Академический Документы
Профессиональный Документы
Культура Документы
Capella University
Abstract
When network system security administrator is able to recognize cyberattack from another
by classification of network system attacks which goes a long way to help administrators in
detecting new ways of cyber attacks. Since there is a connection from inbound and outbound the
network system since attackers every day are looking for weakness and flaws in a network system
to exploit by intercepting the network system traffic packets to steal any sensitive information and
This paper describes the “log files which are used as part of the investigation at a specific
international organization. Discussing the paper will examine the will be ways into data streams
which are gathered and brought forth by various log files in an international organization. The
paper will review the tension that comes in between the gathering of data from network system
security devices and how the negatively affects the network system traffic bandwidth and network
Table of Content
Cover Page,
Abstract.
Table of Content.
Introduction/ Body
Conclusion
References
NETWORK TRAFFIC DATA COLLECTION AND ANALYSIS 4
Microsoft Word
Document
Introduction
The network monitoring and examination is a demanding task for administrators to keep
up in making sure the network system is well grounded in its operations and if it had downtime of
the network system, administrators have put in all they can to make sure that network system
services are still functioning even though they try work on the network system throughput while
is compromised. The network system administrators must supervisor and watch over network
system traffic, services performance going on the network system while dealing with cyber attacks
not to affecting the network system. In their methodologies of monitoring the network system, the
administrators use the collection phase in the examination, documentation, analysis, and
identification of data that is generated in their network system (Phillip, 2016, p 7-9).
There generated data or information from the within organization network system from the
volatile and non-volatile information. This volatile information from the network system is the
present data in and wipe away when it is powered off on the network system devices such as cache,
registry. The non-volatile information from the network system which is still in the network system
whether there is power or not such as files on system hard drive in which investigators can
NETWORK TRAFFIC DATA COLLECTION AND ANALYSIS 5
discovery in their investigation from a remote location or onsite location, not like volatile data
which has short-lived in the computer network system. Which means that any devices or computer
network system which is under investigation don’t have to be power down for volatile data files
which needs to gather for investigation the organization. For a non-volatile data file, they can be
gathered and capture for entire system image at the time of investigation be it online or offline
computer network system. In a gathering of the data files for investigation, these data files are
collected such as the log files, system application logs, system database logs, system OS activities
There is also a chain of custody documentation done to preserve the integrity of the
gathered evidence during the investigation process leading to the investigation report. There is also
a collection of evidence from computer network system storage drives from the deleted files,
copied files, to the system image, the hash values are collected and documented for any system
Integration of data streams which gathered and collected such as the machine collected log
files is the foundation of big data matter, it comes from the data files collected from the network
system nodes, system layers, system components from the organization network system connected
devices and system endpoints of IOT. Since the logs files are foundational data that are gathered
from for the organization enterprise system applications and devices for organization transactions,
From the hands-on log files examination, there are vulnerabilities database catalog systems
which are provided by the National Vulnerability Database, Computer Emergency Response Team
of U.S., OWASP top 10 vulnerabilities list and other open source database system. Also, the
NETWORK TRAFFIC DATA COLLECTION AND ANALYSIS 6
tension that is between the various network security devices when gather data which negatively
affects network performances such as when you have intrusion detection system and intrusion
prevention system working at the same network system segment parameter defense it has affects
the network system performances by the audit types services they function in the self-audit service
and automated independent audit. Also, their automated services functions can affect network
performance in its demands for bandwidth and network system response time. If you configured
wrong for various network system security controls to run on automation in the passive or active
model without further system checks and risk assessment (Phillip, 2016, p 15-19).
Also, the various network system devices when configuring for different network system
protocol management needs further monitoring which should be defined in the organization
information system security policy program for the change management, patching management of
application by network system security. Since the behavior-based IDS/IPS are configured to run
on the host devices if properly monitors and prevent any associated attack packets.
NETWORK TRAFFIC DATA COLLECTION AND ANALYSIS 7
References
Capella University, 2019, Courseroom, unit 5, Network Traffic Data Collection and analysis, Date
retrieved 02/5/2019,
https://courserooma.capella.edu/webapps/blackboard/content/listContent.jsp?course_id=_162482
_1&content_id=_7268977_1&mode=reset
Phillip Bosco (2016) Intrusion Detection and Prevention Systems Cheat Sheet: Choosing the
room/whitepapers/intrusion/intrusion-detection-prevention-systems-cheat-sheet-
choosing-solution-common-misconfigurations-evasion-techniques-recommendations-
36677
Lee, W., S. Stolfo, and K. Mok, (1999) Mining in a Data-Flow Environment: Eperience in
Jay Kreps, (2016), O’REILLY, Logs and real-time stream processing, Date retrieved 02/5/2019,
https://www.oreilly.com/ideas/i-heart-logs-realtime-stream-processing
http://dsd.lbl.gov/Net-Mon/SCNM-proposal.pdf,
NETWORK TRAFFIC DATA COLLECTION AND ANALYSIS 8
NETWORK TRAFFIC DATA COLLECTION AND ANALYSIS 9