As part of my current education, i have to specialise and gain more knowledge in my AP degree field, which is IT Networking with everything related – IT security, python programming, php programming, linux etc.
My subject is – Network monitoring solution for small/medium size companies.
Reason of choosing – an increase in hack attempts targeted on small/medium size company networks all over the world (see links below)
Fields and sub-fields – IT security, IT Networking, IDS/IPS, open-source security tools
System overview – the monitoring server will be running an open-source IDS software which will be configured so that it will display statistics that will make the customer understand what is happening and will make me get a deeper insight of the network.
Initial ideas for what i and my client might be interested to see in the report:
- traffic type splitted nicely into non-technical areas (web browsing instead of HTTP for instance)
- peak activity charts (with logs on peak moments and low moments)
- top 100 accesed IPs/websites (where somebody from the inside starts the TCP handshake)
- top 100 IPs/websites/services accessing the network (where the outside source is initiating the handshake)
- individual PC statistics (traffic split into types and employee PCs)
- abnormal activties (this one is the tricky part – a chart displaying abnormal activity such as port scans and invalid packets ; a heuristic approach if you may)
Interesting link and resources that i found and i will use:
- Wiley Publishing – Snort For Dummies 
- Snort Cookbook – Solutions and Examples for Snort Administrators – O’Reily
- Snort Intrusion Detection and Prevention Toolkit – Jay Beale’s Open Source Security Series
- Intrusion detection systems with Snort
Various security reports that lead to my decision to choose this subject:
This is part of a series of blogposts that serve as my weekly log for my professional special subject project. It has documentation purposes and it is a nice way to present your work to the teachers. For further information about my work and what i’ve learned and did follow the inbound/outbound links within these posts.