Skip to Main Content
Security Monitoring
book

Security Monitoring

by Chris Fry, Martin Nystrom
February 2009
Intermediate to advanced content levelIntermediate to advanced
256 pages
7h 43m
English
O'Reilly Media, Inc.
Content preview from Security Monitoring

Blanco’s Security Alert Sources

Blanco Wireless has several sources for security alerts, including NIDS, syslog, application logs, database logs, host antivirus logs, host NIDS logs, router and firewall logs, and NetFlow (see Figure 6-15).

NIDS

Blanco Wireless has NIDS installed, and is inspecting the backbone uplinks on the data center gateway routers (connections 1, 2, 3, and 4). Analysis of the network traffic shows an average of 12 Mbps with spikes of up to 60 Mbps. Blanco will install a single Cisco IPS 4255 sensor with four interfaces running IPS software version 6.0. The routers are configured to provide a copy of each interface’s bidirectional traffic. This setup provides a view of ingress/egress data center traffic, but does not capture intra-data center traffic, as is desired.

Blanco’s security team has taken advantage of the information gathered in its Internet Protocol Address Management (IPAM) software and makes use of network locale variables in tuning the sensors (note that the “slash notation” is broken down into ranges of addresses to represent subnets):

variables DESKTOP_NETWORKS 10.10.32.0-10.10.63.255
variables WINDOWS_SERVERS 10.10.0.0-10.10.0.127
variables ORACLE_SERVERS 10.10.0.128-10.10.0.255
variables VMWARE_SERVERS 10.10.1.0-10.10.1.63
variables WEBAPP_SERVERS 10.10.1.64-10.10.1.127
Blanco Wireless’s security alert sources

Figure 6-15. Blanco Wireless’s security alert sources

Because Blanco handles sensitive ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Applied Network Security Monitoring

Applied Network Security Monitoring

Chris Sanders, Jason Smith
Network Protocols for Security Professionals

Network Protocols for Security Professionals

Yoram Orzach, Deepanshu Khanna

Publisher Resources

ISBN: 9780596157944Errata Page