New Training: Network Intrusion Analysis

In this 6-video skill, CBT Nuggets trainer Keith Barker explains which event types and data can be expected from network security devices, along with details on how to analyze that data for security event related details. Watch this new Cisco training.

Watch the full course: Cisco Certified CyberOps Associate

This training includes:

• 6 videos

• 51 minutes of training

You’ll learn these topics in this skill:

• Introduction to Network Intrusion Analysis

• Data Sources

• Event Severity

• PCAP analysis

• Extract files from PCAP

• Regular Expressions

How to Detect Network Intrusion By Analyzing Traffic Flooding

Hackers use a variety of tactics to infiltrate networks. One of those tactics is by flooding a network with traffic to mask their attacks. Security analysts need to understand how this intrusion method works so they can analyze and mitigate it.

Flooding a server with traffic can act much like a denial-of-service attack. This attack vector stops short of bringing down all services, though. Instead, it pushes just enough traffic to servers to cause confusion. This gives hackers a limited window to be able to perform their attacks on a target, cover their tracks, and exit a network before they are detected.

Though flooding attacks can be difficult to detect since they simply appear like a spike in traffic, there are methods that security analysts can use to detect network intrusions. Cloud providers can be configured to automatically scale environments on the fly so that spikes in traffic can be handled appropriately. Likewise, these same cloud providers offer services that use AI to monitor suspicious activities.

Those two examples above are only a couple of tools that security analysts can use to prevent network intrusion. Security analysts will need to fully understand all the tools that cloud providers offer to them to help mitigate attack vectors thoroughly, though.