Question

In: Computer Science

How would you use data about network traffic to deter attacks to the network? question based...

How would you use data about network traffic to deter attacks to the network? question based on computer forensics

Solutions

Expert Solution

data involved are both allowed and benign. That's why typical UTM solutions normally bundle a great many functions, including these:

  • Proxy services block revealing details of internal IP addresses on networks, and examine communications and data transfers at the application level.
  • Stateful packet inspection distinguishes legitimate network communications from suspect or known malicious forms of communication.
  • Deep packet inspection enables the data portion or payload of network packets to be checked. This facility not only protects against malware, but also permits data checks to block leakage of classified, proprietary, private or confidential data across network boundaries. This kind of technology is called data loss prevention (DLP). DPI technology also supports all kinds of content filtering.
  • Real-time packet decryption exploits special hardware (which essentially reproduces software programs in the form of high-speed circuitry to perform complex data analysis) to permit deep inspection at or near network wire speeds. This lets organizations apply content-level controls even to encrypted data, and to screen such data for policy compliance, malware filtering and more.
  • Email handling includes malware detection and removal, spam filtering, and content checks for phishing, malicious websites, and blacklisted IP addresses and URLs.
  • Intrusion detection and blockage observes incoming traffic patterns to detect and respond to DDoS attacks, as well as more nuanced and malicious attempts to breach network and system security or obtain unauthorized access to systems and data.
  • Application control (or filtering) observes applications in use – especially web-based applications and services – and applies security policy to block or starve unwanted or unauthorized applications from consuming network resources, or accomplishing unauthorized access to (or transfer of) data.
  • Virtual private network (VPN) or remote access devices enable remote users to establish secure private connections over public network links (including the internet). Most organizations use such technologies to protect network traffic from snooping while it's en route from sender to receiver.

Modern UTM devices incorporate all these functions and more by combining fast, powerful special-purpose network circuitry with general-purpose computing facilities. The custom circuitry that exposes network traffic to detailed and painstaking analysis and intelligent handling does not slow down benign packets in transit. It can, however, remove suspicious or questionable packets from ongoing traffic flows, turning them over to programs and filters. In turn, these agencies can perform complex or sophisticated analysis to recognize and foil attacks, filter out unwanted or malicious content, prevent data leakage, and make sure that security policies apply to all network traffic


Related Solutions

Use Tshark for the following question: Capture traffic on the network interface "eth0," filter out all...
Use Tshark for the following question: Capture traffic on the network interface "eth0," filter out all traffics to/from port 22 or port 10 except port 11 or port 13, and store the results in the file "quiz1.pcap."
An online site presented this​ question, "Would the recent norovirus outbreak deter you from taking a​...
An online site presented this​ question, "Would the recent norovirus outbreak deter you from taking a​ cruise?" Among the 34,836 people who​ responded, 64​% answered​ "yes." Use the sample data to construct a 95​% confidence interval estimate for the proportion of the population of all people who would respond​ "yes" to that question. Does the confidence interval provide a good estimate of the population​ proportion? nothingless thanpless than nothing ​(Round to three decimal places as​ needed.) Does the confidence interval...
An online site presented this​ question, "Would the recent norovirus outbreak deter you from taking a​...
An online site presented this​ question, "Would the recent norovirus outbreak deter you from taking a​ cruise?" Among the 34 comma 303 people who​ responded, 69 ​% answered​ "yes." Use the sample data to construct a 90 ​% confidence interval estimate for the proportion of the population of all people who would respond​ "yes" to that question. Does the confidence interval provide a good estimate of the population​ proportion?
How does streaming traffic differ from browsing traffic (in terms of network utilization)?
How does streaming traffic differ from browsing traffic (in terms of network utilization)?
9. An online site presented this​ question, "Would the recent norovirus outbreak deter you from taking...
9. An online site presented this​ question, "Would the recent norovirus outbreak deter you from taking a​ cruise?" Among the 34,592 people who​ responded, 65​% answered​ "yes." Use the sample data to construct a 95​% confidence interval estimate for the proportion of the population of all people who would respond​ "yes" to that question. Does the confidence interval provide a good estimate of the population​ proportion? ____<p<____ ​(Round to three decimal places as​ needed.) 11. During a period of 11...
Briefly describe how you would go about normalizing data
Briefly describe how you would go about normalizing data
How would you use SAS Enterprise Miner to create a neural network model of your example?
How would you use SAS Enterprise Miner to create a neural network model of your example?
What are CBRNE attacks and what would be their impact? use a table to answer this...
What are CBRNE attacks and what would be their impact? use a table to answer this question.)
What data source would you use for a market-based valuation of a public company? A private...
What data source would you use for a market-based valuation of a public company? A private company? What do you need to know about the data and your subject company to provide reasonable assurance of comparability? Are there circumstances when a market-based method would be more or less appropriate than a DCF or operating income based method? What are the limitations of a market-based method?
Critical Thinking Question for Network Architecture: You are at a Starbucks. Based on chapters 1, 2,...
Critical Thinking Question for Network Architecture: You are at a Starbucks. Based on chapters 1, 2, and 3 explain what protocols are involved in making this connection. And the what is going on in the connection. Chapters 1, 2, and 3 from the Textbook "Computer Networking: A Top-Down Approach 7th Edition, Kurose, Ross" .
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT