Sid Faber
Software Engineering Institute
Sid Faber is an SEI alumni employee.
Sid Faber is a member of the technical staff within the CERT® Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. As a member of the Network Situational Awareness (NetSA) analysis team, Faber supports sponsors by providing detailed reports of current and historical network activities. His current areas of interest include fusing massive network data sets, enabling analysts with tools and methods necessary to defend large networks, using large-scale DNS monitoring to detect malicious behavior, and designing closed networks for improved security. Faber also serves as an adjunct faculty member at the Carnegie Mellon University Heinz College of Information Systems & Management and at the University of Pittsburgh, School of Information Sciences. Prior to joining the SEI, Faber worked as a security architect with Federated Investors, one of the largest investment managers in the United States. His experience includes more than fifteen years in software application security, development, and evaluation, and five years in the U.S. Navy Nuclear Power Officer program.
Publications by Sid Faber
-
Using Network Flow to Gain Cyber Situational Awareness
March 31, 2016 • Webinar
Sid Faber
During this webinar we discussed the foundations of cyber situational awareness and how to apply situational awareness concepts to the cyber domain.
watch -
Using Network Flow Data to Profile Your Network and Reduce Vulnerabilities
October 23, 2012 • Podcast
Austin WhisnantSid FaberJulia H. Allen
In this podcast, participants discuss how a network profile can help identify unintended points of entry, misconfigurations, and other weaknesses.
learn more -
Network Profiling Using Flow
August 01, 2012 • Technical Report
Austin WhisnantSid Faber
In this report, the authors provide a step-by-step guide for profiling and discovering public-facing assets on a network using netflow data.
read -
Adding Network Flow Analysis to Your Security Architecture
May 12, 2012 • Presentation
Sid Faber
In this 2011 presentation, Sid Faber discusses network flow analysis and typical network security plans, and describes related tools and analyses.
read -
Teaching Flow Analysis with Live Flow Data
January 09, 2012 • Presentation
John Dwyer (Carnegie Mellon University)Sid Faber
In this presentation, the authors describe a partnership with the City of Pittsburgh and Carnegie Mellon to use live flow data to teach flow analysis.
read -
From Bandwidth to Beacon Detection, Prism and Touchpoints
January 09, 2012 • Presentation
George JonesPaul KrystosekSid Faber
In this presentation, given at FloCon 2012, the authors provide an overview of beacon detection.
read -
Garbage Collection: Using Flow to Understand Private Network Data Leakage
January 10, 2011 • Presentation
Sid Faber
In this presentation, Sid Faber shows how you can use garbage collection to explore data leakage in your network.
read -
Strip Plots: A Simple Automated Time-Series Visualization
January 11, 2010 • Presentation
Sid Faber
In this presentation, Sid Faber describes an approach to a self-maintaining network profile using batch processing, email, quick triage, and intuitive design.
read -
Is There Any Value In Bulk Network Traces?
January 12, 2009 • Presentation
Sid Faber
In this presentation, Sid Faber describes the value of bulk network traces if data sources are tuned to the needed research.
read -
Responsible Disclosure: A Case Study of CERT VU#800133, “DNS Cache Poisoning Issue”
September 24, 2008 • Presentation
Sid Faber
In this presentation, Sid Faber describes details of the vulnerability “DNS Cache Poisening Issue.”
read -
Using the Google Maps API for Flow Visualization
January 07, 2008 • Presentation
Sid Faber
In this presentation, Sid Faber discusses a process for visualizing flow data using data extraction, geolocation, XML, Google Maps API, and HTML.
read -
Analysis of AS112 Traffic
June 05, 2007 • Presentation
Sid Faber
In this 2007 presentation, Sid Faber discusses the internal network topology data that's exposed to the public internet.
read -
Predicting Future Botnet Addresses With Uncleanliness
May 09, 2007 • Conference Paper
Michael CollinsTimothy J. ShimeallSid Faber
In this paper, the authors discuss whether we can effectively predict future bot locations.
read