Demystifying the Myth of Passive Network Discovery and Monitoring Systems

Size: px
Start display at page:

Download "Demystifying the Myth of Passive Network Discovery and Monitoring Systems"

Transcription

1 Demystifying the Myth of Passive Network Discovery and Monitoring Systems Ofir Arkin Chief Technology Officer Insightix

2 Copyright All Rights Reserved. This material is proprietary of Insightix. Any unauthorized reproduction, use or disclosure of this material, or any part thereof, is strictly prohibited. This material is meant solely for the use by Insightix employees, and authorized Insightix customers. About Insightix Insightix is an innovator of real-time security intelligence and control solutions. Insightix patentpending technologies are used to detect, identify, profile, audit and control ALL devices connected to your network, providing real-time network, endpoint and user intelligence. Insightix discovers an additional 20%- 50% of the devices residing on the enterprise network, devices that otherwise remain undetected, and automatically audits for the security configuration of endpoints based on the asset classification information collected. The Insightix Business Security Assurance (BSA) solution suite provides a 360 view into the actual state of your network security effectively Bridging the Network Security Gap that exists between the actual security state of enterprise networks and what is known to IT. For more information, please visit ii Demystifying the Myth of Passive Network Discovery and Monitoring Systems

3 Contents Abstract Introduction Passive Network Discovery - a Brief Introduction Strengths of Passive Network Discovery Real-Time Operation Zero Performance Impact Data Processing Detection of Active Network Elements & Their Properties Detection of Elements behind "Network Obstacles" Granular Network Utilization Information Network Utilization Abnormality Detection Detection of NAT-Enabled devices Weaknesses of Passive Network Discovery Obvious Weaknesses What You See Is All You Get Quality and Relevancy of Network Traffic Observed No Control over the Pace of the Discovery Limited IP Address Space Coverage Not Everything Can Be Passively Determined Incomplete and Partial Network Topology Deployment Location Network Utilization Related Issues Limited Service Monitoring Less-Known but More Significant Weaknesses Inability to Resist Decoy and Deception Denial of Service & Remote Code Execution Demystifying the Myth of Passive Network Discovery and Monitoring Systems iii

4 5 Conclusion References iv Demystifying the Myth of Passive Network Discovery and Monitoring Systems

5 Abstract This paper sheds light on the weaknesses of passive network discovery and monitoring systems. It starts by defining passive network discovery, and goes over the advantages and disadvantages of the technology. It then demonstrates why passive network discovery cannot live up to its expectation, and is unable to deliver the promise of complete, accurate and granular network discovery and monitoring. Demystifying the Myth of Passive Network Discovery and Monitoring Systems 1

6 1 Introduction Important questions, such as "What is on the enterprise network?", "Who is on the enterprise network?", and "What is being done on the enterprise network?" have triggered attempts by many researchers to find an appropriate network discovery technology, which would not only allow accurately answer these questions and in a complete and granular fashion, but would also allow for the real-time maintenance of this information. In recent years, a number of commercial companies have hyped a new technological solution for network discovery called passive network discovery. This paper sheds light on the weaknesses of passive network discovery and monitoring systems. It starts by defining passive network discovery, and goes over the advantages and disadvantages of the technology. It then demonstrates why passive network discovery cannot live up to its expectation, and is unable to deliver the promise of complete, accurate and granular network discovery and monitoring. 2 Demystifying the Myth of Passive Network Discovery and Monitoring Systems

7 2 Passive Network Discovery - a Brief Introduction Passive network discovery and monitoring is a technology that processes captured packets from a monitored network in order to gather information about the network, its active elements, and their properties. It is usually installed at a network choke point. Passive network discovery and monitoring relies on user and network activities in order to draw conclusions about the network, its active elements and their properties. The roots of passive network discovery and monitoring technology go back to the mid-1990s where references regarding the usage of the technology can be found 1. Information collected using a passive network discovery and monitoring system may include the following: Active network elements and their properties (i.e. underlying operating system) Active network services and their versions The distances between active network elements and the monitoring point on the network Active client-based software and their versions Network utilization information Vulnerabilities found for network elements residing on the monitored network The information collected by a passive network discovery and monitoring system might be used for the following purposes: Building the layer 3-based topology of a monitored network Auditing Providing network utilization information Performing network forensics Performing vulnerability discovery Creating a context for the network operation Feeding information collected from a monitored network into other security and/or network management systems to enhance their operation by providing some context regarding the network they operate in (information about the network, the active elements found on the network, and their properties) 1 Vern Paxson, Automated Packet Trace Analysis of TCP Implementations, Demystifying the Myth of Passive Network Discovery and Monitoring Systems 3

