Net Mon Overview Network Security

Net Mon Overview

Network Security Monitoring: Course Overview and Reflections

The term "network security monitoring" can sound daunting and dry even to someone that is already somewhat aware of the technical aspects of the field and its importance. While network security is of vital importance to many organizations and entities involved in all manner of activities around the world, monitoring the traffic over these networks for the potentiality of security risks can, to those uninitiated in the intricacies and uncertainties of the practice, seem like a boring crossover between data processing and air traffic control. This course and the readings and exercises of which it is partially comprised made it very clear that network security monitoring is almost as much an art form as it is a science, with constantly evolving needs and mechanisms that make the task and profession not simply more interesting than the title seems to initially imply, but a truly exciting and cutting-edge occupation with growing potentials and ever-increasing future demands.

Summary of Experience

My experience throughout this course has been both edifying and exhilarating, as I have not only gained a great deal of knowledge about many of the generalities and the specifics of network security monitoring but have also come to better appreciate the context (and contexts) in which network security monitoring takes place and the manner in which all of the mechanisms and impacts of this monitoring come together. While many of the basic underpinnings of network technology and security were already familiar to me, I quickly learned how much I had yet to become acquainted with, and this course was excellent in delivering the depth and the breadth of information necessary to provide a truly adequate foundation for building knowledge in the network security field. The information was also delivered at an effective pace, and while I did not ever feel overwhelmed or in over my head, I also did not feel bored or that the material was overly repetitive, and this made it much easier to absorb the information presented and to appreciate for what it was worth and how it all fit together. Overall, I feel that I not only gained the necessary foundational knowledge in this area, but that I also became equipped to ask better questions and seek out better avenues of information and learning in the further pursuit of my education and my eventual career.

As far as the specifics of the information that I obtained from the course, the number of different issues and perspectives that exist in the broader arena of network security monitoring was surprising and revealing. The discipline is far more complex and involved than an initial glance might suggest, and the course covered many areas of the filed that I would never have imagined might exist, and thus could never have effectively sought information about on my own. One of the most significant issues I (and I think anyone) have faced in expanding my technical and area-specific knowledge is in ascertaining enough of the functional basics to be able to ask meaningful questions and knowingly pursue further information, and again this course has been excellent in bringing this about. From user issues to different types of attacks and threats to the many different means of responding to observed issues, this course has touched on a large number of the many facets in network security monitoring and thus has empowered me in being able to seek my own answers, as well.

Class Exercises and Readings

One of the major reasons the field of network security monitoring can seem so off-putting is the arcane and aloof nature of the highly technical topics and discussions that make up the world of network security and network security monitoring. Because this is a knowledge area that many people benefit from even if they are all but entirely unaware of its existence, it (along with many other areas of technological knowledge/computer science) can seem especially shrouded in mystery and especially difficult to learn about and practice. The course readings were very beneficial when it came to correcting this impression and helping to establish a certain demystification of the field as a whole while also easing into some of the more "mystical" intricacies themselves. In this, Richard Bejtlich's (2004) book the Tao of Network Security Monitoring: Beyond Intrusion Detection was an invaluable resource, breaking down highly technical and complex issues into easy-to-follow language that also did not condescend or talk down to the reader. Bejtlich's insights and outlooks when it comes to many different areas of network security monitoring really helped to provide the necessary context for understanding the material, mechanisms, and processes of the field.

There were other readings assigned in the course that were useful, too, of course, and many other sources encountered during the various exercises and research/written work required for the completion of the course that were also beneficial in identifying and illuminating many of the specific areas of concern and of growing knowledge and interest in the network security monitoring field. While Bejtlich (2004) does a tremendous job of introducing and outlining many of the fundamental theories and frameworks within the discipline of network security monitoring, these other sources were also enormously useful in their further commentary on these issues and in the different perspectives that were brought to bear on such things as end-user security, the nature of unstructured attacks, and much more. What was apparent throughout all of the readings I encountered either as a direct part of my coursework or through my own research in finishing the exercises and research projects assigned was the co-influence and intricate connections that exist between the many different concerns and trajectories of network traffic, network security, and network monitoring. While many of the necessary theoretical and practical elements can be discussed and understood independently, it is ultimately through the cohesive and expansive accounting of all of these facets that true knowledge is attained and through which true progress can be made.

Different data types -- and different means of classification that serve entirely different purposes through their classification -- are important to recognize in the most basic practice of monitoring and assessing network traffic, which is of course a fundamental step in monitoring for security's sake. After this, it is through establishing baselines of activity and the monitoring of "normal" activity that allows for an identification of what would be considered "abnormal" and therefore potentially dangerous or malicious activity (Barth, 2008; Bjetlich, 2004). From here, the number of "primary" or otherwise necessary concepts when it comes to actually practicing network security monitoring only grows: one needs to have a grasp on issues of security for end-users, administrators, it servicers and more; different types of attacks and threats -- both planned and unplanned -- need to be understood and prepared for on an ongoing basis; and a multitude of other considerations must be taken into account in order to effectively monitor network activity and potential security threats (Ahmad & Habib, 2010; Furnel, 2008). The readings and exercises encountered in this course have helped to introduce and explore many of these different topics.