NETWORK TRAFFIC DATA COLLECTION AND ANALYSIS 1

Network Traffic Data Collection and Analysis

Capella University

IAS5220 – Network Security Controls and Testing.

Feb 06, 2019

NETWORK TRAFFIC DATA COLLECTION AND ANALYSIS 2

Abstract

When network system security administrator is able to recognize cyberattack from another

by classification of network system attacks which goes a long way to help administrators in

detecting new ways of cyber attacks. Since there is a connection from inbound and outbound the

network system since attackers every day are looking for weakness and flaws in a network system

to exploit by intercepting the network system traffic packets to steal any sensitive information and

affecting the network system performance by malicious code.

This paper describes the “log files which are used as part of the investigation at a specific

international organization. Discussing the paper will examine the will be ways into data streams

which are gathered and brought forth by various log files in an international organization. The

paper will review the tension that comes in between the gathering of data from network system

security devices and how the negatively affects the network system traffic bandwidth and network

response time” (Capella, 2019, 19-21).

Keywords: network response time, bandwidth, log files, data streams

NETWORK TRAFFIC DATA COLLECTION AND ANALYSIS 3

Table of Content

 Cover Page,

 Abstract.

 Table of Content.

 Introduction/ Body

 Conclusion

 References
NETWORK TRAFFIC DATA COLLECTION AND ANALYSIS 4

Unit 5 Toolwire Lab 2

Microsoft Word
Document

Introduction

The network monitoring and examination is a demanding task for administrators to keep

up in making sure the network system is well grounded in its operations and if it had downtime of

the network system, administrators have put in all they can to make sure that network system

services are still functioning even though they try work on the network system throughput while

is compromised. The network system administrators must supervisor and watch over network

system traffic, services performance going on the network system while dealing with cyber attacks

not to affecting the network system. In their methodologies of monitoring the network system, the

administrators use the collection phase in the examination, documentation, analysis, and

identification of data that is generated in their network system (Phillip, 2016, p 7-9).

There generated data or information from the within organization network system from the

volatile and non-volatile information. This volatile information from the network system is the

present data in and wipe away when it is powered off on the network system devices such as cache,

registry. The non-volatile information from the network system which is still in the network system

whether there is power or not such as files on system hard drive in which investigators can
NETWORK TRAFFIC DATA COLLECTION AND ANALYSIS 5

discovery in their investigation from a remote location or onsite location, not like volatile data

which has short-lived in the computer network system. Which means that any devices or computer

network system which is under investigation don’t have to be power down for volatile data files

which needs to gather for investigation the organization. For a non-volatile data file, they can be

gathered and capture for entire system image at the time of investigation be it online or offline

computer network system. In a gathering of the data files for investigation, these data files are

collected such as the log files, system application logs, system database logs, system OS activities

logs, system intrusion detection logs (Jay, 2016, para 6-11).

There is also a chain of custody documentation done to preserve the integrity of the

gathered evidence during the investigation process leading to the investigation report. There is also

a collection of evidence from computer network system storage drives from the deleted files,

copied files, to the system image, the hash values are collected and documented for any system

changes by further digital forensic investigation (Tierney, 2004, p 8-13).

Integration of data streams which gathered and collected such as the machine collected log

files is the foundation of big data matter, it comes from the data files collected from the network

system nodes, system layers, system components from the organization network system connected

devices and system endpoints of IOT. Since the logs files are foundational data that are gathered

from for the organization enterprise system applications and devices for organization transactions,

system security controls, regulatory compliance, system maintenances, system debugging

(Tierney, 2004, p 14-17).

From the hands-on log files examination, there are vulnerabilities database catalog systems

which are provided by the National Vulnerability Database, Computer Emergency Response Team

of U.S., OWASP top 10 vulnerabilities list and other open source database system. Also, the
NETWORK TRAFFIC DATA COLLECTION AND ANALYSIS 6

tension that is between the various network security devices when gather data which negatively

affects network performances such as when you have intrusion detection system and intrusion

prevention system working at the same network system segment parameter defense it has affects

the network system performances by the audit types services they function in the self-audit service

and automated independent audit. Also, their automated services functions can affect network

performance in its demands for bandwidth and network system response time. If you configured

wrong for various network system security controls to run on automation in the passive or active

model without further system checks and risk assessment (Phillip, 2016, p 15-19).

Also, the various network system devices when configuring for different network system

protocol management needs further monitoring which should be defined in the organization

information system security policy program for the change management, patching management of

application by network system security. Since the behavior-based IDS/IPS are configured to run

on the host devices if properly monitors and prevent any associated attack packets.
NETWORK TRAFFIC DATA COLLECTION AND ANALYSIS 7

References

Capella University, 2019, Courseroom, unit 5, Network Traffic Data Collection and analysis, Date

retrieved 02/5/2019,

https://courserooma.capella.edu/webapps/blackboard/content/listContent.jsp?course_id=_162482

_1&content_id=_7268977_1&mode=reset

Phillip Bosco (2016) Intrusion Detection and Prevention Systems Cheat Sheet: Choosing the

Best Solution, Common Misconfigurations, Evasion Techniques, and Recommendations.

Date retrieved 02/06/2019, https://www.sans.org/reading-

room/whitepapers/intrusion/intrusion-detection-prevention-systems-cheat-sheet-

choosing-solution-common-misconfigurations-evasion-techniques-recommendations-

36677

Lee, W., S. Stolfo, and K. Mok, (1999) Mining in a Data-Flow Environment: Eperience in

Network Intrusion Detection. In Proceedings of the 5th ACM SIGKDD.

Jay Kreps, (2016), O’REILLY, Logs and real-time stream processing, Date retrieved 02/5/2019,

https://www.oreilly.com/ideas/i-heart-logs-realtime-stream-processing

Tierney, Brian L, (2004) "Self-Configuring Network Monitor A High-Performance Network

Engineering Proposal: Network Measurement and Analysis", For the period

http://dsd.lbl.gov/Net-Mon/SCNM-proposal.pdf,
NETWORK TRAFFIC DATA COLLECTION AND ANALYSIS 8
NETWORK TRAFFIC DATA COLLECTION AND ANALYSIS 9