Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University
Menu
Home Digital Library Sid Faber | SEI Digital Library

Digital Library

Sid Faber

Author

Sid Faber

18399

Software Engineering Institute

Sid Faber is a member of the technical staff within the CERT® Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. As a member of the Network Situational Awareness (NetSA) analysis team, Faber supports sponsors by providing detailed reports of current and historical network activities. His current areas of interest include fusing massive network data sets, enabling analysts with tools and methods necessary to defend large networks, using large-scale DNS monitoring to detect malicious behavior, and designing closed networks for improved security. Faber also serves as an adjunct faculty member at the Carnegie Mellon University Heinz College of Information Systems & Management and at the University of Pittsburgh, School of Information Sciences. Prior to joining the SEI, Faber worked as a security architect with Federated Investors, one of the largest investment managers in the United States. His experience includes more than fifteen years in software application security, development, and evaluation, and five years in the U.S. Navy Nuclear Power Officer program.

March 2016 - Webinar Using Network Flow to Gain Cyber Situational Awareness

Topics: Network Situational Awareness

Authors: Sid Faber

During this webinar we discussed the foundations of cyber situational awareness and how to apply situational awareness concepts to the cyber domain.

October 2012 - Podcast Using Network Flow Data to Profile Your Network and Reduce Vulnerabilities

In this podcast, participants discuss how a network profile can help identify unintended points of entry, misconfigurations, and other weaknesses.

August 2012 - Technical Report Network Profiling Using Flow

Topics: Network Situational Awareness

In this report, the authors provide a step-by-step guide for profiling and discovering public-facing assets on a network using netflow data.

May 2012 - Presentation Adding Network Flow Analysis to Your Security Architecture

Topics: Network Situational Awareness

Authors: Sid Faber

In this 2011 presentation, Sid Faber discusses network flow analysis and typical network security plans, and describes related tools and analyses.

January 2012 - Presentation Teaching Flow Analysis with Live Flow Data

Topics: Network Situational Awareness

In this presentation, the authors describe a partnership with the City of Pittsburgh and Carnegie Mellon to use live flow data to teach flow analysis.

January 2012 - Presentation From Bandwidth to Beacon Detection, Prism and Touchpoints

Topics: Network Situational Awareness

In this presentation, given at FloCon 2012, the authors provide an overview of beacon detection.

January 2011 - Presentation Garbage Collection: Using Flow to Understand Private Network Data Leakage

Topics: Network Situational Awareness

Authors: Sid Faber

In this presentation, Sid Faber shows how you can use garbage collection to explore data leakage in your network.

January 2010 - Presentation Strip Plots: A Simple Automated Time-Series Visualization

Topics: Network Situational Awareness

Authors: Sid Faber

In this presentation, Sid Faber describes an approach to a self-maintaining network profile using batch processing, email, quick triage, and intuitive design.

January 2009 - Presentation Is There Any Value In Bulk Network Traces?

Topics: Network Situational Awareness

Authors: Sid Faber

In this presentation, Sid Faber describes the value of bulk network traces if data sources are tuned to the needed research.

September 2008 - Presentation Responsible Disclosure: A Case Study of CERT VU#800133, “DNS Cache Poisoning Issue”

Topics: Network Situational Awareness

Authors: Sid Faber

In this presentation, Sid Faber describes details of the vulnerability “DNS Cache Poisening Issue.”

January 2008 - Presentation Using the Google Maps API for Flow Visualization

Topics: Network Situational Awareness

Authors: Sid Faber

In this presentation, Sid Faber discusses a process for visualizing flow data using data extraction, geolocation, XML, Google Maps API, and HTML.

June 2007 - Presentation Analysis of AS112 Traffic

Topics: Network Situational Awareness

Authors: Sid Faber

In this 2007 presentation, Sid Faber discusses the internal network topology data that's exposed to the public internet.

May 2007 - Conference Paper Predicting Future Botnet Addresses With Uncleanliness

Topics: Network Situational Awareness

In this paper, the authors discuss whether we can effectively predict future bot locations.