8 3 Strengths of Passive Network Discovery Passive network discovery and monitoring systems offer important advantages, which stem from how they operate. This section outlines these advantages. 3.1 Real-Time Operation A passive network discovery and monitoring system operates in real-time, processing received network traffic and providing relevant information. Unlike non-passive-based systems, this allows a passive network discovery and monitoring system to detect network-related activities as they occur. 3.2 Zero Performance Impact The use of a passive network discovery and monitoring system has zero impact on the performance of the monitored network. 2 This is due to the fact that the monitored network s traffic is copied and fed into the passive network discovery and monitoring system. The operation of a passive network discovery and monitoring system does not involve actively querying elements residing on the monitored network in order to harvest information about them, the network, and/or about other elements. Due to the fact that a passive network discovery and monitoring system does not send any packets to the network, and does not pose a risk to the stability of a monitored network, it can theoretically be installed on any network. 3.3 Data Processing Passive network discovery and monitoring systems have the ability to gather information from all TCP/IP layers of network traffic processed. Information can be gathered not only from the physical, network, and transport layers, but also from the application layer if the latter is not encrypted. 3.4 Detection of Active Network Elements & Their Properties A passive network discovery and monitoring system can detect network elements, and some of their properties, based on network activity related to the network element, provided that it receives network traffic associated with the network element and its properties. 2 Note: It is important not to overload a network device s backplane in case port mirroring is in used. If the network device s backplane is overloaded, then the monitored network will suffer from performance degradation. Another side effect would be the inability of the network device to send all of the network traffic that passes through the device, and needs to be monitored, to the network discovery and monitoring system. 4 Demystifying the Myth of Passive Network Discovery and Monitoring Systems

9 The ability to detect network elements and some of their properties based on the observed network traffic enables a passive network discovery system to: Detect active network elements that transmit and/or receive data over the monitored network Detect network elements as they become active and transmit and/or receive data over the monitored network The ability to detect active network elements based on their network activity allows passive network discovery and monitoring systems to: Detect network elements that have low uptime Detect network elements that may transmit and/or receive data for short time periods only A passive network discovery and monitoring system can detect certain properties related to the monitored network and its elements. For example, it can: Detect on which network elements, residing on the monitored network, active network services are operational and serving requests coming from network elements on other networks Detect active network services running on non-default ports Detect active client-based network software operating on network elements located on the monitored network 3.5 Detection of Elements behind "Network Obstacles" A passive network discovery and monitoring system can detect active network elements that operate behind "network obstacles" and send and/or receive network traffic over the monitored network. A "network obstacle" is defined as a network element that connects multiple networking elements to a network, and filters traffic from that network to these network elements, which are hidden behind it. Examples of network obstacles include network firewalls, NAT devices, and load balancers. 3.6 Granular Network Utilization Information A passive network discovery and monitoring solution is able to provide information regarding the network utilization of a monitored network link. Unlike active network-monitoring solutions, which provide only basic network utilization information regarding the utilization of a monitored communication link (i.e., the amount of traffic observed over a certain amount of time) through the Demystifying the Myth of Passive Network Discovery and Monitoring Systems 5

10 usage of SNMP 3, a passive network discovery and monitoring system provides network utilization information by observing actual network traffic. A passive network discovery and monitoring system can provide more granular and detailed network utilization information than active network-monitoring solutions. Examples of granular network utilization information, which can only be provided by a passive network monitoring solution, include (but are not limited to) network utilization information per network service, per network element, and per session. 3.7 Network Utilization Abnormality Detection The ability to provide statistical information regarding network utilization information, per network element, per network service, and the ability to gather information from all TCP/IP layers, enables a passive network discovery and monitoring solution to build usage profiles for any network element using the network and for any network service used over the monitored network. These usage profiles can later be used to detect network-related usage abnormalities. 3.8 Detection of NAT-Enabled devices A passive network discovery and monitoring system may be able to discover network address translation (NAT) enabled devices, which operate on the monitored network, and to estimate the number of network devices that may be hiding behind them 4. 3 For more information on active network-monitoring tools please refer to the following: The Multi Router Traffic Grapher (MRTG), at 4 Steven M. Bellovin, A Technique for Counting NATed Hosts, Demystifying the Myth of Passive Network Discovery and Monitoring Systems

