Hello,This is a two part questions. First I will need the di
Hello,This is a two part questions. First I will need the discussion question answer which will be below in bold, 300 words APA format. For those response I will need three responses of at least 175 words each.Distinguish between full content data (including collection tools), session data (including collection tools) and statistical data (including collection tools).Student one:This week, we dive a bit deeper into NSM by comparing and contrasting full content, session, and statistical data. At a broad overview level, we can consider the following: full content data are the actual packets collected in network traffic, session data are the conversations generated, and statistical data are the overall summaries or profiles of network traffic (Bejtilch, 2009). As discussed last week, full content data (FCD) is considered ‘the most flexible form of network-based information,’ because (as the name implies) every aspect of data in a captured network packet is available for collection and analysis (Bejtilch, 2004). FCD is highly desired, because it encapsulates the totality of bits in data packets. Having FCD at your hands is a capability that can be leveraged against somebody trying to hide data within TCP/IP header fields. With the right analysis, FCD capture can help an analyst retrace a user’s secretive movements (Bejtilch, 2004). FCD also provides analysts with ‘application relevance,’ i.e. ‘the saving of information passed above the transport layer.’ Analysts can utilize FCD to see the content of communication between two parties…which can more valuable than session data in certain circumstances (Bejtilch, 2004). There are many types of commonly used FDC collection tools. One common tool is tcpdump. Tcpdump ‘prints out a description of the contents of packets on a network interface that match the boolean expression; the description is preceded by a time stamp, printed, by default, as hours, minutes, seconds, and fractions of a second since midnight (The Tcpdump Group, 2020).’ Within command line, Bejtilch (2004) recommends several switches to tweak output and assist in reading and storing data (e.g. the -n switch will ensure Tcpdump output doesn’t resolve IP addresses to domain names and port numbers to service names – this preserves the raw IP address and data for analysis). Other FCD tools include libpcap (sister tool to tcpdump), Tethereal, Snort, and Ethereal. If command line isn’t your thing…you can use Ethereal, which has an interactive graphical user interface (GUI) for visual comprehension. You can comb through thousands of data packets captured by color coding them against a set of rules (Hards & Hards, 2004). Other FCD tools serve as enhancements to others, such as Editcap, Mergecap, and Tcpslice – they all build off of libcap files and present data in unique ways (Bejtilch, 2004).Session and Statistical Data are a bit different from FCD. Let’s start with Session Data. A session (aka flow, stream, conversation) is ‘a summary of a packet exchange between two systems.’ Sessions are typically more defined in TCP compared to UDP, ICMP, an SYN sessions (Bejtilch, 2004). Session data includes source/destination IP address & Port number, timestamps, and a measurement of information exchanged within said session. With a ‘content-neutral focus,’ session data is considered by Bejtilch (2004) to be the most helpful. This is because it can usually tell you what an intruder has compromised, where they’ve been, and if they are still present. Aside from NSM, Session data can also be used for accounting purposes such as bandwidth usage. Session data tools include Cisco’s NetFlow, Fprobe, sFlow, Argus, and Tcptrace. NetFlow is a Cisco proprietary tool – powerful, albeit limited in unidirectional session data i.e. sessions flow from client to server or server to client. Argus is highly touted by Betilch (2004) and encouraged for emergency NSM. This is due to its bidirectional session data collection and lower level of data consumption compared to FCD. Finally, statistical data uses statistics to “identify and validate intrusions.” It can be used to build summaries and/or profiles of network traffic. Noticeable deviations of baseline statistical norms can help intrusion detection and NSM analysts. For example, port traffic normally utilized at 2% bandwidth may suddenly spike to 5 or 6% – this may indicate an intrusion or attack (Bejtlich, 2004). Some collection tools for statistical data include Cisco Accounting, Ipcad, Ifstat, Tcpdstat, and MRTG. Tcpdstat is pretty outdated and hard to utilize nowadays – at the time of the book’s writing, Tcpdstat allowed analysts ‘to break down packet capture session data into categories based on protocol.’ I believe it’s meant to complement tcpdump in a lot of ways. As with the other tools listed in the reading, it assists in understanding and establishing a normal baseline of your network traffic (Vallentin, 2007). Another statistical data tool is MRTG or Multi Router Traffic Grapher. This tool is a somewhat GUI based (HTML) application that can visually display useful statistical data. With respect to MRTG, Bejtlich (2004) claims that it’s mostly used for bandwidth analysis. Some intrusion attacks cause bandwidth spikes…but not all of them. It’s important to have a variety of tools in mind when approaching your NSM needs and goals.I hope everyone is staying safe and doing well during these interesting times. I know the Coronavirus is keeping a lot of us very busy at work, including myself…that’s why I’m knocking this initial post early in the week 🙂 I sincerely wish that everyone is minimally impacted and healthy throughout.Cheers,ReferencesBejtlich, R. (2004). The Tao of Network Security Monitoring. Boston: