Dear Friends,
Major events happened last week.
I got the best offer from MNC with a stuning work profile.
Incident Management, Information Security Audit & Forensic Analysis in CIRT Team responsible for forming Asia-Pacific Operations.
Moving from Financial Domain to Manufacturing Domain.
I will be moving to US for Forensic Training and also to Europe for interaction with European Team.
Probably I will be back in 2 months from Sep 2007.
You know, I am going to be relieved from current organisation on Aug 8, 2007 and will be joining New Firm on Aug 9,2007.
Meanwhile got an offer from TCS too for Network Security Admin.
Lets see ..... I just want now some clean peace of mind for my lifetime ambition of studying MBA in ISB, Hyderabad with specialization in Marketing and allied Finance or Corporate Law or International Business.
As promised, I will be back again tomorrow, with an introduction of SIM Tools and trends.
Till then,
Best Regards,
Bala
Saturday, July 14, 2007
Sunday, July 8, 2007
Network Forensics - An Introduction and Growth Prediction
Dear Friends,
As promised, Iam back with some intro details about Forensics.
Network forensics is the capture, recording and analysis of network events in order to discover the source of security attacks or other problem incidents.(The term, attributed to firewall expert Marcus Ranum, is borrowed from the legal and criminology fields where forensics pertains to the investigation of crimes.)
According to Simson Garfinkel, author of several books on security, network forensics systems can be one of two kinds:
"Catch-it-as-you-can" systems, in which all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage,usually involving a RAID system.
"Stop, look and listen" systems, in which each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires less storage but may require a faster processor to keep up with incoming traffic.
Both approaches require significant storage and the need for occasional erasing of old data to make room for new. The open source programs tcpdump and windump as well as a number of commercial programs can be used for data capture and analysis.
One concern with the "catch-it-as-you-can" approach is one of privacy since all packet information (including user data) is captured. Internet service providers (ISPs) are expressly forbidden by the Electronic Communications Privacy Act (ECPA) from eavesdropping or disclosing intercepted contents except with user permission, for limited operations monitoring, or under a court order. The U.S. FBI's Carnivore is a controversial example of a network forensics tool.
Network forensics products are sometimes known as Network Forensic Analysis Tools (NFATs).
Network forensics, a subdiscipline of digital forensics, deals with computer network data that has become evidence. Network forensics can be used to check an organization's networks for vulnerabilities and thus keep them secure, and it can be used in the context of traditional law enforcement and the court system.
We must anticipate that in the near future, network forensics will be a common component of trial cases. As a result, having credible standards for network forensics is vital to the continued speed and fairness of the judicial system.
In my next post, I am thinking of giving some details about Security Information and Event Management Tools.
Best Regards,
As promised, Iam back with some intro details about Forensics.
Network forensics is the capture, recording and analysis of network events in order to discover the source of security attacks or other problem incidents.(The term, attributed to firewall expert Marcus Ranum, is borrowed from the legal and criminology fields where forensics pertains to the investigation of crimes.)
According to Simson Garfinkel, author of several books on security, network forensics systems can be one of two kinds:
"Catch-it-as-you-can" systems, in which all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage,usually involving a RAID system.
"Stop, look and listen" systems, in which each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires less storage but may require a faster processor to keep up with incoming traffic.
Both approaches require significant storage and the need for occasional erasing of old data to make room for new. The open source programs tcpdump and windump as well as a number of commercial programs can be used for data capture and analysis.
One concern with the "catch-it-as-you-can" approach is one of privacy since all packet information (including user data) is captured. Internet service providers (ISPs) are expressly forbidden by the Electronic Communications Privacy Act (ECPA) from eavesdropping or disclosing intercepted contents except with user permission, for limited operations monitoring, or under a court order. The U.S. FBI's Carnivore is a controversial example of a network forensics tool.
Network forensics products are sometimes known as Network Forensic Analysis Tools (NFATs).
Network forensics, a subdiscipline of digital forensics, deals with computer network data that has become evidence. Network forensics can be used to check an organization's networks for vulnerabilities and thus keep them secure, and it can be used in the context of traditional law enforcement and the court system.
We must anticipate that in the near future, network forensics will be a common component of trial cases. As a result, having credible standards for network forensics is vital to the continued speed and fairness of the judicial system.
In my next post, I am thinking of giving some details about Security Information and Event Management Tools.
Best Regards,
Sunday, July 1, 2007
Security on Demand ...!
Dear Friends,
In the field of Internet and Network security, every moment is witnessing lots of changes, threats, attacks, viruses etc;
Many Organizations are deploying Defense in Depth Strategy where in which they secure their network not only at Perimeter but also take proper security measures in each and every tier till user desktops (End Point Security).
Precisely emphasis is given equally to address the internal threats from unhappy employees and malicious individuals.
