Network Process Monitoring | CompTIA Network+ N10-007 | 3.3a
In this video you will learn about network process monitoring such as: log reviewing, port scanning, vulnerability scanning, patch management & rollbacks, reviewing baselines, & packet/traffic analysis.
Processes
Log Reviewing
Log analysis is the process of reviewing, interpreting and understanding computer-generated records called logs. Logs are generated by a range of programmable technologies, including networking devices, operating systems, applications, etc. A log consists of a series of messages in time-sequence that describe activities going on within a system. Log files may be streamed to a log collector through an active network, or they may be stored in files for later review. Either way, log analysis is the delicate art of reviewing and interpreting these messages to gain insight into the inner workings of the system.[1]
Port Scanning
Port scanning is a method of determining which ports on a network are open and could be receiving or sending data. It is also a process for sending packets to specific ports on a host and analyzing responses to identify vulnerabilities. This scanning can’t take place without first identifying a list of active hosts and mapping those hosts to their IP addresses. This activity, called host discovery, starts by doing a network scan. The goal behind port and network scanning is to identify the organization of IP addresses, hosts, and ports to properly determine open or vulnerable server locations and diagnose security levels. Both network and port scanning can reveal the presence of security measures in place such as a firewall between the server and the user’s device.[2]
Vulnerability Scanning
A vulnerability scanner is a computer program designed to assess computers, networks or applications for known weaknesses. These scanners are used to discover the weaknesses of a given system. They are utilized in the identification and detection of vulnerabilities arising from misconfigurations or flawed programming within a network-based asset such as a firewall, router, web server, application server, etc. Modern vulnerability scanners allow for both authenticated and unauthenticated scans. Modern scanners are typically available as SaaS (software-as-a-service); provided over the internet and delivered as a web application. The modern vulnerability scanner often has the ability to customize vulnerability reports as well as the installed software, open ports, certificates and other host information that can be queried as part of its workflow.[3]
Patch Management
Patch management is the process of distributing and applying updates to software. These patches are often necessary to correct errors (vulnerabilities or bugs) in the software. Common areas that will need patches include operating systems, applications, and embedded systems (like network equipment). When a vulnerability is found after the release of a piece of software, a patch can be used to fix it. Doing so helps ensure that assets in your environment are not susceptible to exploitation.[4]
- Rollback: Gives you the mechanism to remove patches after they have been installed on a system. Not all patches may be uninstalled. The system only lists patches supporting rollback.[5]
Network Baselines
Network baselining is the act of measuring and rating the performance of a network in real-time situations. Providing a network baseline requires testing & reporting of the physical connectivity, normal network utilization, protocol usage, peak network utilization, and average throughput of the network usage. Such in-depth network analysis is required to identify problems with speed and accessibility, and to find vulnerabilities and other problems within the network. Once a network baseline has been established, this information is then used by companies and organizations to determine both present and future network upgrade needs as well as assist in making changes to ensure their current network is optimized for peak performance.[6]
Packet/Traffic Analysis
A packet analyzer or packet sniffer is a computer program or computer hardware such as a packet capture appliance that can intercept and log traffic that passes over a computer network or part of a network.[7] Packet capture is the process of intercepting and logging traffic. As data streams flow across the network, the analyzer captures each packet and, if needed, decodes the packet’s raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications. A packet analyzer used for intercepting traffic on wireless networks is known as a wireless analyzer or WiFi analyzer. A packet analyzer can also be referred to as a network analyzer or protocol analyzer though these terms also have other meanings.
References
- What is Log Analysis? Sumo Logic.
- What is port scanning? Avast Business.
- Vulnerability scanner. Wikipedia.
- What is patch management? RAPID7.
- Rollback. Patch > Rollback.
- Beal, V. (2021, May 24). Network Baselining. Webopedia.
- Connolly, K. (2003). Law of Internet Security and Privacy.
-
Hot Posts
-
Components of an Operating System | CompTIA IT Fundamentals FC0-U61 | 3.2
-
The CompTIA IT Certification Career Roadmap
-
How Does YouTube Store Billions of Videos?
-
Virtual AI Girlfriend Makes $30K a Month From Dudes Online
-
Common Computing Devices & Their Purposes | CompTIA IT Fundamentals FC0-U61 | 2.6
-
Troubleshooting Methodology | CompTIA IT Fundamentals FC0-U61 | 1.6
-
Basic Networking Concepts | CompTIA IT Fundamentals FC0-U61 | 2.7
-
Interfacing with Databases | CompTIA IT Fundamentals FC0-U61 | 5.3
-
Authentication, Authorization, Accounting & Non-Repudiation | CompTIA IT Fundamentals FC0-U61 | 6.4
-
Notational Systems | CompTIA IT Fundamentals FC0-U61 | 1.1
-
