What is Network Security?
Network security is a wide term that covers a multitude of technologies, devices and processes. It is a set of rules and configurations designed to protect the integrity, confidentiality and accessibility of computer networks and data using both software and hardware technologies.
Network security consists of main 3 factors:
- Protection: Configure your systems and networks as correctly as possible
- Detection: Identify when the configuration has changed or when some network traffic indicates a problem
- Reaction: After identifying problems quickly, how to respond them and return to a safe state as rapidly as possible
What is Network Security Monitoring?
Network Security Monitoring is based upon the collection of data to perform detection and analysis. Security monitoring is predicated on audit logs, network security monitoring (using traffic inspection such as snort, and so on), and environmental data. That collection of a large amount of data transferred to SOC and have ability to generate statistical data from existing data, and that these statistics can be used for detection and analysis.
Top 5 tools for Network Security Monitoring
Argus stands for Audit Record Generation and Utilization System. Argus is a system and network monitoring application. It will monitor nearly anything you ask it to monitor
(TCP + UDP applications, IP connectivity, SNMP OIDS, Programs, Databases, etc). It presents a nice clean, easy to view web interface and send alerts numerous ways
Website Link: http://argus.tcp4me.com/
P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP). It can be used to identify the operating system of any host with which it interacts. P0f is light, fast, and clean-running.
Website Link: http://lcamtuf.coredump.cx/p0f3/
Nagios, now known as Nagios Core, is a free and open-source computer-software application that monitors systems, networks and infrastructure. Nagios offers monitoring and alerting services for servers, switches, applications and services. Nagios monitors hosts, systems, and networks, delivering alerts in real-time. The program can monitor network services, including HTTP, NNTP, ICMP, POP3, and SMTP, among others.
Website Link: https://www.nagios.org/
Splunk captures, indexes, and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards, and visualizations. Splunk is a fast and versatile network monitoring tool. Splunk is a horizontal technology used for application management, security and compliance, as well as business and web analytics
Website Link: https://www.splunk.com/
OSSEC is a free, open-source host-based intrusion detection system. It performs Windows registry monitoring, log analysis, rootkit detection, time-based alerting, integrity checking and active response. It can be configured to be constantly monitoring all possible sources of entry and access, including files, rootkits, logs, registries, and processes. It is also available for a variety of platforms, such as Linux, Windows, Mac, BSD, and VMWare ESX.
Website Link: https://www.ossec.net/