Drowning in Data: Network Devices Gather Volumes of Information about Malicious Users. Finding Patterns within That Data Is the Job of Information Management Software. (Computer Security)

By Mychalczuk, Michael | Security Management, November 2002 | Go to article overview

Drowning in Data: Network Devices Gather Volumes of Information about Malicious Users. Finding Patterns within That Data Is the Job of Information Management Software. (Computer Security)


Mychalczuk, Michael, Security Management


DANA RACINE KNOWS FIRSTHAND the difficulty of overseeing a gargantuan computer network. The senior network engineer at the Office of Consumer Affairs and Business Regulation with the Commonwealth of Massachusetts, Racine administers a network of about 1,200 different devices spread across 10 sites. These devices include about 55 servers, more than two dozen routers, some 30 switches, and more than a thousand PCs. Protecting this network are a multitude of other devices, including Cisco routers and PIX firewalls, Checkpoint firewalls, and antivirus solutions. Some of the remote PCs that connect to the network through a virtual private network, or VPN, have personal firewalls installed. All of these devices are logging data that could be critical in detecting intrusions. But making sense of that mass of data, and looking for significant patterns that could indicate security problems, presents a daunting challenge for any large company.

Border control. Protecting a computer network is the corporate version of homeland security Potential visitors in the form of data packets line up at the border--most are innocuous, but some harbor malicious intent. Firewalls and routers act as immigration inspectors, checking the credentials of these visitors and turning away those who are unauthorized. But faced with limited resources, these inspectors cannot identify every visitor with malicious intent; spending too much time on each inspection means the line at the border crossing will grow intolerably long.

So when visitors who want to do harm manage to make it across the border, it's up to intelligence agents to carefully collect all available information from across the network and send it to a central location, where it can be correlated and analyzed to help locate and neutralize these malicious visitors before they carry out their destructive acts. However, just as this poses challenges in the physical world of espionage and terrorism, it raises problems in the virtual world.

The data challenge. Intrusion detection sensors and gateway firewalls are the primary intelligence agents collecting information about network security, but not the only ones. As seen in the previous example, many organizations also install personal firewalls on individual computers to protect workstations. These software protectors compile information about the data traffic in and out of each workstation. Antivirus products and vulnerability assessment products, as well as hardware such as routers and switches, also collect data that can be useful in finding and stopping network attacks.

The variety of products sending data for analysis creates numerous challenges for network security administrators. For example, each device has its own administrative tools, and each sends data using different transport mechanisms or protocols. Also, these devices generate a tremendous amount of data. It is, therefore, no longer feasible for a manager to manually go through the logs generated by these devices to interpret and analyze the data. What's more, this data is not simple to understand; for example, each entry from a firewall log includes a wealth of data including the source and destination IP (Internet protocol) addresses, as well as the port that the information came in through. Even if an administrator had time to go through each one of these log entries, finding a suspicious pattern or event would be almost impossible.

SIM solutions. Security information management (SIM) systems offer companies one possible way to deal with a deluge of data. These products are available from a range of vendors (including the author's company). They run on different operating systems, offer various types of analyses, and work with different network types.

The downside is that these products can be expensive; depending on the size of the network, some can cost from $500,000 to more than $1 million.

The rest of this article is only available to active members of Questia

Sign up now for a free, 1-day trial and receive full access to:

  • Questia's entire collection
  • Automatic bibliography creation
  • More helpful research tools like notes, citations, and highlights
  • Ad-free environment

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Drowning in Data: Network Devices Gather Volumes of Information about Malicious Users. Finding Patterns within That Data Is the Job of Information Management Software. (Computer Security)
Settings

Settings

Typeface
Text size Smaller Larger
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Full screen

matching results for page

Cited passage

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited passage

Welcome to the new Questia Reader

The Questia Reader has been updated to provide you with an even better online reading experience.  It is now 100% Responsive, which means you can read our books and articles on any sized device you wish.  All of your favorite tools like notes, highlights, and citations are still here, but the way you select text has been updated to be easier to use, especially on touchscreen devices.  Here's how:

1. Click or tap the first word you want to select.
2. Click or tap the last word you want to select.

OK, got it!

Thanks for trying Questia!

Please continue trying out our research tools, but please note, full functionality is available only to our active members.

Your work will be lost once you leave this Web page.

For full access in an ad-free environment, sign up now for a FREE, 1-day trial.

Already a member? Log in now.