Question

How would you use data about network traffic to deter attacks to the network? question based on computer forensics

Answer 1

data involved are both allowed and benign. That's why typical UTM solutions normally bundle a great many functions, including these:

• Proxy services block revealing details of internal IP addresses on networks, and examine communications and data transfers at the application level.
• Stateful packet inspection distinguishes legitimate network communications from suspect or known malicious forms of communication.
• Deep packet inspection enables the data portion or payload of network packets to be checked. This facility not only protects against malware, but also permits data checks to block leakage of classified, proprietary, private or confidential data across network boundaries. This kind of technology is called data loss prevention (DLP). DPI technology also supports all kinds of content filtering.
• Real-time packet decryption exploits special hardware (which essentially reproduces software programs in the form of high-speed circuitry to perform complex data analysis) to permit deep inspection at or near network wire speeds. This lets organizations apply content-level controls even to encrypted data, and to screen such data for policy compliance, malware filtering and more.
• Email handling includes malware detection and removal, spam filtering, and content checks for phishing, malicious websites, and blacklisted IP addresses and URLs.
• Intrusion detection and blockage observes incoming traffic patterns to detect and respond to DDoS attacks, as well as more nuanced and malicious attempts to breach network and system security or obtain unauthorized access to systems and data.
• Application control (or filtering) observes applications in use – especially web-based applications and services – and applies security policy to block or starve unwanted or unauthorized applications from consuming network resources, or accomplishing unauthorized access to (or transfer of) data.
• Virtual private network (VPN) or remote access devices enable remote users to establish secure private connections over public network links (including the internet). Most organizations use such technologies to protect network traffic from snooping while it's en route from sender to receiver.

Modern UTM devices incorporate all these functions and more by combining fast, powerful special-purpose network circuitry with general-purpose computing facilities. The custom circuitry that exposes network traffic to detailed and painstaking analysis and intelligent handling does not slow down benign packets in transit. It can, however, remove suspicious or questionable packets from ongoing traffic flows, turning them over to programs and filters. In turn, these agencies can perform complex or sophisticated analysis to recognize and foil attacks, filter out unwanted or malicious content, prevent data leakage, and make sure that security policies apply to all network traffic