Tuesday, April 14, 2020

Baselining, No Problem

 Not a week goes by without an email from someone asking me to how to create a baseline or worse, requests to review a baseline. I will explain both points before moving on.


Asking how to create a baseline

Spoiler alert, there is no real baseline ‘standard’ or ‘template’ that will meet all your needs. Of course there are typical things that you always document, but after that, it gets very specific. Even different departments will use the same software differently.


A great example is Microsoft Outlook, a sales person will use the contacts like a CRM with conversation notes and follow up dates, where an IT person will use the same contacts feature to simply record contact info.


This is why I usually ask the I.T. specialist to spend a little bit of time with the user to determine how they use the software, basic tasks, etc before capturing packets.

Requests to review a baseline


The reason why I say this is scenario worse is because many times someone is asking me to help interpret what someone else did years ago.


Here is specifically why this never works out:


  • Methodology not documented

  • Goal for baseline not documented

  • Network and related equipment has changed

  • Application has changed since baseline


In most cases, I recommend on starting a new baseline, using the old one as a reference.


Moving on

Baselines are critical when migrating to the cloud, moving your servers to a recovery site or configuring firewalls or routers for remote access.


As I mention in the video, a baseline doesn’t need to be 100 pages or take weeks to compile. I find the shorter, concise ones that you can combine for a more comprehensive baseline, are far more helpful.


A simple example would be to create separate captures of the application launch, login and common task. That way if there are performance complaints about the login, you can compare fewer packets.


A helpful tip that I use is called ‘packet bookmarks’ where you create a predicable packets in your trace in between tasks. Using the previous example, I would ping thetechfirm.com in between tasks, if I was using a packet capture tool that provides one trace of my baseline.

Another example of using the ‘packet bookmark’ technique is when baselining or troubleshooting an application that constantly receives or transmits packets, like VOIP, terminal services some CRM and email applications.


Getting Started

I would suggest that anyone who wants to baseline, troubleshoot or as a way to get familiar with how applications work simply take short traces of any application you are familiar with.

Applications such as email, web browsing, VOIP, IM, printing, file sharing and other streaming services are a great way to get familiar with protocol analysis. As you go through different applications, you will develop techniques and skills to help you along the way. Smaller traces are easier to analyze and even if you don’t have time to analyze the traces, simply give the trace files a meaningful name and put them in a folder with an equally good description. Then you can review them whenever you have a moment.




No comments:
Labels:

Wednesday, April 8, 2020

Improving incident response using packet captures

 As a security operations professional, you and your team are responsible for protecting your organization; recognizing valuable data assets, assessing security gaps, and performing Digital Forensics and Incident Response (DFIR). When an attack happens, the packet data that flows across the network is critical to the incident response life cycle. Most security analysis tools provide just parts of the information that packet data contains, but having full access to complete packet capture information can drastically improve and accelerate incident response.


In our CloudShark article, learn the role packet captures play in this life cycle - before, during, and after an attack happens - and four tips to use them better, greatly improving the success of your security operations.


No comments:
Labels:

Tuesday, March 24, 2020

So You Want To Be A ...

 

As the prospect of retirement begins to appear on the outer edges of my radar, I’ve been reflecting on this engineering career that has occupied a large chunk of my adult life. It’s been a rewarding journey and I have no regrets, but what was it that excited me about engineering in the first place?


I don’t believe it was genetics; my Dad was a Professor of Speech and Drama, and my Mom was a schoolteacher who chose to stay at home once I was born. I don’t recall lying in my crib staring at some dangling toy and thinking “I can do better than that.” It’s safe to conclude that I wasn’t born for this profession. If not nature, it must have been nurture.


I don’t remember any special role models from my youth, but there were a few toys that left a lasting impression. Although I quickly lost interest in Tinker Toys and Lincoln Logs, I was attracted to chemicals and electricity. I augmented my Chemcraft Chemistry Set with a few home-brewed fireworks, but my interest there waned as well. It was the Erector Set with its moving parts and electric motor drive that finally got me excited. My educator parents were probably pleased, seeing this as a less dangerous direction for me.


Times have changed, and I suspect that Tinker Toys and Lincoln Logs these days are covered with warnings about small parts that present a choking hazard. Erector sets, if they still can be found, would need to advise caution, as the metal pieces had sharp edges where I cut myself more than once. How you market a Chemistry set in today’s litigious society is beyond me. You definitely don’t want the neighbors to know that your kid is in the garage fooling around with chemicals, unless you are prepared for a visit from the DEA.


While I haven’t found a satisfying explanation for why I remained excited about engineering, I am curious about how young people choose this career today. Our six year old granddaughter once said quite seriously that she wants to be a mermaid when she grows up, which isn’t hard to understand when you see how well things turned out for Ariel. I predict she will enter college with a more practical career in mind, and then change it at least once by the time she graduates. Between now and her freshman year, I will be watching to see where her aptitudes and interests are leading her (presumably not under the sea).


Many Colleges and Universities require a commitment to a major field by the start of the junior year, while some even force students to make this choice prior to admission. Are we equipped to make such important decisions in our late teens? At that point in my life, I wanted to turn my scientific aptitudes toward the medical profession, believing that this was the best way to earn a good living while helping others. When I realized how many long-hard years of study and sacrifice would be required for an MD, I reconsidered. Don’t judge me.


Like air rushes toward a vacuum, so does free advice pour out to youth who seek direction. The year I entered college was also the year that Mr. McGuire offered his famously succinct career advice to Benjamin (“Plastics” in case you missed The Graduate). One common refrain both then and now was to “follow your passion.” Through my Father’s relationship with The Pasadena Playhouse, I met lots of actor-wannabes who were brimming with passion as they paid the bills selling used cars or waiting tables. Today’s young people have instant access to a career counselor I never had.


Out of curiosity, I typed the title of this article into Google and it responded with the following list: Doctor, Wizard, Writer and Pathologist. Google already knows a lot about me from my past search habits, but why then isn’t Engineer on the list and for that matter, where in the heck did Wizard come from? I anticipate that ads for pointy hats and magic wands will soon be soon be flooding my email.


In retrospect, many of the detours I didn’t take are starting to make sense. One of the few kits I missed out on was the Atomic Energy Lab (pictured above), which was just a few years before my time. Judging from the way the young man on the inside cover is glowing, this appears to have been a fortunate turn of events.


First released the year I was born, the kit came with a comic book (Dagwood Splits the Atom), proving that it would not have been ideally suited for serious pre-teen scientists like me. One reviewer, Dr. Grace Landon, had this to say “It stresses the peace-time role of atomic energy. . . Not a hint of the A-bomb in the whole kit.”

How boring.













Author Profile - Paul W. Smith - leader, educator, technologist, writer - has a lifelong interest in the countless ways that technology changes the course of our journey through life.In addition to being a regular contributor to NetWorkDataPedia, he maintains the website Technology for the Journey and occasionally writes for Blogcritics.Paul has over 40 years of experience in research and advanced development for companies ranging from small startups to industry leaders.His other passion is teaching - he is a former Adjunct Professor of Mechanical Engineering at the Colorado School of Mines. Paul holds a doctorate in Applied Mechanics from the California Institute of Technology, as well as Bachelor’s and Master’s Degrees in Mechanical Engineering from the University of California, Santa Barbara

No comments:
Labels:
Subscribe to: Comments (Atom)

Popular post