What Is a Packet Capture?
The packet capture device is a packet capture that performs a stand-alone device. It can be deployed anywhere on the network, but is most commonly placed in front of the network's entrance (ie, Internet connection) and key equipment such as servers containing sensitive information.
- The network data captured by a packet capture device depends on where and how the device is installed on the network. There are two ways to deploy a packet capture device on your network. The first is to connect the device to
- As packet capture devices capture and store large amounts of network activity data, including files, emails, and other communications, they themselves can be attractive targets for hackers. Packet capture devices deployed for any length of time should include security features to protect recorded network data from access by unauthorized parties. If deploying a packet capture device introduces too much extra attention to security, the cost of protecting it may outweigh its benefits. The best way is to make the packet capture device have built-in security features. These security features may include methods to encrypt or "hide" the presence of the device on the network. For example, some packet capture devices have "electronic invisibility", that is, have a secret network profile by not requiring or using an IP or MAC address.
- Although it seems on its surface to connect a packet capture device via a SPAN port to make it more secure, the packet capture device must still eventually connect to the network in order to allow management and data retrieval. Although not accessible via the SPAN link, the device is accessible via the management link.
- Despite these benefits, the ability to control a packet capture device from a remote machine has a security issue that may leave the device vulnerable. Packet capture devices that allow remote access should have a robust system to prevent unauthorized access. One way to achieve this is to incorporate manual disabling, such as a switch or toggle that allows the user to physically disable remote access. This simple solution is very effective, but some suspect it will make it easier for hackers to gain physical access to the device to flip the switch.
- The final consideration is physical security. If someone can only steal a packet capture device or make a copy of a packet capture device and have access to the data stored on it at any time, then all network security features in the world are useless. Encryption is one of the best ways to solve this problem, although some packet capture devices also have a tamper-resistant chassis. [2]