Skip to Main Content
Security Monitoring
book

Security Monitoring

by Chris Fry, Martin Nystrom
February 2009
Intermediate to advanced content levelIntermediate to advanced
256 pages
7h 43m
English
O'Reilly Media, Inc.
Content preview from Security Monitoring

Chapter 4. Select Targets for Monitoring

Reese: Anyone who’s trying to use the override would have to hack through the reactor’s firewall. That would take massive computer power, which NRC could see coming a mile away.

Jack: Is it possible that NRC could miss this due to unusually heavy traffic on the Internet?

Reese: I don’t follow.

Jack: Well, less than an hour ago millions of computers around the world were streaming the trial of the Secretary of Defense. Is it possible that this trial was just some kind of a Trojan horse to disguise a massive attack on nuclear power plants’ firewalls?

Reese: That might be possible.[22]

Successful enterprise security monitoring demands focus. In this fictitious attack from Fox’s popular television series 24, the network security team (NRC) missed a targeted, critical attack due to a decoy surge in network traffic. The depicted scenario demonstrates how difficult it is to monitor effectively when all systems are given “equal” attention. Focused monitoring requires considerable tuning and quick recognition of benign traffic. For example, an Oracle 11i-based ERP system will generate thousands of messages per hour from its various components. Without tuning and a strong understanding of the environment, the network monitoring staff will waste their time following dead ends.

Example 4-1 contains an example of a Snort alert that could result from monitoring an Oracle system.

Example 4-1. Snort alert from monitoring an Oracle system[23]

[**] [1:2650:2] ORACLE ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Applied Network Security Monitoring

Applied Network Security Monitoring

Chris Sanders, Jason Smith
Network Protocols for Security Professionals

Network Protocols for Security Professionals

Yoram Orzach, Deepanshu Khanna

Publisher Resources

ISBN: 9780596157944Errata Page