11 4 Weaknesses of Passive Network Discovery Despite its important advantages, passive network discovery and monitoring systems face a number of critical weaknesses, which affect their discovery and monitoring capabilities. This section demonstrates why passive network discovery cannot live up to its expectations, and is unable to deliver the promise of complete, accurate and granular network discovery and monitoring. 4.1 Obvious Weaknesses What You See Is All You Get By definition, a passive network discovery and monitoring system analyzes and draws conclusions about a monitored network, its elements and their properties, based on the network traffic observed at a monitoring location on the network. As a result, the operational limitations of passive network discovery and monitoring solutions include: A passive network discovery and monitoring solution cannot draw conclusions about an element and/or its properties if the related network traffic does not go through the monitoring point Information that needs to be collected by a passive network discovery and monitoring system may never be gathered due to a lack of network activity that discloses the information A passive network discovery and monitoring solution cannot detect idle (inactive) elements, services, and applications The discovery performed by a passive network discovery and monitoring system will be partial and incomplete, because it is unable, technologically, to detect all network assets and their respected properties A passive network discovery and monitoring system is blind when it comes to encrypted network traffic Quality and Relevancy of Network Traffic Observed A passive network discovery and monitoring system has no control over the type of information that passes through its monitoring point. Information that needs to be collected by a passive network discovery and monitoring system may never be gathered due to a lack of network activity to disclose the information. Therefore, granularity, which is an important aspect of any network discovery technology, cannot be achieved with passive network discovery and monitoring systems. Demystifying the Myth of Passive Network Discovery and Monitoring Systems 7

12 4.1.3 No Control over the Pace of the Discovery A passive network discovery and monitoring system has no control over the pace of the discovery because it does not control the type of information that passes through its monitoring point and its initiation Limited IP Address Space Coverage Lacking control over the type of information that passes through its monitoring point, a passive network discovery system can cover only a limited IP address space. Some networks and some network elements may never send their traffic through a monitoring point therefore their existence will not be uncovered by a passive network discovery and monitoring system. As a passive system, a passive network discovery and monitoring system cannot query a network looking for additional network elements Not Everything Can Be Passively Determined In some cases information cannot be unveiled using passive network discovery. Passive vulnerability discovery is a good example not all vulnerabilities can be determined passively. For example, the vulnerabilities abused by the Code Red 5 worm, the Blaster 6 worm, the Sasser 7 worm, and so on Incomplete and Partial Network Topology A passive network discovery and monitoring system gathers network topology information based on the distances discovered between network elements and the monitoring point on the network. This is done by relying on the time-to-live field value in the IP header of observed network traffic. The timeto-live field value is to be decremented from its default value by each routing enabled device, which processes the IP header of the packet on its way from the sender to its destination. Some passive network discovery and monitoring systems first determine the underlying operating system of a certain network element before relying on the time-to-live field value found with network traffic initiated by this network element. The network topology information provided by a passive network discovery and monitoring system relates only to layer 3-based information, i.e., route-based information. A passive network discovery 5 Microsoft Security Bulletin MS01-44, 15 August 2001 Cumulative Patch for IIS, August 15 th, Microsoft Security Bulletin MS03-39, Buffer Overrun In RPCSS Service Could Allow Code Execution (824146), September 10 th, Microsoft Security Bulletin MS04-011, Security Update for Microsoft Windows (835732), April 13 th, Demystifying the Myth of Passive Network Discovery and Monitoring Systems

13 system cannot detect the physical network topology (i.e., switch connectivity) of the network it is monitoring due to several key reasons: It cannot detect the network switches that operate on the network. Usually a network switch does not generate network traffic other than the spanning tree protocol packets targeting its adjunct switches A passive network discovery and monitoring system cannot query switches for their CAM tables, detecting which network element (or elements) is connected to which switch port, because it is a passive only system A passive network discovery and monitoring system supplies an incomplete and inaccurate network topology map for the following additional reasons: It cannot uncover routing that is not performed through its monitoring point It cannot detect other routers operating on the monitored network It is unable to uncover all of the network elements operating on the monitored network Deployment Location The deployment location of a passive network discovery and monitoring solution determines the network traffic s quality of the data it receives. The quality of network traffic data, relevant to the information collection process, is maximized when the deployment location of a passive network discovery and monitoring system is as close as possible to the access layer (i.e., between layer 2 and layer 3). If layer 2-based traffic of a monitored network is not to be observed by a passive network discovery and monitoring system, the result is less reliable and incomplete information regarding the monitored network, its elements and their properties Network Utilization Related Issues A number of issues related to network utilization are associated with passive network discovery and monitoring systems: Although it is able to passively receive network traffic from multiple monitoring points, a passive network discovery and monitoring solution is unable to supply with "per link" utilization information A passive network discovery and monitoring system cannot uncover communications between network elements connected to the same switch Limited Service Monitoring A passive network discovery system cannot monitor network services. This is because: It cannot monitor service condition state transitions It is unable to uncover idle services, and so on Demystifying the Myth of Passive Network Discovery and Monitoring Systems 9

