TABLE OF CONTENTS Karen Frederick
NFR Security offers several products, including the Secure Log Repository (SLR) appliance and the Network Intrusion Detection (NID) appliance, which provide monitoring and intrusion detection capabilities. NFR's products arc designed to be integrated with each other and to be easily deployed and maintained. They provide scalable and flexible solutions that can meet a variety of needs. NFR products use the same management interfaces and methods, store data in the same formats, and have similar architectures.
The focus of this chapter is on the NFR Network Intrusion Detection (NID) Appliance, a tool for analyzing network traffic. We begin by looking at its architecture and major components. The next section focuses on data collection, storage and integrity. Then we look at ways to analyze data through queries, filters and reports. After a review of the components of the NID that are most useful for forensic purposes, a case study is presented to demonstrate how the NID can be useful in an investigation. Finally, we take a brief look at the Secure Log Repository (SLR), which is very helpful in investigations involving a large number of logs from a variety of systems.
The NFR Network Intrusion Detection (NID) appliance was designed to be flexible and extensible enough to perform a variety of network monitoring and intrusion detection functions; in fact, the greatest strength of the NID is its configurability. It passively monitors a network, collecting data that matches its configuration settings. By default, this...
