Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

20/20 Foresight: Page 5 of 6


Bad

• No packet decode
• Large queries can be slow
• Expensive

InfiniStream Security Forensics, starts at $75,000. Network Associates, (800) 764-3337, (972) 963-8000. www.nai.com

More Resouces
white papers
books

Two incidents observed during testing indicate the sort of use to which InfiniStream can be put. In the first, an external attacker succeeded in compromising the SAMBA server on a particular Web site, then used that SAMBA server to exploit other servers within the domain. This was a new exploit and the IDS merely indicated the results. By correlating the time stamp from the IDS activity to the InfiniStream captured data, we were able to see precisely how the attacker had pulled it off. In another case, a network user was downloading movies through an IRC client and in pieces so as not to trip excessive bandwidth alerts. InfiniStream replayed the user's session, showing the movie request and download.

There's one danger to this faithful application playback. Worms, Trojans, viruses and other cybernasties will be recorded and played back, and network infection (or reinfection) could occur.