Last week ntop has been invited to give a talk at neacademy in Napoli, Italy. The topic was network fingerprints and nDPI. Network fingerprints such as JA4 have been made popular by cybersecurity that uses them to spot (with limited false positives) malware and use them to find traffic pattern similarities. During the talk, we […]
A Deep Dive Into Traffic Fingerprints
Last week during SharkFest Europe 2024 we have presented what are network fingerprints and how they work. During the talk we (Luca and Ivan) have described how we have extended nDPI with support of network fingerprints, and how this work has been also integrated in Wireshark. We believe that fingerprints are an interesting technology that […]
Can ntopng be considered an IDS (Intrusion Detection System) ?
ntopng is not typically classified as an Intrusion Detection System (IDS) in the traditional sense, but it does have some features that overlap with IDS functionalities. Let me explain the differences and how ntopng might serve a similar role: What is ntopng? ntopng is an open-source network traffic monitoring tool that provides visibility into network […]
ipt_geofence: Protecting Networks using Geofencing, Blocklists and Service Analysis
Last week the ntop team has organised the network devroom at FOSDEM 2024, that took place in Brussels on Feb 2-3. During the devroom we have presented one tool named ipt_geofence that we have created for protecting our network infrastructure and generate blacklists that can be used with ntop tools (this task is still ongoing). […]
How Effective Are IP Blacklists When Used For Detecting Malicious Activities?
A blacklist is an access control mechanism which denies access to selected network resources to peers belonging to a curated list. Blacklists often represent the first line of defence for many networks as they can reduce internal hosts’ risk of establishing communications with peers with a bad reputation. Many companies use blacklists for detecting malicious […]
OT, ICS, SCADA: IEC 60870-5-104 in ntopng
What is OT, ICS, SCADA ? Operational Technology (OT) refers to computing systems that are used to manage industrial operations or process operations, like water treatment, electrical power distribution or wrapping a chocolate in foil. ntopng supports some Industrial control systems (ICS) protocol often managed via a Supervisory Control and Data Acquisition (SCADA) systems. Via […]
Introducing Smart Recording in n2disk: Combining Cybersecurity with Packet-to-Disk
In short Continuous network traffic recorders are applications (or appliances) that write network traffic on disk. In case of issues (e.g. security breach or network outage) they enable network and security analysts to go back in time and see how a problem originated. The main limitation of this practice is that a lot of data […]
HowTo Use Periodic Traffic Analysis in Cybersecurity
Since v5 ntopng has the ability to detect periodic activities, i.e. activities that are repeated periodically at a given pace (note that each activity can have a different frequency, and ntopng is able to detect them). Periodic activities are not bad per se (e.g. an email application fetches new messages every 5 minutes) but it […]
What’s New in ntopng: Network Assets
Hello everybody! Welcome back to the weekly blog post of this serie used to update you with the latest ntopng features and graphical changes. Please let us know your feedback! Today we are going to talk about the Asset Map. Have you ever asked yourself, what are the NTP servers in your network? Or, are […]
What’s New in ntopng: Periodic Activities (a.k.a beaconing) !
Hello everybody! Welcome back to the weekly blog post of this serie used to update you with the latest ntopng features and graphical changes. Please let us know your feedback! Today we are going to talk about the Periodicity Map. You are probably asking yourself what’s so bad about periodic activities, right? First of all, […]