Blog Posts
Situational Awareness for Cybersecurity Architecture: Network Visibility
Network compromises cannot be detected without visibility into the activities within assets. Network security analysts can view these activities in one of two places....
• By Timur Snoke
In Situational Awareness
Engineering for Cyber Situational Awareness: Endpoint Visibility
In this post, we aim to help network security analysts understand the components of a cybersecurity architecture, starting with how we can use endpoint information....
• By Phil Groce, Timur Snoke
In Situational Awareness
Best Practices in Network Traffic Analysis: Three Perspectives
In July of this year, a major overseas shipping company had its U.S. operations disrupted by a ransomware attack, one of the latest attacks to disrupt the daily operation of …
• By Angela Horneman, Tim Shimeall, Timur Snoke
In Situational Awareness
Best Practices for NTP Services
The network time protocol (NTP) synchronizes the time of a computer client or server to another server or within a few milliseconds of Coordinated Universal Time (UTC)....
• By Timur Snoke
In Situational Awareness
Making YAF App Labels from Text-Based Snort Rules
Ever want to use a Snort-like rule with SiLK or Analysis Pipeline to find text within packets? Timur Snoke and I were recently discussing how we could do this and …
• By Angela Horneman, Timur Snoke
In CERT/CC Vulnerabilities
Analyzing Routing Tables
Hi, Timur Snoke here with a description of maps I've developed that use Border Gateway Protocol routing tables to show the evolution of public-facing autonomous system numbers....
• By Timur Snoke
In CERT/CC Vulnerabilities
Working with the Internet Census 2012
It's not every day that 9.6 terabytes of data is released into the public domain for further research. The Internet Census 2012 project scanned the entire IPv4 address space using …
• By Timur Snoke, Deana Shick, Angela Horneman
In CERT/CC Vulnerabilities
Watching Domains That Change DNS Servers Frequently
Hello, this is Leigh Metcalf of the CERT Network Situational Awareness (NetSA) Team. Timur Snoke and I have discovered some interesting results in our continuing examination....