Deployment of firewalls and IPS with proper configuration in the network plays a crucial role in blocking the unsolicited elements but analyzing the IPS and Firewall logs too plays the important role in understanding the threats it blocked and check any intentional attacks have been carried out in the network.
Security Analysts now predicting the new buzzword called Security on Demand –
What is really mean for us?
Just log a call for vulnerability Analysis and Penetration Testing.
You will be given a security analysis report of your network at your door step or thru mail. If you need to patch the vulnerabilities, experts will be available at your convenience and fix those same.
There are some major actions happened in the industry already proving this trend.
IBM acquired Noonan's ISS (Internet Security Systems) for $1.3 billion and storage giant EMC snapped up RSA Security for $2.1 billion.
Big Companies are started thinking of how costly it is to keep their security defenses up-to-date. There's a lot of benefit to the approach of automated software updates and not just installing fixes.
The whole industry is moving in this direction.
One more example ....
Vulnerability auction launches online
A group of security professionals launched this week what they hope will become the eBay of security research.
The Swiss-registered company, WSLabi, boasts that its online portal will allow researchers to sell vulnerabilities they have discovered to software companies and other interested parties through an open market. WSLabi plans to verify the identities and claims of both the buyer and seller. Already, four software flaws -- including a Linux memory leak and a flaw in Yahoo! Messenger 8.1 -- are listed on the site and more than 200 people have registered, according to the firm.
The security professionals launched the service to allow researchers to get a fair price for their discoveries and prevent exploits from being sold to cyber criminals, said CEO Herman Zampariolo.
More Details - http://www.securityfocus.com
Qualys has already started selling the vulnerability fixing on Demand.
I am very eagerly watching major changes in these areas.
My next writing will be in Forensics - Next Big fish to cash in.
Like 4 years ago, how security professionals cashed big amounts for configuring the firewall and IPS/IDS, now it will divert to Forensics ….
Big Organizations started feeling the importance of Forensics Analysts for handling various legal issues against their own employees, business partners etc; It is going to be the next big area play for Security Officials as now a days networking devices started integrating the firewall and IPS capability in one box itself.
Just be there after a break, I will be back with great ideas on this front.
Best Regards,
PN:- Pl feel free to post your comments so that we effectively discuss on various emerging areas in IT Security.
In the field of Internet and Network security, every moment is witnessing lots of changes, threats, attacks, viruses etc;
Many Organizations are deploying Defense in Depth Strategy where in which they secure their network not only at Perimeter but also take proper security measures in each and every tier till user desktops (End Point Security).
Precisely emphasis is given equally to address the internal threats from unhappy employees and malicious individuals.
Deployment of firewalls and IPS with proper configuration in the network plays a crucial role in blocking the unsolicited elements but analyzing the IPS and Firewall logs too plays the important role in understanding the threats it blocked and check any intentional attacks have been carried out in the network.
Security Analysts now predicting the new buzzword called Security on Demand –
What is really mean for us?
Just log a call for vulnerability Analysis and Penetration Testing.
You will be given a security analysis report of your network at your door step or thru mail. If you need to patch the vulnerabilities, experts will be available at your convenience and fix those same.
There are some major actions happened in the industry already proving this trend.
IBM acquired Noonan's ISS (Internet Security Systems) for $1.3 billion and storage giant EMC snapped up RSA Security for $2.1 billion.
Big Companies are started thinking of how costly it is to keep their security defenses up-to-date. There's a lot of benefit to the approach of automated software updates and not just installing fixes.
The whole industry is moving in this direction.
One more example ....
Vulnerability auction launches online
A group of security professionals launched this week what they hope will become the eBay of security research.
The Swiss-registered company, WSLabi, boasts that its online portal will allow researchers to sell vulnerabilities they have discovered to software companies and other interested parties through an open market. WSLabi plans to verify the identities and claims of both the buyer and seller. Already, four software flaws -- including a Linux memory leak and a flaw in Yahoo! Messenger 8.1 -- are listed on the site and more than 200 people have registered, according to the firm.
The security professionals launched the service to allow researchers to get a fair price for their discoveries and prevent exploits from being sold to cyber criminals, said CEO Herman Zampariolo.
More Details - http://www.securityfocus.com
Qualys has already started selling the vulnerability fixing on Demand.
I am very eagerly watching major changes in these areas.
My next writing will be in Forensics - Next Big fish to cash in.
Like 4 years ago, how security professionals cashed big amounts for configuring the firewall and IPS/IDS, now it will divert to Forensics ….
Big Organizations started feeling the importance of Forensics Analysts for handling various legal issues against their own employees, business partners etc; It is going to be the next big area play for Security Officials as now a days networking devices started integrating the firewall and IPS capability in one box itself.
Just be there after a break, I will be back with great ideas on this front.
Best Regards,
PN:- Pl feel free to post your comments so that we effectively discuss on various emerging areas in IT Security.
Subscribe to:
Posts (Atom)