14 4.2 Less-Known but More Significant Weaknesses Inability to Resist Decoy and Deception A passive network discovery and monitoring system analyzes and draws conclusions about a monitored network, its elements and their properties based on network traffic observed at a monitoring location on the network. Although a passive network discovery and monitoring system may have some conflict resolution policies, depending on a number of parameters, it may be possible to trick the system into drawing erroneous conclusions about the network, its elements and their properties, by poisoning the observed network traffic. A passive network discovery and monitoring system can be tricked because it is unable to validate the information collected from a monitored network. The location of a passive network discovery and monitoring system and its distance from a monitored network determine the level of confidence in the results it will produce. Influencing the accuracy of a passive network discovery and monitoring system can influence other systems, which rely on the data collected by the passive network discovery and monitoring system as their input. A good example would be the passive network discovery and monitoring systems that are used to accompany other products, such as network intrusion detection systems (NIDS), network intrusion prevention systems (NIPS). Influencing the passive network discovery and monitoring system into making wrong conclusions about the network, its elements and their properties, would result in inaccurate (and incomplete) information being fed into another system, affecting its operation and the conclusions it makes about the network, its elements, and their properties Example I: Changing Location Information Under certain conditions, a network discovery and monitoring system can be tricked into concluding that a specific network element is located closer to or further from a monitoring location simply by changing the default time-to-live field value in the IP header. For example, a Microsoft Windows 2000-based networking element has the default time-to-live field value set to 128. By changing the default value to the value of 126, a passive network discovery and monitoring system would still identify the network s element underlying operating system as Windows. It would then trust the timeto-live field value information contained with the IP header of examined packets of this network element, placing it two hops further away from the monitoring point. 10 Demystifying the Myth of Passive Network Discovery and Monitoring Systems

15 Figure 1Figure 1 and Figure 2 illustrate this weakness. Figure 1: Actual Network Topology Figure 2: Topology Drawn by a Passive Network Discovery System Demystifying the Myth of Passive Network Discovery and Monitoring Systems 11

16 Example II: Influencing Network Traffic Utilization Information A network element may influence network traffic utilization information reported by a passive network discovery and monitoring system. This can be performed by injecting bogus traffic into the network, which would pass through the monitoring location used by the passive network discovery and monitoring system to observe network traffic. There are many different factors that prevent a passive network discovery and monitoring system from resisting these and other types (more and less sophisticated) of network traffic poisoning. The inability of passive network discovery and monitoring systems to validate collected information is one such key factor Denial of Service & Remote Code Execution Numerous examples exist for the ability to either crash or even take control of passive network discovery and monitoring systems, taking advantage of the need of these systems to decode packets passively received. Denial of service examples include: Snort TCP/IP Options Bug Lets Remote Users Deny Service, Marcin Zgorecki, post to Snortdevel mailing list, October 2004 Unknown vulnerability in the Gnutella dissector in Ethereal through allows remote attackers to cause a denial of service (application crash), CAN , Remote code execution examples include: Buffer overflow in the X11 dissector in Ethereal through allows remote attackers to execute arbitrary code via a crafted packet, CAN , Ethereal SIP Dissector Overflow, May 8 th, Demystifying the Myth of Passive Network Discovery and Monitoring Systems

17 5 Conclusion This paper has examined the strengths and weaknesses of passive network discovery and monitoring technology. It has demonstrated that despite the strong advantages of the passive network discovery and monitoring technology, it cannot, under any circumstances, perform complete, accurate, and granular network discovery and monitoring due to its technological limitations, which are directly related to the passive nature of the technology. Demystifying the Myth of Passive Network Discovery and Monitoring Systems 13

18 6 References [1] Vern Paxson, Automated Packet Trace Analysis of TCP Implementations, 1997 [2] The Multi Router Traffic Grapher (MRTG), at: [3] Steven M. Bellovin, A Technique for Counting NATed Hosts, [4] Microsoft Security Bulletin MS01-44, 15 August 2001 Cumulative Patch for IIS, August 15 th, [5] Microsoft Security Bulletin MS03-39, Buffer Overrun In RPCSS Service Could Allow Code Execution (824146), September 10 th, [6] Microsoft Security Bulletin MS04-011, Security Update for Microsoft Windows (835732), April 13 th, [7] Snort TCP/IP Options Bug Lets Remote Users Deny Service, Marcin Zgorecki, post to Snortdevel mailing list, October [8] Unknown vulnerability in the Gnutella dissector in Ethereal through allows remote attackers to cause a denial of service (application crash), CAN , [9] Buffer overflow in the X11 dissector in Ethereal through allows remote attackers to execute arbitrary code via a crafted packet, CAN , [10] Ethereal SIP Dissector Overflow, May 8 th, Demystifying the Myth of Passive Network Discovery and Monitoring Systems

