As you may have read in “About BreachBytes” over the past 6 months we have been posting links to articles on the Packet Analytics web site that have to do in one way or another with Breaches and Incident Response. Since we have converted BreachBytes from a list of links on our web site to a full blog I thought we should post the links on the BreachBytes Blog.
SourceForge hacked, but not to worry(?)
“We played a game of cat and mouse with a “security enthusiast” from Europe yesterday. :)” 12/8/2007
DOE Lab Hacked
Oak Ridge National Laboratory, a U.S. Department of Energy facility, said on Thursday that its computer network had been comprised by a spear-phishing attack. 12/7/2007
(more…)
1 Comment »
NetFlow data is critical for network operations and security. The primary use of NetFlow these days is on the operations side but security professionals are catching on too. For insider threat detection, network forensics and network behavior analysis (NBA) there’s no better data source available. Any given enterprise falls into one of the following four scenarios:
- NetFlow is already being collected for network operations but not being shared with security analysts.
- NetFlow is not being collected but is supported by routers (or switches).
- NetFlow data is already being collected for network security purposes.
- NetFlow cannot be collected because the hardware doesn’t support it.
No Comments »
NetFlow data is ubiquitous and people other than network engineers are taking notice. Security analysts need to be aware that NetFlow data can be easily collected (odds are that your routers support some form of NetFlow) and analyzed for network security operations given the right tools. This CISCO-centric blog post has a good list of useful software solutions for NetFlow analysis relevant to security analysts. At their core, all the tools listed but one—Net/FSE by Packet Analytics—are not network security specific but can certainly be leveraged for this purpose.
(more…)
No Comments »
Oak Ridge National Laboratory admitted that they had suffered a breach on October 29th, 2007. Luckily, it appears from this Information Week article that no classified information was compromised. This breach underscores the fact that breaches are inevitable and all organizations whether they are government, non-profit or for-profit must have a comprehensive response and recovery plan.
There are so many situations, reports and news articles where vague statements are used such as the one in the Information Week article: “ORNL said that no classified information was lost but that the personal information of visitors may have been stolen.” “…may have been stolen,” that makes me feel comfortable and secure. When responding to an incident it is necessary to be able to definitively state what actually happened and report a conclusive response. That’s what “incident response” is all about.
A comprehensive recovery plan that includes the ability to perform “deep dives” into all of an organizations network data particularly using NetFlow lets security analysts provide that definitive answer we are all looking for.
No Comments »
Entries (RSS)