Introduction To Information Security
Teacher : Mr. Timothy Tacker
Unit 5 Assignment 1 : Testing and Monitoring Security Controls April 25, 2015
Network baselining is the process of interpreting and understanding of data called baseline analysis. It allows you to discover the true performance and operation of the network. To determine whether a network could deliver a particular policy you need to measure the network’s current performance. By obtaining a baseline of system or network behavior I would need NBAD or Network Behavior Anomaly Detection. NBAD is an integral part of Network Behavior Analysis which offers security and it continuously monitoring the network for any unusual events or trends. A malicious abuse is the number one cause of today’s internet traffic. Anomalies such as worms, port scans, denial of service attacks, etc., these we could found at any time in the network traffic. These anomalies are waste network resources which can cause performance ruin of network devices and end hosts. It may lead to security issues concerning all internet users. Suppose an attacker intrudes on one of the servers. The first place to check is the Log Files for administrative issues and security activity. Log Files contains complete records of all security events, e.g. log one events, resource access, attempted violations of policy and changes in system configuration or policies. And also, Critical System events that can follow admin to quickly discover the root that causes the issue. We can also identify bad system or network activities by observing anomalies from baseline behavior or identifying certain suspicious actions. Monitoring the individual network subscribers by having NBAD or Network Behavior Anomaly Detection, this can tracks also the critical network characteristics in real time and it generates an alarm if a strange event or trend is detected that could indicate the presence of a threat. Need to consider that even legitimate