Ofir Arkin Insightix. A New Hybrid Approach for Infrastructure Discovery, Monitoring and Control

Ofir Arkin Insightix. A New Hybrid Approach for Infrastructure Discovery, Monitoring and Control Ofir Arkin is the CTO and Co-founder of Insightix, which pioneers the next generation of IT infrastructure discovery, monitoring and auditing systems for enterprise networks. Ofir holds 10 years of experience

More information

On the Deficiencies of Active Network Discovery Systems

On the Deficiencies of Active Network Discovery Systems On the Deficiencies of Active Network Discovery Systems Ofir Arkin Chief Technology Officer Insightix Copyright 2012 - All Rights Reserved. This material is proprietary of Insightix. Any unauthorized

More information

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

A Review of Anomaly Detection Techniques in Network Intrusion Detection System A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In

More information

Bypassing Network Access Control Systems

Bypassing Network Access Control Systems 1 Bypassing Network Access Control Systems Ofir Arkin, CTO Blackhat USA 2006 ofir.arkin@insightix.com http://www.insightix.com 2 What this talk is about? Introduction to NAC The components of a NAC solution

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network

More information

Bypassing Network Access Control Systems

Bypassing Network Access Control Systems Bypassing Network Access Control Systems Ofir Arkin Chief Technology Officer Insightix Ltd. September 2006 United States International 945 Concord Street 13 Hasadna Street Framingham, MA 01701 Ra'anana,

More information

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc. Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet

More information

Insightix Discovery & NAC. Lite Edition. Installation Guide. Version 3.0. May 2007. United States. International 945 Concord St.

Insightix Discovery & NAC. Lite Edition. Installation Guide. Version 3.0. May 2007. United States. International 945 Concord St. Insightix Discovery & NAC Lite Edition Version 3.0 Installation Guide May 2007 United States International 945 Concord St. 13 Hasadna Street Framingham, MA 01701 Ra'anana, Israel 508.620.4788 +972.9.740.1667

More information

Finding Network Security Breaches Using LiveAction Software to detect and analyze security issues in your network

Finding Network Security Breaches Using LiveAction Software to detect and analyze security issues in your network LiveAction Application Note Finding Network Security Breaches Using LiveAction Software to detect and analyze security issues in your network September 2012 http://www.liveaction.com Table of Contents

More information

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013 CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access

More information

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann

More information

INTRUSION DETECTION SYSTEMS and Network Security

INTRUSION DETECTION SYSTEMS and Network Security INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS

More information

Firewalls Overview and Best Practices. White Paper

Firewalls Overview and Best Practices. White Paper Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not

More information

Unified network traffic monitoring for physical and VMware environments

Unified network traffic monitoring for physical and VMware environments Unified network traffic monitoring for physical and VMware environments Applications and servers hosted in a virtual environment have the same network monitoring requirements as applications and servers

More information

IDS / IPS. James E. Thiel S.W.A.T.

IDS / IPS. James E. Thiel S.W.A.T. IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw Network Monitoring On Large Networks Yao Chuan Han (TWCERT/CC) james@cert.org.tw 1 Introduction Related Studies Overview SNMP-based Monitoring Tools Packet-Sniffing Monitoring Tools Flow-based Monitoring

More information

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

Training Course on Network Administration

Training Course on Network Administration Training Course on Network Administration 03-07, March 2014 National Centre for Physics 1 Network Security and Monitoring 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2 Crafting a Secure

More information

74% 96 Action Items. Compliance

74% 96 Action Items. Compliance Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

Introduction of Intrusion Detection Systems

Introduction of Intrusion Detection Systems Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:

More information

Intrusion Detections Systems

Intrusion Detections Systems Intrusion Detections Systems 2009-03-04 Secure Computer Systems Poia Samoudi Asli Davor Sutic Contents Intrusion Detections Systems... 1 Contents... 2 Abstract... 2 Introduction... 3 IDS importance...

