IPv6 popularity is grown to the extent that I have about 15% of my visitors to my website and tools download to be using dual stack. It is time for me to get a handle on these IPv6 using some geolocation to identify the users.
Friday, October 30, 2015
Thursday, October 15, 2015
Why choose an Enterprise Architect?
As one who has come from electrical and computer engineering with experience building infrastructure from instrumentation to Information Technology, I find it hard to explina to people what I actually do as an Enterprise Architect. As you can guess there are major misunderstandings when people hear the word "Architect" or "Architecture."
Saturday, September 19, 2015
SilkWeb - Netflow via Webservices
"Your security operations or network operations tools cannot run in isolation anymore. True SOC operations is about cohesion of data."
The common need I get from many Network & Security Operations Centers (NOC & SOC) analysts is their wish to integrate data from their various feeds into UI frameworks and dashboards. How about NetFlow data itself, NetFlow basically is (at a minimum) a 5-tuple summary of network traffic that crosses your perimeter (firewall or router). If your NetFlow data goes into a database there are a few tools to translate your database queries to JSON/XML and make these available over webservices. In this blog I am introducing a project that will help expose SiLK NetFlow data over webservices JSON/XML/CSV to able to integrate SiLK data into your NOC/SOC dashboard with some basic examples. The project is in GitHub called silkweb.
The common need I get from many Network & Security Operations Centers (NOC & SOC) analysts is their wish to integrate data from their various feeds into UI frameworks and dashboards. How about NetFlow data itself, NetFlow basically is (at a minimum) a 5-tuple summary of network traffic that crosses your perimeter (firewall or router). If your NetFlow data goes into a database there are a few tools to translate your database queries to JSON/XML and make these available over webservices. In this blog I am introducing a project that will help expose SiLK NetFlow data over webservices JSON/XML/CSV to able to integrate SiLK data into your NOC/SOC dashboard with some basic examples. The project is in GitHub called silkweb.
Wednesday, May 13, 2015
IP address tools in Javascript
In my earlier blog I put a set of tools together for IPv4 address manipulation for sqlite,oracle and even Excel. How can I forget the simple tools needed in Javascript. Changing IP address to long integer, subnet mask to IP address range, have all become a necessity to daily security operations people. So here is what I have cooked up.
Saturday, October 25, 2014
So you want to disable SSLv3?
Recent vulnerability released by Google called Poodle - puts security administrators to scramble keeping up with "heartbleed", "retiring of SHA-1" and "removal of SSLv3" As I come from the solutions and enterprise architecture background, I get pinged by these questions about the real risk and impact of implementing these security enforcement's.
Tuesday, June 3, 2014
Integrating Google's BigQuery into your Security Operations Center (SOC).
In your security operations it is not uncommon for you to require access to some large datasets and analyze them. The obvious answer is to store them in a bigdata solution. If you are in the business of building your own bigdata solution, you find many technical details as distractions to running your core service - security analysis in this case.
Wednesday, March 26, 2014
Rolling PCAP (Packet Capture) for a production network
It is common to see many SOCs (Security Operations Centers) wanting a packet capture of a recent event to trace down some network activity either part of an attack or an investigation. A file format called PCAP is a good way to store network data on the disk. However no one can afford to store PCAP forever, so a rolling packet capture depending on your network bandwidth is a very viable way to collect and store PCAP.
Subscribe to:
Posts (Atom)