Monitoring Network Traffic with Radial Traffic Analyzer

Size: px
Start display at page:

Download "Monitoring Network Traffic with Radial Traffic Analyzer"

Transcription

1 MonitoringNetworkTraffic withradialtrafficanalyzer DanielA.KeimFlorianMansmannJörnSchneidewindTobiasSchreck IEEESymposiumonVisualAnalyticsScienceandTechnology,2006 StefanHeinz SeminarVisualAnalytics SummerTerm2008

2 Motivation Internethasbecometheinformationmediumoffirst resort Eachhostonthenetworkfacesdifferentthreatsinthis environment Maliciouscode Denial of serviceattacks Attemptstohijackamachine

3 Motivation Howcanweidentifysuchthreats? Whatkindofdataistransferredbetweenmycomputer andothercomputersonthenetwork? localnetwork localhost internet

4 Motivation NetworkMonitoring Surveillanceofimportantperformancemetrics Goal:supervisefunctionality,detectandprevent potentialproblems,developeffectivecounter measuresforanomaliesandsabotage

5 DataSet Communicationdataiscomplex Largeamountsofdata Real timedata Interrelationshipsbetweencommunication connections Relationshipsmayvaryovertime

6 DataSet TechnicalBackground TCP/IPReferenceModel 1 ApplicationLayer 2 PresentationLayer 3 SessionLayer 4 TransportLayer 5 NetworkLayer 6 DataLinkLayer 7 PhysicalLayer 1 ApplicationLayer 2 PresentationLayer 3 SessionLayer 4 TransportLayer 5 NetworkLayer 6 DataLinkLayer 7 PhysicalLayer

7 DataSet TechnicalBackground TCP/IPReferenceModel 1 ApplicationLayer 2 PresentationLayer 3 SessionLayer 4 TransportLayer 5 NetworkLayer 6 DataLinkLayer 7 PhysicalLayer allowsmappingtoapplications packetlevel TCP,UDP IP Ports IP Address MAC Address 80(http)

8 DataSet Attributes Time SourceIPaddress&port DestinationIPaddress&port Payload

9 RelatedWork StephenLau TheSpinningCube ofpotentialdoom Communicationsof thacm,2004

10 RelatedWork AnitaKomledietal. AUser CentricLookat Glyph BasedSecurity Visualization IEEEWorkshopon Visualizationfor ComputerSecurity, 2005

11 RelatedWork StefanoForestietal. VisualCorrelationof NetworkAlerts. IEEEComputer Graphicsand Applications,2006

12 RelatedWork Howdoesthisapproachdifferfromtheseworks? Bringtogetherthecomplementingpiecesof information Easierreadingandinterpretation Easier to understandmetaphors

13 RadialTrafficAnalyzer Layout Attributesaremappedto differentrings Userselectsimportant attributestobedisplayed intheinnerrings Frominsidetooutsidethe attributesareused successivelyforgrouping andsorting

14 RadialTrafficAnalyzer Whyaradiallayout? Supportsbetterthetaskoffindingsuspiciouspatterns Userisnotmisguidedtoplacemoreimportanceonan itemduetoitspositionsontheleftorright

15 ColoringConcept Specialcolors Brightnessfor secure/unsecured Usesdistinctcolors foripadressesand ports

16 RadialTrafficAnalyzer Interactivity Positioningandthusimportancewithinthesorting ordercanbechangedusingdrag&dropoperations Tooltipsareusedtodisplaythefulllabelincaseof smallsegmentsandadditionalinformation(hostname, possibleapplicationprograms)

17 RadialTrafficAnalyzer Interactivity Detailedinformationforasegmentisaccessibleusing apopupmenu Differentmeasures:transferredbytes,numberof connections,numberofsessions Mouseclickfilters/discardsalltrafficwiththechosen attribute

18 RadialTrafficAnalyzer Flexibility

19 CombiningRTAwithGeospatialDisplays IdeaforHistoMap RetrievecountrynamesforIPaddressesusing Maxmind'sGeoIPDatabase Usesquarifiedtreemaplayout Sizeofrectanglescorrespondstotrafficvolume

20 CombiningRTAwithGeospatialDisplays

21 InteractiveExplorationofDataTrafficwith HierarchicalNetworkMaps FlorianMansmannSvetlanaVinnik IEEETransactionsonVisualizationandComputerGraphics,2006

22 HierarchicalNetworkMaps Displaythedistributionofsourceandtargetdatatraffic ofnetworknodes Visualizationofportactivity Alsoaspace fillingtechniquetreemap

23 HierarchicalNetworkMaps

24 HierarchicalNetworkMaps Layout Squarifiedtreemap Togetanalmoststaticmaplayout,thetotalsizeofthe networkanditscomponentsisused(userorientation) Nodesoncontinentandcountrylevelpreservetheir relativegeographicalposition NodesontheotherlevelsaresortedbyIPaddresses

