Chapter 17 - 01 - Understand the Need and Advantages of Network Traffic Monitoring_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
EC-Council
Tags
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Network Traffic Monitoring Module Flow e...
Certified Cybersecurity Technician Exam 212-82 Network Traffic Monitoring Module Flow e 0 Understand the Need and Advantages of Network Traffic Monitoring 9 Determine Baseline Traffic Signatures for Normal and Suspicious Network Traffic I\ W * fem fen e Perform Network Monitoring for Suspicious Traffic Copyright © by All Rights Reserved, Reproducti Understand the Need and Advantages of Network Traffic Monitoring The objective of this section is to explain in detail the need for and advantages of network traffic monitoring. Module 17 Page 2026 EC-Council Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Traffic Monitoring Network Traffic Monitoring Network monitoring is a retrospective security approach that involves monitoring a network for abnormal activities, performance issues, bandwidth issues, etc. Bl B Network monitoring is an integral part of network security and is a demanding task within the network security operations of organizations Continuous network traffic monitoring and analysis are required for effective threat detection Copyright © byby Copyright EEC-Coumcll. C-{ All Rights cll. All Rights Reserved, Reserved. Reproduction ReproductionIss Strictly Strictly Prohibited Prohibited Network Traffic Monitoring Network traffic monitoring is the process of capturing network traffic and inspecting it closely to determine what is happening on the network. Network monitoring is a retrospective security approach that involves monitoring a network for abnormal activities, performance issues, bandwidth issues, etc. It is an integral part of network security and is a demanding task within the network security operations of organizations. Continuous network traffic monitoring and analysis are required for effective threat detection. Security Professional should constantly strive to maintain smooth network operation. If aa network goes down even for a small period, productivity within a company may decline. To be proactive rather than reactive, the traffic movement and performance must be monitored to ensure that no security breach occurs within the network. The network monitoring process involves sniffing the traffic flowing through the network. For this purpose, network packets must be captured, and a signature analysis must be conducted to identify any malicious activity. Network operators use network traffic analysis tools to identify malicious or suspicious packets hiding within traffic. They monitor download/upload speeds, throughput, content, traffic behaviors, etc. to understand the status of the network operations. Module 17 Page 2027 Certified Cybersecurity Technician Copyright © by EG-Gouncil EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Technician Exam 212-82 Exam 212-82 Certified Certifie Cybersecurity d Cyberse curity Technic ian Network Networ Traffic Monitor k Traffic Monitoring ing Need Nee for Net d for Network work Monitoring Mon itoring -..-..._-......_.. Even when Even when security security tools tools are inin place, are place, attacker s can attackers can G find ways to bypass find ways to bypass such such security security isms mechanisms mechan to to enter the network enter the network @ Security tools generally tools general ly use signature-ba use signatu re-basesed detection d detecti on @ Security techniques. Hence, they ues. Hence, are often they are unable toto identif often unable y identify techniq ’ continuously continu changing ously changin g attack res/pattterns signatures/pa attack signatu terns 1 1 1 Security Securit y tools generally are general tools are not designe ly not d toto identify designed identify behavioral behavio anomalies ral anomal and are ies and unable toto detect are unable detect ! activities activiti es ofof attacke attackers that are rs that are initiate initiated before and d before and ‘ during an during an attack attack i1 1 Need for Need for Netw Network Monitoring ork Moni toring security oringg helps securi monitorin ssionals identi profession ty profe fy possib identify possible beforee they affect le issues befor rkingg monit Networkin Netwo rk, the root cause can be deter network, minedd easily determine business busin ess contin uity.. If an issue occurs in the netwo continuity network with netwo oring, and with network monitoring automationn tools, the problem network automatio problem can be fixed with rk monit visibility to outages but also gives visibility prevents outages automatically. Networkin automatica monitoringg not only prevents Networkingg monitorin downtime and minimizes downtime monitoringg minimizes increases the and increases the potential issues.. Continuou potential issues network monitorin Continuouss network performan performanc cee of the network. network. attackers can find ways to bypass bypass such security such security Even when Even security tools are in place, attackers when security signature- generally use signature Security tools generally -based detection based detection mechanis mechanisms ms to enter the to enter network. Security the network. continuous identify continuou ly changing sly attack signatures changing attack /patterns. signatures/patterns. techniques, and techniques difficult to identify and it is difficult anomalies and behavioral anomalies identify behavioral and are detect unable toto detect are unable These tools are These are not designed toto identify not designed that are activities that initiated before are initiated and during before and attacks. during attacks. attackers’ activities attackers’ first level the first security and level ofof security help identify and help anomalouss identify anomalou Network monitorin Network monitoring provide the tools provide g tools conditions inin the conditions network, which the network, indicate attacker which indicate activity. attacker activity. Technician Copyright Cybersecurity Technician Certified Cybersecurity EC-Gouncil Copyright © © byby EC-Council Certified Page 2028 Module 1717 Page Module 2028 Reserve d. Reprodu ction is Strictly Prohibi Rights Reserved. Reproduction is Strictly Prohibited. AllAll Rights ted. Certified Cybersecurity Technician Exam 212-82 Network Traffic Monitoring Advantages of Network Monitoring ¢> ------ > Understanding how data flows in a network Understanding ------ > Optimizing network performance ------ > Avoiding Avoiding bandwidth bottlenecks Monitoring network traffic helps in s 7 o ------ S > Detecting signs of malicious activity ------ »>> Finding unnecessary and vulnerable applications e i Investigating security breaches Advantages of Network Monitoring Network traffic analysis is performed to gain in-depth insight into the types of network packets or data flowing through a network. Typically, it is performed through network monitoring or network bandwidth monitoring utilities. The traffic statistics from network traffic analysis helps in the following: = Understanding how data flows in a network = Optimizing network performance = Avoiding bandwidth bottlenecks = Detecting signs of malicious activity * Finding unnecessary and vulnerable applications = Investigating security breaches |nvestigating = Understanding and evaluating network utilization = Determining download/upload speeds * Determining the type, size, origin, destination, and content/data of packets The typical advantages of network monitoring are as follows. = Proactive: Network monitoring proactively detects applications that consume the maximum bandwidth and reduces the bandwidth. It manages server bottleneck situations and other systems connected to the network. Moreover, network monitoring delivers an efficient quality of service to users. It creates a record of all the irregularities occurring in the network that network administrator can handle later. Module 17 Page 2029 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Traffic Monitoring = Utilization: It is important to understand the need for network utilization, especially with all the new and evolving technology. Network monitoring provides complete details on the infrastructure. It provides an idea about the amount of load a network can handle during periods of heavy traffic, enabling the efficient utilization of the space in the network. = Optimization: Network monitoring techniques gather network infrastructure information in a timely manner and save it for the security professionals. Security professional can then take the required actions before the situation worsens. These techniques identify applications that prove vulnerable to the network. = Minimizing risk: Network monitoring techniques are necessary for establishing service- level agreements (SLAs) and compliance applicable to users or consumers. Complete infrastructure information is required when drafting SLAs. The real-time monitoring of network topologies and channels helps in creating the SLAs. Network monitoring techniques are beneficial for security professionals. They are very easy to setup and implement, considering the complexity of networks. Module 17 Page 2030 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.
