it allows organizations to use the same Ethernet protocol in their local area network (LAN) and their wide-area network (WAN). That means that it works well in data centers, in private or internal company networks, for internet applications and almost anything in between. It can even support the most complex forms of networking, like virtual private networks (VPNs) and software-defined networking deployments.To read this article in full, please click here
NOC (pronounced “knock,”) stands for a network operations center, and if the term conjures up images of a NASA-like control room, you would not be too far off from reality – at least at some organizations.While the role of a NOC can vary, the general idea is to create a room or centralized facility where information technology (IT) professionals can constantly monitor, maintain and troubleshoot all aspects of a network. The NOC must also be equipped with all of the technology required in order to support those operations, including monitors, computers, telecommunications equipment and a fast connection to network resources.NOCs were created for two main reasons. The first was to give IT staffers a central location to work from, instead of having them run around trying to fix problems or perform preventative maintenance, like patching systems, from different locations.To read this article in full, please click here
NOC (pronounced “knock,”) stands for a network operations center, and if the term conjures up images of a NASA-like control room, you would not be too far off from reality – at least at some organizations.While the role of a NOC can vary, the general idea is to create a room or centralized facility where information technology (IT) professionals can constantly monitor, maintain and troubleshoot all aspects of a network. The NOC must also be equipped with all of the technology required in order to support those operations, including monitors, computers, telecommunications equipment and a fast connection to network resources.NOCs were created for two main reasons. The first was to give IT staffers a central location to work from, instead of having them run around trying to fix problems or perform preventative maintenance, like patching systems, from different locations.To read this article in full, please click here
The Spanning Tree Protocol, sometimes just referred to as Spanning Tree, is the Waze or MapQuest of modern Ethernet networks, directing traffic along the most efficient route based on real-time conditions.Based on an algorithm created by American computer scientist Radia Perlman while she was working for Digital Equipment Corporation (DEC) in 1985, the primary purpose of Spanning Tree is to prevent redundant links and the looping of communication pathways in complex network configurations. As a secondary function, Spanning Tree can route packets around trouble spots to ensure that communications are able to wind through networks that might be experiencing disruptions.To read this article in full, please click here
SaltStack Enterprise, and its optional SecOps modules, is one of the only platforms available today that can fully manage complex enterprise environments while also protecting them.
SaltStack Enterprise, and its optional SecOps modules, is one of the only platforms available today that can fully manage complex enterprise environments while also protecting them.
New and innovative security tools seem to be emerging all the time, but the frontline defense for just about every network in operation today remains the trusty firewall. They aren’t perfect, but if configured correctly and working as intended, firewalls can do a solid job of blocking threats from entering a network, while restricting unauthorized traffic from leaving.The problem network administrators face is that as their networks grow, so do the number of firewalls. Large enterprises can find themselves with hundreds or thousands, a mix of old, new and next-gen models, probably from multiple vendors -- sometimes accidentally working against each other. For admins trying to configure firewall rules, the task can quickly become unmanageable.To read this article in full, please click here(Insider Story)
New and innovative security tools seem to be emerging all the time, but the frontline defense for just about every network in operation today remains the trusty firewall. They aren’t perfect, but if configured correctly and working as intended, firewalls can do a solid job of blocking threats from entering a network, while restricting unauthorized traffic from leaving.The problem network administrators face is that as their networks grow, so do the number of firewalls. Large enterprises can find themselves with hundreds or thousands, a mix of old, new and next-gen models, probably from multiple vendors -- sometimes accidentally working against each other. For admins trying to configure firewall rules, the task can quickly become unmanageable.To read this article in full or to leave a comment, please click here(Insider Story)
New and innovative security tools seem to be emerging all the time, but the frontline defense for just about every network in operation today remains the trusty firewall. They aren’t perfect, but if configured correctly and working as intended, firewalls can do a solid job of blocking threats from entering a network, while restricting unauthorized traffic from leaving.The problem network administrators face is that as their networks grow, so do the number of firewalls. Large enterprises can find themselves with hundreds or thousands, a mix of old, new and next-gen models, probably from multiple vendors -- sometimes accidentally working against each other. For admins trying to configure firewall rules, the task can quickly become unmanageable.To read this article in full or to leave a comment, please click here(Insider Story)
New and innovative security tools seem to be emerging all the time, but the frontline defense for just about every network in operation today remains the trusty firewall. They aren’t perfect, but if configured correctly and working as intended, firewalls can do a solid job of blocking threats from entering a network, while restricting unauthorized traffic from leaving.To read this article in full or to leave a comment, please click here(Insider Story)
Almost every cybersecurity program these days does some sort of scanning, sandboxing or traffic examination to look for anomalies that might indicate the presence of malware. We’ve even reviewed dedicated threat-hunting tools that ferret out malware that’s already active inside a network.
However, what if there were a different way to approach security? Instead of searching for behaviors that might indicate a threat, what if you could define everything that is allowed within a network? If every process, application and workflow needed to conduct business could be defined, then by default everything outside of those definitions could be flagged as illegal. At the very least, critical programs could be identified and all interactions with them could be tightly defined and monitored. It’s a different way of looking at security, called segmentation.To read this article in full or to leave a comment, please click here(Insider Story)
Almost every cybersecurity program these days does some sort of scanning, sandboxing or traffic examination to look for anomalies that might indicate the presence of malware. We’ve even reviewed dedicated threat-hunting tools that ferret out malware that’s already active inside a network.
However, what if there were a different way to approach security? Instead of searching for behaviors that might indicate a threat, what if you could define everything that is allowed within a network? If every process, application and workflow needed to conduct business could be defined, then by default everything outside of those definitions could be flagged as illegal. At the very least, critical programs could be identified and all interactions with them could be tightly defined and monitored. It’s a different way of looking at security, called segmentation.To read this article in full or to leave a comment, please click here(Insider Story)
Almost every cybersecurity program these days does some sort of scanning, sandboxing or traffic examination to look for anomalies that might indicate the presence of malware. We’ve even reviewed dedicated threat-hunting tools that ferret out malware that’s already active inside a network.To read this article in full or to leave a comment, please click here(Insider Story)
Taking down the threatImage by ThinkstockAdvanced Persistent Threats (APT) are able to slip past even the most cutting-edge security defenses thanks to a diabolically clever strategy. Hackers may try to breach your defenses thousands of times until they finally get in. Once a network is breached, most APTs go into stealth mode. They move slowly, laterally compromising other systems and inching toward their goals. But what if you could hunt down these active, but hidden threats before they can do real damage? For this review, we tested threat hunting systems from Sqrrl, Endgame and Infocyte. Read the full review as well.To read this article in full or to leave a comment, please click here
Advanced Persistent Threats are able to slip past even the most cutting-edge security defenses thanks in large part to a diabolically clever strategy. The threat actors behind successful APTs research the employees, practices and defenses of the organizations they want to attack. They may try to breach the defenses hundreds or thousands of times, then learn from their mistakes, modify their behavior, and finally find a way to get in undetected.To read this article in full or to leave a comment, please click here(Insider Story)
John Breeden II