25 HierarchicalNetworkMaps

26 HierarchicalNetworkMaps

27 HierarchicalNetworkMaps Filters Typeofload(packetssent,receivedortotal) Timeframe Portorportcluster Protocol

28 HierarchicalNetworkMaps Largeamountsofdata Itturnedouttobeinfeasibletoprocesstheentire networkdata Aggregationentrieswereused(#sessions,#packets transferred,bytestransferred) Usageofdatawarehousetechniques(OLAPcubes) SplitthelogintoaShortTermLog,MiddleTermLogand LongTermLog

29 HierarchicalNetworkMaps DescendingtothePixelLevel

30 HierarchicalNetworkMaps Interaction Usercanchoosewhichregionofthenetworkshould beinvestigatedfurther Drill down/roll up Additionalinformationviapopupmenu(interactive time,host,andportactivitydiagrams)

31 HierarchicalNetworkMaps

32 HierarchicalNetworkMaps Pros Integrationofgeographicalinformationwithaclever layout Nicedataoverview Cons Needsalotofdisplayspacedependingonthe granularitylevel Integrationofdetails

33 CombiningRTAwithGeospatialDisplays

34 RadialTrafficAnalyzer Animationovertime

35 RadialTrafficAnalyzer Animationovertime

36 RadialTrafficAnalyzer Animationovertime

37 RadialTrafficAnalyzer Animationovertime

38 RadialTrafficAnalyzer Classification

39 RadialTrafficAnalyzer Pros Easymetaphor(e.g.fastperceptionofthetraffic composition) Goodcolorscheme Combinationofmachinetechniquesandhuman capabilities

40 RadialTrafficAnalyzer Cons Displayspace/useoftooltips(especiallywhen displayingbothvisualizationsatonce) Noexplanationofthedatapreprocessingand performance

41 Summary

Chapter 32 Internet Security

Chapter 32 Internet Security Chapter 32 Internet Security Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 32: Outline 32.1 NETWORK-LAYER SECURITY 32.2 TRANSPORT-LAYER SECURITY 32.3

More information

Network Management & Security (CS 330) RMON

Network Management & Security (CS 330) RMON Network Management & Security (CS 330) RMON Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan November 08, 2013 CS 330 RMON 1/13 1 / 13 Outline Remote Network

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

IP Filter/Firewall Setup

IP Filter/Firewall Setup IP Filter/Firewall Setup Introduction The IP Filter/Firewall function helps protect your local network against attack from outside. It also provides a method of restricting users on the local network from

More information

Open System Interconnection (OSI) Protocols

Open System Interconnection (OSI) Protocols CHAPTER 32 Open System Interconnection (OSI) Protocols Background The Open System Interconnection (OSI) protocol suite is comprised of numerous standard protocols that are based on the OSI reference model.

More information

OSI Protocols. Background. Technology Basics. Media Access CHAPTER

OSI Protocols. Background. Technology Basics. Media Access CHAPTER CHAPTER 20 OSI Protocols Background In the early days of intercomputer communication, networking software was created in a haphazard, ad hoc fashion. When networks grew sufficiently popular, the need to

More information

Firewalls. Network Security. Firewalls Defined. Firewalls

Firewalls. Network Security. Firewalls Defined. Firewalls Network Security Firewalls Firewalls Types of Firewalls Screening router firewalls Computer-based firewalls Firewall appliances Host firewalls (firewalls on clients and servers) Inspection Methods Firewall

More information

Guideline on Firewall

Guideline on Firewall CMSGu2014-02 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Firewall National Computer Board Mauritius Version 1.0 June

More information

CSE 4482 Computer Security Management: Assessment and Forensics. Protection Mechanisms: Firewalls

CSE 4482 Computer Security Management: Assessment and Forensics. Protection Mechanisms: Firewalls CSE 4482 Computer Security Management: Assessment and Forensics Protection Mechanisms: Firewalls Instructor: N. Vlajic, Fall 2013 Required reading: Management of Information Security (MIS), by Whitman

More information

CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION

CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION MATIJA STEVANOVIC PhD Student JENS MYRUP PEDERSEN Associate Professor Department of Electronic Systems Aalborg University,

More information

MyPBX Security Configuration Guide. Version: V1.2. Date: October 15 th, 2012. Yeastar Technology Co., Ltd.

MyPBX Security Configuration Guide. Version: V1.2. Date: October 15 th, 2012. Yeastar Technology Co., Ltd. MyPBX Security Configuration Guide Version: V1.2 Date: October 15 th, 2012 Yeastar Technology Co., Ltd. http://www.yeastar.com 1/11 Contents 1. Security Configuration for Web GUI... 3 1.1 Change the default

More information

Application-layer protocols

Application-layer protocols Application layer Goals: Conceptual aspects of network application protocols Client server paradigm Service models Learn about protocols by examining popular application-level protocols HTTP DNS Application-layer

More information

Economic Indicators Division Henock Kebede October 20, 2015

Economic Indicators Division Henock Kebede October 20, 2015 USA usatrade.census.gov ONLINE Economic Indicators Division Henock Kebede October 20, 2015 CUSTOMERS Small Businesses Manufacturers Local and State Governments Federal Government Agencies Congress and

More information

CS 4803 Computer and Network Security

CS 4803 Computer and Network Security Network layers CS 4803 Computer and Network Security Application Transport Network Lower level Alexandra (Sasha) Boldyreva IPsec 1 2 Roughly Application layer: the communicating processes themselves and

More information

Protocol Security Where?