More information

Firewalls and Intrusion Detection

Firewalls and Intrusion Detection Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall

More information

Intrusion Detection Systems

Intrusion Detection Systems Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics

More information

Chapter 11 Cloud Application Development

Chapter 11 Cloud Application Development Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How

More information

Lumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks

Lumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks IPsonar provides visibility into every IP asset, host, node, and connection on the network, performing an active probe and mapping everything that's on the network, resulting in a comprehensive view of

More information

Name. Description. Rationale

Name. Description. Rationale Complliiance Componentt Description DEEFFI INITION Network-Based Intrusion Detection Systems (NIDS) Network-Based Intrusion Detection Systems (NIDS) detect attacks by capturing and analyzing network traffic.

More information

Internet Security and Acceleration Server 2000 with Service Pack 1 Audit. An analysis by Foundstone, Inc.

Internet Security and Acceleration Server 2000 with Service Pack 1 Audit. An analysis by Foundstone, Inc. Internet Security and Acceleration Server 2000 with Service Pack 1 Audit An analysis by Foundstone, Inc. Internet Security and Acceleration Server 2000 with Service Pack 1 Audit This paper presents an

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

STANDPOINT FOR QUALITY-OF-SERVICE MEASUREMENT

STANDPOINT FOR QUALITY-OF-SERVICE MEASUREMENT STANDPOINT FOR QUALITY-OF-SERVICE MEASUREMENT 1. TIMING ACCURACY The accurate multi-point measurements require accurate synchronization of clocks of the measurement devices. If for example time stamps

More information

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013 CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

2010 White Paper Series. Layer 7 Application Firewalls

2010 White Paper Series. Layer 7 Application Firewalls 2010 White Paper Series Layer 7 Application Firewalls Introduction The firewall, the first line of defense in many network security plans, has existed for decades. The purpose of the firewall is straightforward;

More information

Firewalls P+S Linux Router & Firewall 2013

Firewalls P+S Linux Router & Firewall 2013 Firewalls P+S Linux Router & Firewall 2013 Firewall Techniques What is a firewall? A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network

More information

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline

More information

SANE: A Protection Architecture For Enterprise Networks

SANE: A Protection Architecture For Enterprise Networks Fakultät IV Elektrotechnik und Informatik Intelligent Networks and Management of Distributed Systems Research Group Prof. Anja Feldmann, Ph.D. SANE: A Protection Architecture For Enterprise Networks WS

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

Analysis of Computer Network Attacks

Analysis of Computer Network Attacks Analysis of Computer Network Attacks Nenad Stojanovski 1, Marjan Gusev 2 1 Bul. AVNOJ 88-1/6, 1000 Skopje, Macedonia Nenad.stojanovski@gmail.com 2 Faculty of Natural Sciences and Mathematics, Ss. Cyril

More information

Securing SIP Trunks APPLICATION NOTE. www.sipera.com

Securing SIP Trunks APPLICATION NOTE. www.sipera.com APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)

More information

ΕΠΛ 674: Εργαστήριο 5 Firewalls

ΕΠΛ 674: Εργαστήριο 5 Firewalls ΕΠΛ 674: Εργαστήριο 5 Firewalls Παύλος Αντωνίου Εαρινό Εξάμηνο 2011 Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized

More information

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline Overview The following note covers information published in the PCI-DSS Wireless Guideline in July of 2009 by the PCI Wireless Special Interest Group Implementation Team and addresses version 1.2 of the

More information

Intelligent. Data Sheet

Intelligent. Data Sheet Cisco IPS Software Product Overview Cisco IPS Software is the industry s leading network-based intrusion prevention software. It provides intelligent, precise, and flexible protection for your business

More information

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc. Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim

More information

Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology. Project Proposal 1

Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology. Project Proposal 1 Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology Project Proposal 1 Project Proposal 2 Abstract Honeypot systems are readily used by organizations large and

More information

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY CISCO INFORMATION TECHNOLOGY SEPTEMBER 2004 1 Overview Challenge To troubleshoot capacity and quality problems and to understand

More information

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

CYBER ATTACKS EXPLAINED: PACKET CRAFTING CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure

More information

Denial of Service attacks: analysis and countermeasures. Marek Ostaszewski

Denial of Service attacks: analysis and countermeasures. Marek Ostaszewski Denial of Service attacks: analysis and countermeasures Marek Ostaszewski DoS - Introduction Denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

Network Instruments white paper

Network Instruments white paper Network Instruments white paper USING A NETWORK ANALYZER AS A SECURITY TOOL Network Analyzers are designed to watch the network, identify issues and alert administrators of problem scenarios. These features

More information

Network Security and Firewall 1

Network Security and Firewall 1 Department/program: Networking Course Code: CPT 224 Contact Hours: 96 Subject/Course WEB Access & Network Security: Theoretical: 2 Hours/week Year Two Semester: Two Prerequisite: NET304 Practical: 4 Hours/week

More information

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

More information

Technical Note. ForeScout CounterACT: Virtual Firewall

Technical Note. ForeScout CounterACT: Virtual Firewall ForeScout CounterACT: Contents Introduction... 3 What is the vfw?.... 3 Technically, How Does vfw Work?.... 4 How Does vfw Compare to a Real Firewall?.... 4 How Does vfw Compare to other Blocking Methods?...

