With the recent news of security vulnerabilities in the Intel Active Management Technology, now seemed to be the best time to share how security and network professionals can monitor Intel AMT traffic using their existing flow and metadata collector. In this post, let’s explore what the security vulnerability is, how you can remedy the problem, and how you can look for suspicious activities that indicate a compromised system.
Author: Justin
Justin Jett is Director of Audit and Compliance at Plixer with roles ranging from system administration of web services to technical product marketing for Plixer’s incident response system, Scrutinizer. Jett, a graduate of the University of Maine at Farmington, is an avid learner of all things security, with a particular interest in TLS and DNS attacks.
How do you detect TLS vulnerabilities?
Posted on - by Justin
Transport Layer Security, or TLS, is a critical part of the internet. It allows a mechanism to secure and authenticate a connection between a host and a client. While generally considered an unbreakable security layer, TLS does have some vulnerabilities that are important for network professions to be aware of. These vulnerabilities can pose a real threat to network systems if they are not addressed. In this article, I would like to discuss how you can detect TLS vulnerabilities, as well as outline a few vulnerabilities that you should be looking for.
How to protect your organization against email spoofing
Posted on - by Justin
We’ve all come across spoofed emails at some point, and they are a real threat to the security and safety of our organizations and its employees. In this article, I’d like to explore what email spoofing is, how you can detect rogue emails on your network, and how you can take steps to safeguard your domain against spoofing attempts.
Detecting Data Exfiltration with NetFlow and Packet Capture
Posted on - by Justin
When it comes to understanding data exfiltration, you need to be able to see the whole picture. But most of us have been viewing it from our old 20th-century monitors that just can’t do this. Well, it’s time for an upgrade. With today’s advancements in NetFlow and metadata exports from a variety of vendors, there is no reason that we can’t start monitoring with the latest 4K monitors that give you full visibility no matter where you look. Today, I want to show you how you can get the complete picture by using NetFlow and packet capture to detect data exfiltration.
How to monitor FTP traffic with NetFlow
Posted on - by Justin
In my last post, I discussed how to monitor SSL traffic. Today, I thought I would continue down the road of traffic monitoring by taking a look at FTP traffic. Specifically, I would like to discuss how you can monitor FTP traffic, and how you can use NetFlow and metadata to understand what traffic is being sent over FTP. I will also provide some details on integration in Scrutinizer that will provide additional details relating to the FTP traffic.
Read more