What technology or technologies could you use to log internet endpoints and bandwidth consumption between clients and servers on a local network? What would you do if you did not have the resources to capture and store all network packets?
Question 1:Monitoring Outputs – The primary response includes all three partsPart 1: What technology or technologies could you use to log internet endpoints and bandwidth consumption between clients and servers on a local network? What would you do if you did not have the resources to capture and store all network packets? Part 2: You are investigating a data exfiltration event and have obtained the web server logs of the host that data was exported to over the Internet from the hosting provider. The logs contain only the external IP address of your company’s router/firewall and a high-level TCP port number. How can you use the log to identify the local host on your network that was used to perform the exfiltration?Part 3: Go to the Search bar at the left bottom corner of your computer. Type in Event Viewer (Local). Click on the app provided in the search. Open the Event Viewer and expand the Windows Logs section. Review the application and Security event logs. What do you notice? Share in the discussion post what you located and why it is important to review those specific logs on a regular basis. In your responses to other students, select one of the three parts they have addressed and engage with them in a discussion about their specific response. Question 2:There are many iterations of host-based and endpoint protection mechanisms on the market. Research three tools available on the market to help with security solutions for your current business or organization. Why would you choose those particular tools? You suspect that a host is infected with malware but cannot identify a suspect process using locally installed tools. What else is available on the market that would help you identify the malware and remove it from your network? Why would you choose that particular product?
