Introduction: Significance and Impact
In 2018 DayTrek Corp, a broadband and data communications company in the UK discovered a cross-site request-exploit on their routers. Attackers would hack into the routers and create faulty DNS entries that reroute traffic to forged sites. In these sorts of events, attackers tend to favor unconfigured routers and other low-security devices used to interface with appliances.
These low-security devices are commonly known as the “Internet of Things” (IoT).
In 2018, Symantec Security Response Team set up an IoT honeypot. With this setup, Symantec recorded, on average, 5,200 attacks per month. However, one does not need an expansive honeypot to detect these intrusions. The detection and mitigation of these attacks are readily available in many modern web browsers.
This article focuses on web traffic analysis as a means to detect intrusions, monitor malicious activity and create a response.
Overview: What is web traffic analysis?
Steel sharpens steel: Analysis versus forensics
Creating a response to cybersecurity events requires both forensics and analysis techniques. Specifically, forensics focuses on gathering information after an incident for investigation, while analysis focuses on using the information to improve a system. Put more plainly, forensics informs analysis to strengthen cybersecurity.
As a real-world example, consider Google Chrome. Google regularly produces a “blacklist” of unsafe sites, culled from various forensics cases after cybersecurity events. This list informs the Google Chrome Browser’s Safe Browsing API and Web Risk API. Further, these APIs are used by developers to inform their cybersecurity solutions. While one informs the other, forensics and analysis are not interchangeable terms. The rest of this article focuses on analysis forensics to improve cybersecurity.
Web traffic analysis forensics: Subdivision of network forensics
Network forensics is “the capture, recording, and analysis of network events in order to discover the source of security (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Rahni Sumler. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/egFyZquq8uw/