NETWORK MONITORING AND SECURITY TOOLS

Network Monitoring and Security Tools

Network Monitoring and Security Tools

Since the Internet was born, its users have to face the threat of all kinds of attacks. There are now more complex worms and viruses, more blended threats, and more crimes. Like other computer products, new attacks are continuously developed and discovered. For example, more than 1,000 new worms and viruses were discovered in the last six months of 2004 by Counterpane Internet Security (Schneier 2005). Hackers are not only hobbyists, but also experts. The purposes of hacking may evolve from curiosity to money, and even political opinion. On the other hand, more and more people are using online services such as paying bills through online banks or purchase goods from online stores.

Therefore, the damage caused by attackers may become very serious. For example, in 2005, a massive data breach occurred at CardSystems Solutions Inc, a payment processor, which exposed about 40 million Visa and Mastercard holders' information. In December, 2007, some hackers cracked into computers of Hannaford Bros. Co., an Eastern supermarket chain, which was found in February, 2008 and the problem got controlled in March, 2008. This security breach caused 4.2 million account numbers to be stolen and at least 1,800 cases of fraud. Usually, attackers first use certain probe tools to locate hosts on networks; then try to figure out which operating systems and services are running on them.

For this vary reason there are different Networking related software that are used for the sole purpose of network monitoring and security by the network administrators. Following are some important Network Monitoring and Security Tools:

Ethereal

Although traffic flows are the main target in the experiment, some specific packets are still required to be analyzed. That is the main reason that Ethereal is needed in the experiment. Ethereal is an open source network analyzer for UNIX, Linux and Windows. When a packet is required to be studied, Ethereal is able to provide very detailed information, such as time, protocol, and payload content, etc. It can capture live packets from a network interface or analyze captured packet data from other files. In the experiment, Ethereal was used to merge daily tcpdump files into two weekly files. It also read tcpdump files collected on the Honeyd platform to support traffic packet information.

Argus

A flow is a set of packets experiential in networking contained some time by window and shared some common property such as source address and port, destination address and port, and protocol. Since a flow is composed of packets and there are much more packets than flows, it is more difficult to analyze packets than flows. Therefore, in the experiment, traffic flows is the main target to inspect. Argus was chosen to generate flows from tcpdump files. Argus is a real time flow monitor tool designed to track network traffic status. It can be applied to examine data from a live interface to generate log files. Also it can analyze the content of packet capture files ...