Addison-Wesley.Bejtlich, R. (2009). Network security monitoring using transaction data. SearchITChannel. Retrieved at https://searchitchannel.techtarget.com/tip/Network-security-monitoring-using-transaction-data#:~:text=%2D%20Statistical%20data%3A%20Overall%20summaries%20or,collected%20by%20storing%20network%20traffic.Hards, B., & Hards, B. (2004). A guided tour of Ethereal. Linux Journal, (118), 80,81,82,84,85. Retrieved from https://www.linuxjournal.com/article/6842The Tcpdump Group. (2020). MANPAGE of TCPDUMP. Retrieved at https://www.tcpdump.org/manpages/tcpdump.1.htmlVallentin, M. (2007). Examining and dissecting tcpdump/libpcap traces. Matthias Vallentin Blog. Retrieved at http://matthias.vallentin.net/blog/2007/01/examini…Student two:I hope everyone is having a great week. This week we are moving into more detail on looking at the type of data that is captured when conducting network captures and network monitoring. Being able to understand what is being captured can give your organization an advantage at ensuring proper security is implemented but also the ability to catch risks before they occur.Full Content Data (FCD) captures all traffic that occurs on a network. It is a rich form of evidence offering detail and opportunities seldom found elsewhere (Bejtlich, 2004). This type of capture is beneficial because there are no filters applied to the capture so everything that passes through the network is captured. A tool that was mentioned in the reading was Tcpdump. This type of capture will output the entire network traffic for a given time. By quickly looking over this, some additional information is the type of TCP connect, sequence number, and packet size. Another tool that I am familiar with is known as Wireshark. This tool is a great tool to capture full content data and mine into the individual captures to find very detailed information within the packet. Another tool that some of you may be familiar with is Snort. I began utilizing this at my previous job but we were still in the process of creating all the rules to capture and store the right type of data so I did not get to see it at full force.When we continue looking at different types of captures, a session data capture, captures the entire conversation between two network nodes. (Bejtlich, 2004) This type of capture will allow individuals to obtain the source and destination IP/, ports, protocol, and application bytes sent by the source. One open source tool that can be used to capture session data is known at Argus. Some other tools are known as Netflow, and tcptrace. This type of session focuses on who, when, how, and how much data was exchanged between the two nodes. Statistical data describes the traffic resulting from various aspect of an activity (Bejtlich, 2004). A tool that can do this captured as mentioned in the book was Capinfos packaged with Wireshark. This capture shows key aspects of stored network traffic, such as the number of bytes in the trace, amount of actual network data, start time, and end time (Bejtlich, 2004).I hope everyone is able to stay safe and healthy over the next few weeks with everything going on.ReferenceBejtlich, R. (2004). The Tao of Network Security Monitoring: Beyond intrusion detection. Boston, MA: Addison-Wesley.Koch, M. (2016, November 7). Implementing Full Packet Capture. Retrieved March 17, 2020, from https://www.sans.org/reading-room/whitepapers/fore…Student three:Well, let us first just sit down and define each of these: full content data, session data, and statistical data. First, we will start off with full content data. This is the most flexible form of network-based information (‘The Tao of Network Security Monitoring Beyond Intrusion Detection’, 2020). Full data content is the actual packets collect by storing network traffic (‘Network security monitoring using transaction data’, 2020). Second, would be session data. This is just a simple way to store data for the single user against a rare session ID. Session IDs are normally sent to the browser via session cookies and the ID is used to retrieve existing session data (‘PHP: Basic usage – Manual’, 2020). In a simpler way, it houses the conversations or flows generated from network traffic (‘Network security monitoring using transaction data’, 2020). Finally, we will come to our third data which is statistical data. This overall summaries or profiles of network traffic (‘Network security monitoring using transaction data’, 2020). There a plenty of tools and applications you can use to implement these forms of data collection or monitoring. The first tool I would like to recommend is for full content is TCPDump. What makes TCPDump a great tool is that just collects traffic without any filtering. It has also been around for a while and been tried and true. For session data I would maybe recommend Argus. It has been around since 1995 and it is great because it has the ability to summarize IP, TCP, UDP, and ICMP traffic. Finally, the last tool is for the statistical data, which I would recommend trafshow. Trafd shows statistics on data collected on an interface, in memory and can dump results periodically, and it is used in a reactive mode (Bejtlick, 2020).References:Bejtlick, R. (2020). Retrieved 17 March 2020, from https://sceweb.uhcl.edu/yang/teaching/csci5234spri…Network security monitoring using transaction data. (2020). Retrieved 17 March 2020, from https://searchitchannel.techtarget.com/tip/Network…PHP: Basic usage – Manual. (2020). Retrieved 17 March 2020, from https://www.php.net/manual/en/session.examples.bas…The Tao of Network Security Monitoring Beyond Intrusion Detection. (2020). Retrieved 17 March 2020, from https://www.oreilly.com/library/view/the-tao-of/03…
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
