Monitoring Software Continued

So to help with this end, there’s typically three types of systems that we want to look at. There is an IPS or Intrusion Prevention System. We have IDS, Intrusion Detection System , and MDM, Mobile Device Management. Now, we’ll typically want to look at at least one of these or maybe all of them or a couple of these. These are systems that are going to help us protect our network, get better insight, and be able to act quickly. Now in terms of IPSs, there’s various IPSs out there. Some of the big ones are McAfee Network Security Platform. We also have Cisco NGIPS or Next-Generation Intrusion Prevention System. Now, these could be software-based. They could be cloud-based.

They could be a hardware system that we house in our network. And typically, these work as the name implies. They try to prevent intruders from getting on your network. And in order to do this, they will typically have some sort of threat protection. It could be something like antivirus running on their system. They will typically have sandboxing, so if an intruder tries to do something on the network, trying to deploy a virus, they’ll try to sandbox it. It alerts, it’ll alert you when something suspicious is happening. It may have a honeypot. It may have set up a fake server, fake files, or section where it’s going to entice a malicious hacker to go there.

And it’ll either tie him up, or it’ll try to trap him there. Also, these systems will typically have some sort of traffic sniffing. And traffic sniffing meaning that traffic coming in, it will try to identify that traffic. Even if it’s an encrypted traffic, it’ll try to unencrypt it to find out what that particular traffic is up to. And it works both ways. Traffic going out, typically it’ll analyse that traffic and make sure that it’s something safe. It’s doing what it should be doing. We also have IDSs. And some IDS examples are Security Onion. That’s an open-source software they can run. You could set up a virtual machine. And you can do quite a bit of tools with that.

We also have Snort, which we’ll be talking more at length later. And we have Alien Vault. It’s another popular programme for intrusion detection systems. And as the name implies, it’s designed to detect intruders. It’s designed to look for anomalies in our network. We could set certain thresholds that, if anything communicates with the server, let me know. If you see unusual traffic, let me know. If you see anything outside this IP range, let me know things of that nature. And again, it’s going to have the various log files. So we can quickly go through and search these logs and whatnot.

And we have MDMs. MDM standing for Mobile Device Managers. Now, as the name implies, it handles mobile devices, phones, tablets, laptops, things of that nature. Now mobile device managers are very important to especially things like bring your own device networks. We need to have insight into those devices. Now, the first one, Cisco Meraki, we’ll be talking about that at length in a later video. There’s also Microsoft Intune and jamf. Now typically, with MDM software, it allows us to have version control. We could say, if this mobile device is going to be on our network, it needs to have an antivirus installed. If it doesn’t have antivirus installed and it’s not up to date, you cannot connect to this network.

We could also typically do things like find devices. So if a device goes missing or is stolen, I could typically do a geolocation to find out where that device is. I can make sure that the device is compliant. That it’s up to a certain firmware update, for example, that it doesn’t have certain software installed. That it does have certain software installed if I wanted to push software to these devices, send updates to the devices, things of that nature. Again, it’s a mobile device manager. It manages mobile devices. And this is another way that we can help protect our network.

Again, especially in things like a BYOD or Bring Your Own Device, which is becoming more and more popular because it helps cut down hardware costs obviously, for wherever you’re working for. They don’t have to provide a phone for you, for example. They don’t have to find a laptop. You bring your own device. However, that brings a whole slew of other issues. Again, making sure that the devices are compliant. If you bring your laptop from home, you could have a virus on there or no antivirus. Or you could bring a phone in, and it could be jailbroken and have all sorts of issues. That’s why MDMs come in really handy.

Now IPSs, IDSs, MDMs, these all give us quick insight and awareness into what’s going on in our network, which is going to be important because we need to be able to identify this information. We need to be able to catch these intruders as they happen, or at least very quickly. If they’re able to leave, we need to know right away that something happened, something suspicious happened, and where. So to recap, an IPS intrusion prevention system will typically filter by rules sandboxing in traffic sniffing. We have MDMs, mobile device managers. It’s going to control your mobile devices, laptops, phones, tablets et cetera, and it’s also going to have a set of rules and monitoring. We also have IDSs, intrusion detection systems.

These will typically scan your network, look for unusual activities and traffic, sniffing, and of course, we need insight. All these solutions help provide quick insight into our network, and our devices, which is going to be critical in order to maintain our day to day operations.

So in the next video, we’re going to be taking a look at Snort IDS. Thank you for watching. I’ll see you in the next video.