|
Network Security
| ||
|
Network Security
| ||
| My NetSec history | Comments About Network Security |
About 14 years ago I worked in a network security department and really learned a lot about it. I have been practicing what I preach and doing this on my own network here at home. So I will pass on my own history and some ideas about what I think is important and why.
In addition to the Comments and Ideas page, I built and run my own Intrusion Detection System (IDS) I could be running Snort (Knowledge based IDS) but I enjoy looking at the traffic and figuring out what these guys are up to, so I use a Behavior based system like Shadow from Naval Surface Warfare Center. In addition to IDS, I have a really stout firewall which I configure with a firewall control language (of my own), and have various scripts which scan the mail, hypertext, and message logs then display there results on web pages. All these tools help me watch my network 24 hours a day without having to camp at my terminal all the time.
The scan routines look for anomolies and higlight them in their output. Things like failed login attempts and attempts to access invalid web URLs, or posting via the web server. The IDS not only displays all network traffic but also looks for folks trying to do things I don't allow, like login to FTP or Telnet services. The sendmail log also shows all manner of attempts to deliver SPAM to our site. Most of these failed attemps result in total blockage of the source network from all access to our systems.