Professional Special Subject – w1 log

As part of my current education, i have to specialise and gain more knowledge in my AP degree field, which is IT Networking with everything related – IT security, python programming, php programming, linux etc.

My subject is – Network monitoring solution for small/medium size companies.

Reason of choosing – an increase in hack attempts targeted on small/medium size company networks all over the world (see links below)

Fields and sub-fields  – IT security, IT Networking, IDS/IPS, open-source security tools

System overview – the monitoring server will be running an open-source IDS software which will be configured so that it will display statistics that will make the customer understand what is happening and will make me get a deeper insight of the network.

ids placement

Initial ideas for what i and my client might be interested to see in the report:

  • traffic type splitted nicely into non-technical areas (web browsing instead of HTTP for instance)
  • peak activity charts (with logs on peak moments and low moments)
  • top 100 accesed IPs/websites (where somebody from the inside starts the TCP handshake)
  • top 100 IPs/websites/services accessing the network (where the outside source is initiating the handshake)
  • individual PC statistics (traffic split into types and employee PCs)
  • abnormal activties (this one is the tricky part – a chart displaying abnormal activity such as port scans and invalid packets ; a heuristic approach if you may)

Interesting link and resources that i found and i will use:

Various security reports that lead to my decision to choose this subject:

This is part of a series of blogposts that serve as my weekly log for my professional special subject project. It has documentation purposes and it is a nice way to present your work to the teachers. For further information about my work and what i’ve learned and did follow the inbound/outbound links within these posts.