BreachBytes

As you may have read in “About BreachBytes” over the past 6 months we have been posting links to articles on the Packet Analytics web site that have to do in one way or another with Breaches and Incident Response. Since we have converted BreachBytes from a list of links on our web site to a full blog I thought we should post the links on the BreachBytes Blog.

SourceForge hacked, but not to worry(?)
“We played a game of cat and mouse with a “security enthusiast” from Europe yesterday. :)” 12/8/2007

DOE Lab Hacked
Oak Ridge National Laboratory, a U.S. Department of Energy facility, said on Thursday that its computer network had been comprised by a spear-phishing attack. 12/7/2007

(more…)

NetFlow data is critical for network operations and security. The primary use of NetFlow these days is on the operations side but security professionals are catching on too. For insider threat detection, network forensics and network behavior analysis (NBA) there’s no better data source available. Any given enterprise falls into one of the following four scenarios:

1. NetFlow is already being collected for network operations but not being shared with security analysts.
2. NetFlow is not being collected but is supported by routers (or switches).
3. NetFlow data is already being collected for network security purposes.
4. NetFlow cannot be collected because the hardware doesn’t support it.

(more…)