From this single department came some
interesting projects and concepts such as Sguil (the open-source network security
analysis front end for Snort) and SanCP (a network session profiler). Concepts
such as Network Security Monitoring (NSM) were being tested and proven over
security appliances.
In this particular scenario: we are a department dedicated to providing customers
with network security monitoring solutions, using open-source software. This
entire NSM philosophy would later be expanded upon and described in "The Tao
of Network Security" (Bejtlich 2004) yet, here I am, sitting in my cubicle with a
broken keyboard, resting in an office where the A/C shuts off on a timer. So it's
boiling hot! All this great technology and cool blinking lights, flashing screens, and
on-the-cutting-edge monitoring of Internet traffic catching bad guys doing bad
things. The whole setup is something right out of a spy movie, with exciting things
happening; such a great opportunity for me, a young college student. Yet, on this
particular evening, I am not enjoying my job.
My job here, this evening, is not to monitor the thousands of alerts; nor is it to
inspect the exponentially higher amount of network packets, in an effort to protect
networks from the insidious under doings of the digital underground. Instead, my
job this evening is to do the most dreaded task in the entire operation: the weekly
incident report.
Pages:
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27