Home > Articles > Security > Network Security

  • Print
  • + Share This
From the author of

2: Characterize Typical Network Traffic and Performance

When a system operates, it consumes and produces network traffic. To fully characterize this behavior, it's necessary to know the volume of traffic consumed and produced, correlated with the time of day and the network identity of the consumer or producer. For example, is a large volume of web traffic produced for a network address in a foreign country at 2:00 a.m. considered normal behavior?

Document the procedure to verify that the traffic traversing the organization's networks is as expected and reflects, for example, trusted source and destination addresses as well as legitimate ports and protocols. The types of network traffic information to capture include network performance and other network data described in Table 1 (which appears at the end of this article).

Tools such as Argus describe the connections made and correlates them with the time of day and the network identity. Other useful tools include NetScout and Traffic Shaper.

Comparing previous network performance information with current information allows an administrator to determine whether any network performance characteristic is beyond tolerable or acceptable limits.

  • + Share This
  • 🔖 Save To Your Account