< Day Day Up > in VS .NET

Generating Denso QR Bar Code in VS .NET < Day Day Up >
< Day Day Up >
QR Code 2d Barcode Creator In .NET Framework
Using Barcode creation for Visual Studio .NET Control to generate, create QR Code ISO/IEC18004 image in .NET applications.
ABC Amber CHM Converter Trial version, http://wwwprocesstextcom/abcchmhtml
Decode QR In Visual Studio .NET
Using Barcode recognizer for .NET Control to read, scan read, scan image in Visual Studio .NET applications.
< Day Day Up >
Bar Code Maker In .NET Framework
Using Barcode creation for Visual Studio .NET Control to generate, create barcode image in VS .NET applications.
3 Deployment Considerations
Bar Code Recognizer In .NET Framework
Using Barcode scanner for VS .NET Control to read, scan read, scan image in VS .NET applications.
This chapter lays the foundation for Part II, where I discuss NSM products A product is worthless unless it can see packets Before analysts investigate events, security engineers must devise a way to access network traffic, and system administrators must install hardware and software to support NSM applications Network administrators must ensure that NSM platforms are remotely accessible Before solving any of these problems, however, it's appropriate to consider the threat model that drives product deployment choices
QR Code JIS X 0510 Maker In Visual C#.NET
Using Barcode encoder for Visual Studio .NET Control to generate, create QR image in .NET framework applications.
< Day Day Up >
Making QR Code JIS X 0510 In Visual Studio .NET
Using Barcode encoder for ASP.NET Control to generate, create Denso QR Bar Code image in ASP.NET applications.
ABC Amber CHM Converter Trial version, http://wwwprocesstextcom/abcchmhtml
QR-Code Creator In VB.NET
Using Barcode generation for .NET framework Control to generate, create QR Code ISO/IEC18004 image in Visual Studio .NET applications.
< Day Day Up >
Print Bar Code In .NET
Using Barcode drawer for Visual Studio .NET Control to generate, create bar code image in Visual Studio .NET applications.
ABC Amber CHM Converter Trial version, http://wwwprocesstextcom/abcchmhtml
Create ANSI/AIM Code 39 In .NET Framework
Using Barcode encoder for .NET framework Control to generate, create Code39 image in .NET applications.
Threat Models and Monitoring Zones
Paint USS Code 128 In .NET
Using Barcode generator for .NET Control to generate, create Code-128 image in VS .NET applications.
The threat model represents the threats for which the NSM solution is engineered and the assets it is supposed to monitor A threat model is an expression of expectations It is the security engineer's best guess as to the nature of an attacker and the characteristics of his or her potential victims Before watching network traffic, security staff must decide what assets should be monitored and who is most likely to attack those assets Attackers can be grouped into four classes: 1 2 3 4 External attackers who launch intrusions from the Internet (class 1) External attackers who launch intrusions from wireless segments (class 2) Internal attackers who launch intrusions from wired local area networks (class 3) Internal attackers who launch intrusions from wireless segments (class 4)
EAN128 Creator In .NET
Using Barcode printer for Visual Studio .NET Control to generate, create USS-128 image in .NET applications.
The ability to see the victims of each sort of attack drives the deployment of monitoring platforms, also known as sensors A sensor is a device that collects and analyzes network traffic for the purpose of identifying suspicious events Consider the sample network shown in Figure 31 This network displays many of the components found in a typical small to medium-sized organization As this book is not about network design, I will use this network to illustrate sensor deployment choices and not network architecture strategies Note that some organizations may operate an internal router, and some may combine the roles of firewall and external switch
Create Universal Product Code Version E In .NET
Using Barcode generator for Visual Studio .NET Control to generate, create UPC - E1 image in .NET framework applications.
Figure 31 Sample network
ECC200 Printer In C#.NET
Using Barcode printer for Visual Studio .NET Control to generate, create Data Matrix 2d barcode image in .NET applications.
This network consists of four monitoring zones Monitoring zones are locations where the
Bar Code Recognizer In .NET Framework
Using Barcode scanner for VS .NET Control to read, scan read, scan image in VS .NET applications.
ABC Amber CHM Converter Trial version, http://wwwprocesstextcom/abcchmhtml
Code 128 Code Set B Creation In Java
Using Barcode printer for Java Control to generate, create Code 128C image in Java applications.