More information

Distributed Denial of Service Attack Tools

Distributed Denial of Service Attack Tools Distributed Denial of Service Attack Tools Introduction: Distributed Denial of Service Attack Tools Internet Security Systems (ISS) has identified a number of distributed denial of service tools readily

More information

NSC 93-2213-E-110-045

NSC 93-2213-E-110-045 NSC93-2213-E-110-045 2004 8 1 2005 731 94 830 Introduction 1 Nowadays the Internet has become an important part of people s daily life. People receive emails, surf the web sites, and chat with friends

More information

Deploying Firewalls Throughout Your Organization

Deploying Firewalls Throughout Your Organization Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

More information

Cisco IOS Flexible NetFlow Technology

Cisco IOS Flexible NetFlow Technology Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application

More information

IBM. Vulnerability scanning and best practices

IBM. Vulnerability scanning and best practices IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

THE ROLE OF IDS & ADS IN NETWORK SECURITY

THE ROLE OF IDS & ADS IN NETWORK SECURITY THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities Learning Objectives Name the common categories of vulnerabilities Discuss common system

More information

First Line of Defense to Protect Critical Infrastructure

First Line of Defense to Protect Critical Infrastructure RFI SUBMISSION First Line of Defense to Protect Critical Infrastructure Developing a Framework to Improve Critical Infrastructure Cybersecurity Response to NIST Docket # 130208119-3119-01 Document # 2013-044B

More information

Network Instruments white paper

Network Instruments white paper Network Instruments white paper ANALYZING FULL-DUPLEX NETWORKS There are a number ways to access full-duplex traffic on a network for analysis: SPAN or mirror ports, aggregation TAPs (Test Access Ports),

More information

Top 3 Undiscovered Vulnerabilities IPsonar Finds on a First Scan

Top 3 Undiscovered Vulnerabilities IPsonar Finds on a First Scan Top 3 Undiscovered Vulnerabilities IPsonar Finds on a First Scan A publication of Lumeta Corporation www.lumeta.com Introduction Large enterprises function in an ever-expanding IP space and often have

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized Internet users

More information

Network Discovery Protocol LLDP and LLDP- MED

Network Discovery Protocol LLDP and LLDP- MED Network LLDP and LLDP- MED Prof. Vahida Z. Attar College of Engineering, Pune Wellesely Road, Shivajinagar, Pune-411 005. Maharashtra, INDIA Piyush chandwadkar College of Engineering, Pune Wellesely Road,

More information

Global Partner Management Notice

Global Partner Management Notice Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with

More information

Architecture Overview

Architecture Overview Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and

More information

Introduction to Network Discovery and Identity

Introduction to Network Discovery and Identity The following topics provide an introduction to network discovery and identity policies and data: Host, Application, and User Detection, page 1 Uses for Host, Application, and User Discovery and Identity

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 9 Firewalls and Intrusion Prevention Systems First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Firewalls and Intrusion

More information

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:

More information

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9 NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document

More information

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Firewalls and VPNs. Principles of Information Security, 5th Edition 1 Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches

More information

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates

More information

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005 Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in

More information

5 Steps to Avoid Network Alert Overload

5 Steps to Avoid Network Alert Overload 5 Steps to Avoid Network Alert Overload By Avril Salter 1. 8 0 0. 8 1 3. 6 4 1 5 w w w. s c r i p t l o g i c. c o m / s m b I T 2011 ScriptLogic Corporation ALL RIGHTS RESERVED. ScriptLogic, the ScriptLogic

More information

8. Firewall Design & Implementation

8. Firewall Design & Implementation DMZ Networks The most common firewall environment implementation is known as a DMZ, or DeMilitarized Zone network. A DMZ network is created out of a network connecting two firewalls; i.e., when two or

More information

Firewall and UTM Solutions Guide

Firewall and UTM Solutions Guide Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: info@lsasystems.com Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers

More information

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/ Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 6, Nov. 10, 2010 Firewalls, Intrusion Prevention, Intrusion Detection

