Thursday, October 27, 2005

New (IN)SECURE Magazine Features Bejtlich Article

The latest (IN)SECURE magazine was just published. Issue 1.4 features a 7-page article on Structured Traffic Analysis, a methodology to investigate network traces I developed for my Network Security Operations class.

It uses open source tools to perform zero-knowledge analysis of saved traffic. After reading this article, you may share the sentiments of a student in one of my recent classes who said "I’m embarrassed I ever used Ethereal to start network analysis!"

4 comments:

John Ward said...

Awsome article Rich. This expands on the topics and tools you discuss in your NSM book. Statistical data is always something I tend to overlook and go straight for the content data, but as you point out in NSM, you don't always have content data available. But great article, I will have to try out Argus.

Jason Huggett said...

Very good article, can't wait to test out this method in a live scenario.

Although, you have to tell me what kind of compression tool you were using to fit a 2GB capture file on to a CD! ; )

Richard Bejtlich said...

Urgh, that should have been a DVD. Oh well!

John Ward said...

I thought it was compressed. I routinely get database archives that are pretty large (in the excess of 20 - 40 Gb) that are compressed to less than a gig. I didn’t really question it...