Network Traffic Analysis - Findings and Analysis

2

Student’s name:

Instructor’s name:

Date due:

Network Traffic Analysis (NTA)

NTA, simply put, implies cybersecurity monitoring the network traffic activities with the specific intentions of identifying anomalies, with major concentration on security/operational issues. Its applications include collection of real-time issues occurring in the network or analyzing previous/historical records from the traffic data packets to sniff out how hackers may attempt to invade a specific network using the various entry points in the network. As the network is continuously being used to either send or receive data packets by the various network users in the organization it needs constant monitoring by a network analyst to help provide real time protection from malware and human attacks (Fletcher et.al 2002). Most sensitive data may be included in the packets and this poses the risk of getting into the wrong hands. If such information was to be accessed by an outside party, the organization may incur losses, including financial loss, reputation decline, resource attacks and bad exposure. In order to effectively make the network foolproof, the network analyst has to be involved in the whole process of layout to functionality of the network.

Should an organization choose active monitoring or passive monitoring for their network performance strategy?

Different organizations incorporate different ways of monitoring their network. The Network traffic Analysis Project makes it possible for the project manager be able to receive the organizations network layout and how data packets get transferred over the network and identify the various vulnerable/weak points that possible attacks may come from. Once the network has been laid and running, different techniques are introduced to help analyze the network and try to cover the routes that may be considered entry points of attack and hence try to cover those routes before an attack is made (Phippen 2004).The network traffic analyst can invoke a real-time solution capable of detecting these anomalies and counter them before escalating their threats. This mode of pre-empting such malicious attacks may be achieved via undertaking two methods, passive and active analysis of a network. With the passive approach, the goal is mainly to predict where an attack may come from. This technique simply means the analyst copies captured traffic on a network, from a mirror port or tapping the network for later use and pre-empting how a hacker may use loopholes in the network to attack the organization, and then effectively coming up with solutions to combat them before they happen.

Active network analysis or synthetic network monitoring, means the analyst performs network tracking real-time for the organization and is tedious as it will require constant snooping by the organization’s network analysts. In this case, the network analyst releases test traffic into the network then observes that packet traffic flowing through the network and not taken from the actual transactions occurring on the network, but simply sent through the network to allow your monitoring solution examine it on its path. The test traffic copies the typical network traffic flowing through your system enabling the organization gain relevant insights on their network. This also allows them gauge the networks performance real-time.

Passive and Active methods both have certain network monitoring solutions tools that can come handy to enhance the analyst’s work suck as SolarWinds Network Performance Monitor, Auvik, ManageEngine among others (Lucas 2010, p76). Therefore, organizations housing sensitive information must incorporate these projects in order to secure their networks as it enables them identify the communication frequency, lack of activity in the network, how and when various members communicate, and also information flow from one person to the next another. It is important to safeguard the security of an organization.

References

Fletcher, Peter & Poon, Alex & Pearce, Ben & Comber, Peter. (2002). Practical Web Traffic Analysis. https://www.waterstones.com/book/practical-web-traffic-analysis/peter-fletcher/alex-poon/9781590592083 .

Phippen, A. (2004). An evaluative methodology for virtual communities using web analytics. Campus-wide Information Systems. https://www.emerald.com/insight/publication/issn/1065-0741/vol/31/iss/5 .

Lucas,M.(2010). Network flow analysis. No Starch Press.