More information

Detection of illegal gateways in protected networks

Detection of illegal gateways in protected networks Detection of illegal gateways in protected networks Risto Vaarandi and Kārlis Podiņš Cooperative Cyber Defence Centre of Excellence Tallinn, Estonia firstname.lastname@ccdcoe.org 1. Introduction In this

More information

Security and Access Control Lists (ACLs)

Security and Access Control Lists (ACLs) Security and Access Control Lists (ACLs) Malin Bornhager Halmstad University Session Number 2002, Svenska-CNAP Halmstad University 1 Objectives Security Threats Access Control List Fundamentals Access

More information

Avaya ExpertNet Lite Assessment Tool

Avaya ExpertNet Lite Assessment Tool IP Telephony Contact Centers Mobility Services WHITE PAPER Avaya ExpertNet Lite Assessment Tool April 2005 avaya.com Table of Contents Overview... 1 Network Impact... 2 Network Paths... 2 Path Generation...

More information

Firewall Server 7.2. Release Notes. What's New in Firewall Server 7.2

Firewall Server 7.2. Release Notes. What's New in Firewall Server 7.2 Firewall Server 7.2 Release Notes BorderWare Technologies is pleased to announce the release of version 7.2 of the Firewall Server. This release includes the following new features and improvements. What's

More information

Security Technology: Firewalls and VPNs

Security Technology: Firewalls and VPNs Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation www.lumeta.

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation www.lumeta. Why Leaks Matter Leak Detection and Mitigation as a Critical Element of Network Assurance A publication of Lumeta Corporation www.lumeta.com Table of Contents Executive Summary Defining a Leak How Leaks

More information

Detecting rogue systems

Detecting rogue systems Product Guide Revision A McAfee Rogue System Detection 4.7.1 For use with epolicy Orchestrator 4.6.3-5.0.0 Software Detecting rogue systems Unprotected systems, referred to as rogue systems, are often

More information

Analyzing Full-Duplex Networks

Analyzing Full-Duplex Networks Analyzing Full-Duplex Networks There are a number ways to access full-duplex traffic on a network for analysis: SPAN or mirror ports, aggregation TAPs (Test Access Ports), or full-duplex TAPs are the three

More information

Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100

Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Course Description: Introduction to Cybersecurity is designed to provide students the basic concepts and terminology

More information

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity NIP IDS Product Overview The Network Intelligent Police (NIP) Intrusion Detection System (IDS) is a new generation of session-based intelligent network IDS developed by Huaweisymantec. Deployed in key

More information

DDoS Protection Technology White Paper

DDoS Protection Technology White Paper DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of

More information

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition Advanced Administration for Citrix NetScaler 9.0 Platinum Edition Course Length: 5 Days Course Code: CNS-300 Course Description This course provides the foundation to manage, configure and monitor advanced

More information

Basic Vulnerability Issues for SIP Security

Basic Vulnerability Issues for SIP Security Introduction Basic Vulnerability Issues for SIP Security By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com The Session Initiation Protocol (SIP) is the future

More information

WHITEPAPER. Achieving Network Payment Card Industry Data Security Standard (PCI DSS) Compliance with NetMRI

WHITEPAPER. Achieving Network Payment Card Industry Data Security Standard (PCI DSS) Compliance with NetMRI WHITEPAPER Achieving Network Payment Card Industry Data Security Standard (PCI DSS) Compliance with NetMRI About PCI DSS Compliance The widespread use of debit and credit cards in retail transactions demands

More information

Managing Network Bandwidth to Maximize Performance

Managing Network Bandwidth to Maximize Performance Managing Network Bandwidth to Maximize Performance With increasing bandwidth demands, network professionals are constantly looking to optimize network resources, ensure adequate bandwidth, and deliver

More information

HP IMC User Behavior Auditor

HP IMC User Behavior Auditor HP IMC User Behavior Auditor Administrator Guide Abstract This guide describes the User Behavior Auditor (UBA), an add-on service module of the HP Intelligent Management Center. UBA is designed for IMC

More information

Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!

Black Box Penetration Testing For GPEN.KM V1.0 Month dd #$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;! Sample Penetration Testing Report Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$%&'#)*)&'+,-./0.-121.030045.5675895.467:;83-/;0383; th, yyyy A&0#0+4*M:+:#&*#0%+C:,#0+4N:

More information

Network Discovery Protocol LLDP and LLDP- MED

Network Discovery Protocol LLDP and LLDP- MED Network LLDP and LLDP- MED Prof. Vahida Z. Attar College of Engineering, Pune Wellesely Road, Shivajinagar, Pune-411 005. Maharashtra, INDIA Piyush chandwadkar College of Engineering, Pune Wellesely Road,

More information