OPS 301 Class 09 - MackD51/CyberReadingNotes GitHub Wiki

How to Capture Network Traffic?

What are the differences between SPAN and TAP?

In essence, SPAN is a switch-based method that copies and forwards specific traffic, while TAP is a hardware device that captures all traffic for analysis. TAPs provide more accurate and reliable visibility into network traffic but require separate hardware.

What types of network devices can support network traffic mirroring?

Network switches, Routers, Firewalls, IDS/IPS devices, Load balancers, Network TAPs

How can network traffic mirroring be used for network security?

Intrusion Detection and Prevention: Detect and prevent attacks by analyzing mirrored traffic for known attack patterns.
Malware Analysis: Inspect mirrored traffic to identify and mitigate malware threats.
Forensic Analysis: Capture and analyze mirrored traffic for post-incident investigations and evidence gathering.
Anomaly Detection: Identify abnormal network behavior and potential security breaches by monitoring mirrored traffic.
Data Loss Prevention (DLP): Monitor mirrored traffic to prevent unauthorized data exfiltration attempts.
Network Monitoring and Troubleshooting: Use mirrored traffic to monitor network performance, diagnose issues, and troubleshoot network problems.

Are there any legal or ethical considerations when using network traffic mirroring?

Some of the considerations that need to take place are Legal Compliance, Consent and Privacy, Data Handling and Retention, Purpose Limitation, Confidentiality and Data Protection, Employee Awareness and Consent, Ethical Considerations