< Day Day Up >
Encode ANSI/AIM Code 39 In C#
Using Barcode creator for .NET Control to generate, create ANSI/AIM Code 39 image in .NET framework applications.
ABC Amber CHM Converter Trial version, http://wwwprocesstextcom/abcchmhtml
DataMatrix Printer In .NET
Using Barcode creation for ASP.NET Control to generate, create Data Matrix image in ASP.NET applications.
< Day Day Up >
Encoding Bar Code In Visual Studio .NET
Using Barcode printer for ASP.NET Control to generate, create bar code image in ASP.NET applications.
ABC Amber CHM Converter Trial version, http://wwwprocesstextcom/abcchmhtml
UCC - 12 Recognizer In VS .NET
Using Barcode scanner for VS .NET Control to read, scan read, scan image in VS .NET applications.
Accessing Traffic in Each Zone
Generate Barcode In Visual Basic .NET
Using Barcode creator for .NET Control to generate, create barcode image in .NET applications.
With an understanding of the four zones, we can turn to technical means to access the traffic in each network location Access in this case means having visibility to packets NSM is a monitoring solution, not an access control solution This means that NSM products are used to perform audit functions NSM devices do not try to impede or interfere with traffic flow Access control is best accomplished using a firewall or filtering router Therefore, the methods to access traffic presented in this chapter do not take into account any need for the sensor to inject traffic into its monitoring environment Although it is possible to deploy sensors that can take reactive steps to respond to malicious traffic, the focus of this chapter and book is on passive monitoring Sensor interfaces used to watch traffic listen silently in promiscuous mode and are incapable of transmitting out of the monitoring interface Configuring a silent network interface on a UNIX system is easy; simply specify the arp option using ifconfig Should the interface need to later transmit traffic, it can be brought up without the arp option In Figure 32 the sample network presented earlier in Figure 31 has been augmented by devices in position to see traffic in various monitoring zones
Figure 32 Sample network with monitoring devices
[View full size image]
The figure shows multiple ways to collect traffic Not all of them need to be employed simultaneously Often only a few are required to gain the visibility an analyst needs to detect and validate intrusions Here are the four major ways traffic can be collected from wired
ABC Amber CHM Converter Trial version, http://wwwprocesstextcom/abcchmhtml
< Day Day Up >
ABC Amber CHM Converter Trial version, http://wwwprocesstextcom/abcchmhtml
< Day Day Up >
ABC Amber CHM Converter Trial version, http://wwwprocesstextcom/abcchmhtml
Wireless Monitoring
How can you handle wireless networks The answer lies in the security engineer's conception of the threat model Let's consider the simplest scenario first If the engineer is most worried about attacks from wireless clients (attackers from classes 2 or 4) against the intranet, the DMZ, or even the perimeter, he or she should place a sensor between the firewall and the wireless access point (WAP) This vantage point will let analysts see all attacks initiated by wireless zone hosts against any other systems in any other zones Monitoring in this location is analogous to placing a sensor in the perimeter Both the perimeter and the wireless zone are locations where external attackers can launch assaults against an organization Monitoring here, as shown earlier in Figure 32, can be accomplished by using hubs, taps, switch SPAN ports, or inline devices If the engineer wants to watch attacks by wireless clients against each other, he or she must consider another approach When a wireless network operates in infrastructure mode, all traffic is passed through the WAP A conversation strictly between two wireless clients is relayed by the WAP (Wireless clients operating in ad hoc mode do not need a WAP, so the WAP will not see their traffic) Unfortunately for NSM analysts, WAPs do not provide easy access to copies of all the traffic they pass There is no wireless "SPAN port" that can mirror all wireless traffic Wireless traffic, by nature of its radio frequency propagation, is transmitted through a shared medium A wireless NIC in promiscuous mode can see all wireless conversations, assuming all clients are within its field of view (Wireless clients may suffer the "hidden terminal" problem, where due to positioning each client can see the WAP but not the other clients To ensure a promiscuous wireless NIC sees everything the WAP sees, locate it a short distance from the WAP) The sample diagram in Figure 32 shows a wireless platform, a system equipped with a wireless NIC in promiscuous mode This sensor can see all traffic in the wireless zone It will see attacks by hostile external wireless clients (like the guy parked in a van down by the river) against wireless clients deployed by your enterprise
[20] [20]