I may have an old post about NetFlow elsewhere, but this is another article on using NetFlow to monitor bandwidth on a network. Files this away to read at some point, still have not read it or tried it, but would really like to.
Network security administrators sometimes need to be able to abort TCP/IP connections routed over their firewalls on demand. This would allow them to terminate connections such as SSH tunnels or VPNs left in place by employees over night, abort hacker attacks when they are detected, stop high bandwidth consuming downloads – etc. There are many potential applications.
This article describes how a Linux IPTables based firewall/router can be used to send the right combination of TCP/IP packets to both ends of a connection to cause them to abort the conversation. It describes the steps required to perform this task, and introduces a new open-source utility called “cutter” that automates the process.
Stole a bunch of links from another site describing some new spyware that adds some network traffic and unwanted ads on users’ desktops and networks. 180Solutions might just hit someone I know at work someday soon.
This article is a very quick-shot laundry list of many network terms and items. The whole presentation makes my head spin because the author goes through each one in bambambambam rhythm, but still a nice little bit to read through in pieces.
This page has a presentation-level type of introduction to subnetting. This might be very useful to review.
This quick article talks about running double instances of Snort in order to capture two opposing sets of data. First one sensor catches “everything” that you can imagine in the rules, basically allowing the operator to get an idea of the state of the Internet as a whole. The second sensor only catches things of immediate interest to the operator, basically filtered so that only those threats that may affect the operator are captured. I like this article due to the explicit instructions on installing and running Snort.
This site has basically a paper tackling an Introduction to Security…but it has so many links that it is just a very nice little page to link to and keep around and explore the links off of it, even if they’re known sites and topis. A very nice intro-compilation.
Joat posted this, so I’m going to copy it over:
Just keep in mind the general rules of thumb for security:
- It’s not “if” someone is going to break in, it’s “when”…
- in the real world the best you can hope for is fifteen minutes of fame, in the virtual world, the best you can hope for is fifteen minutes of obscurity… (quote mine)
- there’s no such thing as a secure online system…
- and adding technology rarely adds security.
The general rules of thumb for countering attacks:
- Log as much as practical
- review your logs automatically AND manually
- employ a consistent backup schedule
- use your metrics, be able to recognize what’s normal and what isn’t
- the most expensive investment in security is also the one you’ll get the best return on: knowledge
Regardless of what personnel and what cool toys you have guarding your network, someone, somewhere, sometime will break into your network.