Why Monitoring Network Traffic is important during the Holidays
Monitoring network traffic around holiday events
Thanksgiving and Black Friday have come and gone and to those of you who celebrated either, I hope you had a good one! Holiday events like this can bring extra challenges when it comes to keeping networks running securely and efficiently. Cyber criminals exploit times like this with anything from fake purchase invoices to malware attached to shipping notifications. One way to keep your network secure is to monitor network traffic so you can see what is happening on your network.
Once you start monitoring network traffic, you need to watch out for suspicious traffic patterns or new devices connecting to your networks. The best way to do this is via network packet capture. If you are unsure where to start, check out this recent blog post which looks at where you should be analyzing network traffic on your network.
Detecting Hola and other anonymizers
Over the past week, I have noticed an increase in the use of a browser plugin called Hola. It is used to get around web filters and to anonymize web browsing. I am not a huge fan of web filters unless, they are used to block access to malware sites or illegal content.
Occasionally, I see Network Managers blocking sites like YouTube as they use a lot of bandwidth, this can frustrate users as YouTube has a lot of useful and work related content. Instead, users should be educated on how the watch videos in lower resolutions and thus reduce bandwidth use. If users are blocked from accessing sites, they will look at finding ways around this and this can expose the network to other security risks.
The dangers of plugins like Hola is that they can expose users to sites which can cause problems like Ransomware infections. Cybercriminals know that users may be more vulnerable around Thanksgiving or Black Friday. Users may be more inclined to click on a link to a silly Thanksgiving video or try and access a website which is advertising amazing discounts.
One way to detect the presence of Hola clients on your network, is to check for DNS requests associated with the Hola website. You can do this by monitoring network traffic going to and from your Internet gateway. Once you have traffic monitoring in place, you can use a tool like LANGuardian to extract the DNS metadata from the network packets. The image below shows an example of this; here, we can see that a client was detected sending DNS queries associated with the Hola service.
Watch out for new devices connecting to your network
The second issue, to watch out for at this time of year is the influx of new devices connecting to networks. Many people will have bought tablets or other IoT type devices and some may find their way onto corporate networks. The problem is that some devices may be prone to attacks, if default settings are used. Hacked cameras and DVRs were responsible for a massive Internet outage recently.
You can detect new devices on your network by watching out for new MAC addresses or by watching for certain strings in hostnames. In the following image, we can see how our LANGuardian system detected the presence of an Android device on my network. The report in use is called Ethernet :: DHCP Lease Assignments. Once you have the MAC address, you can trace it by looking through the ARP tables on your switches.
Conclusion: You need to be monitoring network traffic
Network traffic monitoring was once difficult and only used for low level network troubleshooting. However, metadata analysis tools have now made this task much easier and more accessible. While it is vital that you monitor network traffic around holiday events, our advice is that you should have it running 24/7 all year round. It will allow you to get to the root cause of operational and security issues much faster.
NetFort provides network traffic and security monitoring software for virtual and physical networks. NetFort’s flagship product, LANGuardian, is unique in the marketplace thanks to its powerful deep-packet inspection technology that can be downloaded and deployed on standard physical or virtual hardware to provide comprehensive visibility in minutes. Organizations worldwide depend on LANGuardian solutions from monitoring user activity to file activity monitoring, web activity monitoring, network security monitoring,bandwidth monitoring, wire data analytics, network forensics to packet capture.