Category Archives: network forensics

Security Series Part 2: World Cup Photo Proves Importance of Network Security Once Again

One of the most difficult challenges in managing networks is their inherent vulnerability to human error. No matter how robust an organization’s security policies or how dedicated its IT staff, a silly oversight by one or more employees can render many precautions meaningless.

A startling example of just how quickly and thoughtlessly network security can be compromised occurred recently when the Wi-Fi network name and password for the security center at the World Cup in Brazil were accidentally posted online.

A newspaper photo of Luiz Cravo Dorea, head of International cooperation for the Brazilian Federal Police, was taken inside the center, run by Israeli security firm Risco, in front of a bank of computer screens, one of which showcased the sensitive information. Soon after the photo was posted, it was re-tweeted repeatedly for the entire world to see. Once the newspaper was made aware of the photo it was taken down and presumably, the network name and password were changed. But it is impossible to know if any intrusions occurred in the interim.

While businesses should make every effort to avoid these kinds of blunders, the unfortunate fact is that they do sometimes happen despite network engineers’ best efforts. When these mistakes occur, it’s imperative that businesses have network monitoring and security solutions in place that keep a simple oversight from turning into a total disaster.

Best-in-class network forensic appliances can be used to monitor compliance with security policies and to intercept and analyze unauthorized attempts to access a network. These products can automatically respond to security threats in a variety of ways, meaning that even if a password is leaked, intruders can’t freely enter a system and steal or compromise data. Continue reading

Security Attack Analysis for Finding and Stopping Network Attacks

The bad guys are winning.

No, this is not a review of the latest superheroes movie. It is the plain and simple truth when it comes to network security attacks. We’re all too familiar with the names of big, formerly trusted organizations who have recently suffered breaches. And we’ve all been affected, both professionally and personally, by these breaches.

So rather than rehash these attacks once again, let’s take a brief look at an approach that can help make sense of the barrage of alerts from security systems, which instead of adding awareness, are merely hiding the needle in the haystack.

Current security systems do their job well – nowadays most would argue much too well. For fear of missing a critical event, security systems err (heavily!) on the side of caution. In doing so, they produce false-positives – a lot of them. The volume of these alerts can quickly become overwhelming, rendering them almost as useless as no data at all. Remember, this is exactly what Target admitted. They did see alerts when the initial hack happened, well before any data was taken, but those alerts went uninvestigated.

On the positive side, false positives can be reduced, and sometimes pretty quickly. Many false positives are a result of some routine activity on your network that may be classified as out-of-the-ordinary for a general network. And because it’s routine on your network, it generates lots of security alerts. Armed with detailed information at the time of the alert, quick analysis will indicate whether or not this condition is normal for your network, and if it is, you can retune your security solution to ignore this condition. Every time you are able to do this you make your security solution more and more effective – a lot less hay and more needles.

This approach is called attack analysis, and it relies on network recording and network forensics to supply detailed, network-based information that can be used to unequivocally determine whether or not a security alert is the real thing. And if it is, you have a complete recording of the network activity from before, during, and after the attack so you can quickly stop the attack and assess the damage.

Interested in learning more? Check out our complete webinar on this topic, including detailed use cases, at http://www.wildpackets.com/resources/ondemand_webcasts.

BYOD and Mission Critical Apps – Let Wireless Forensics Ease Your Pain

The people have spoken, and it seems that BYOD is here to stay. A recent Forrester Research study reports that 60% of workers use their personal mobile devices at work, with some organizations reporting that personal, user-owned devices exceed 75%.

This creates a nightmare for IT teams, who have little to no access to end-user devices. Real-time troubleshooting becomes incredibly difficult, and problems are often reported well after they occur (taking real-time analysis out of the equation altogether). Even more, the integrity of mission-critical applications like corporate data transactions are at risk, leaving organizations to question whether transactions  were actually completed?

Forced to embrace BYOD, and subsequently lose control over corporate apps, how can organizations make sure their networks remain safe?

Wireless forensics solutions give wireless network engineers and security teams a complete recording of WLAN activity over hours or even days. Engineers can use wireless forensics to analyze traffic and instantly determine the root cause of an event, entirely removing guessing and problem reproduction from the equation. Effective wireless forensics provide these four key capabilities:

  • Data Capture: Capture all wireless traffic, on every channel in use, at the source
  • Network Recording: Store all WLAN packets, 24/7, for forensic analysis
  • Search and Inspection:  Enable administrators to comb through archived traffic for anomalies and signs of poor connectivity
  • Reporting: Through data capture and analysis, results of investigations are logged and network vulnerabilities are reviewed and analyzed post-mortem.

Perhaps most importantly, wireless forensics solutions capture data 24/7 and automatically analyze all data collected, which means all the data you need for analysis is available at a moment’s notice. Whether the problem with your mission-critical app is across the room or across the world, wireless forensics gives you immediate access to the most detailed analytics available to get to the root cause of an issue.