Protocol Security Where? IPsec: AH and ESP 1 Protocol Security Where? Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos

More information

Security threats and network. Software firewall. Hardware firewall. Firewalls

Security threats and network. Software firewall. Hardware firewall. Firewalls Security threats and network As we have already discussed, many serious security threats come from the networks; Firewalls The firewalls implement hardware or software solutions based on the control of

More information

ZENworks 11 Support Pack 4 HTTP Proxy Reference. May 2016

ZENworks 11 Support Pack 4 HTTP Proxy Reference. May 2016 ZENworks 11 Support Pack 4 HTTP Proxy Reference May 2016 Legal Notices For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights,

More information

Bypassing Firewall. @ PISA AGM Theme Seminar 2005. Presented by Ricky Lou Zecure Lab Limited

Bypassing Firewall. @ PISA AGM Theme Seminar 2005. Presented by Ricky Lou Zecure Lab Limited Bypassing Firewall @ PISA AGM Theme Seminar 2005 Presented by Ricky Lou Zecure Lab Limited Firewall Piercing (Inside-Out Attacks) Disclaimer We hereby disclaim all responsibility for the following hacks.

More information

Lab 8.4.2 Configuring Access Policies and DMZ Settings

Lab 8.4.2 Configuring Access Policies and DMZ Settings Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set

More information

Chapter 11 Cloud Application Development

Chapter 11 Cloud Application Development Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How

More information

RID-DoS: Real-time Inter-network Defense Against Denial of Service Attacks. Kathleen M. Moriarty. MIT Lincoln Laboratory.

RID-DoS: Real-time Inter-network Defense Against Denial of Service Attacks. Kathleen M. Moriarty. MIT Lincoln Laboratory. : Real-time Inter-network Defense Against Denial of Service Attacks Kathleen M. Moriarty 22 October 2002 This work was sponsored by the Air Force Contract number F19628-00-C-002. Opinions, interpretations,

More information

Network Address Translation (NAT)

Network Address Translation (NAT) Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT. Taken from http://www.cs.virginia.edu/~itlab/ book/slides/module17-nat.ppt 1 Private Network Private IP network

More information

VOIP-500 Series Phone Digium Asterisk AA-50 Integration Guide

VOIP-500 Series Phone Digium Asterisk AA-50 Integration Guide I. Introduction This provides general instructions for integration of the VOIP-500 Series Phone with a Digium Asterisk AA-50. It is recommended to read this instruction set completely before starting any

More information

Web Application Level Approach against the HTTP Flood Attacks IOSEC HTTP Anti Flood/DoS Security Gateway Module

Web Application Level Approach against the HTTP Flood Attacks IOSEC HTTP Anti Flood/DoS Security Gateway Module Web Application Level Approach against the HTTP Flood Attacks IOSEC HTTP Anti Flood/DoS Security Gateway Module While HTTP Flood and DoS attacks are spreading nowadays, there is a new attack surface reduction

More information

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch

More information

The Transport Layer. Antonio Carzaniga. October 24, 2014. Faculty of Informatics University of Lugano. 2005 2007 Antonio Carzaniga

The Transport Layer. Antonio Carzaniga. October 24, 2014. Faculty of Informatics University of Lugano. 2005 2007 Antonio Carzaniga The Transport Layer Antonio Carzaniga Faculty of Informatics University of Lugano October 24, 2014 Outline Basic concepts in transport-layer protocols Multiplexing/demultiplexing UDP message format Reliable

More information

12. Firewalls Content

12. Firewalls Content Content 1 / 17 12.1 Definition 12.2 Packet Filtering & Proxy Servers 12.3 Architectures - Dual-Homed Host Firewall 12.4 Architectures - Screened Host Firewall 12.5 Architectures - Screened Subnet Firewall

More information

Network Management Functions RMON1, RMON2. Network Management

Network Management Functions RMON1, RMON2. Network Management Network Management Functions RMON1, RMON2 Network Management 30.5.2013 1 Lectures Schedule Week Week 1 Topic Computer Networks - Network Management Architectures & Applications Week 2 Network Management

More information

On-Premises DDoS Mitigation for the Enterprise

On-Premises DDoS Mitigation for the Enterprise On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has

More information

Enterprise Network Management. March 4, 2009

Enterprise Network Management. March 4, 2009 Automated Service Discovery for Enterprise Network Management Stony Brook University sty March 4, 2009 1 Motivation shutdown unplug what happen when a network device is unplugged df for maintenance? 2

More information

NETWORK SECURITY. Ch. 8: Defense Mechanism - Firewall

NETWORK SECURITY. Ch. 8: Defense Mechanism - Firewall NETWORK SECURITY Ch. 8: Defense Mechanism - Firewall Firewall A firewall is a hardware, software, or a combination of both that monitors and filters traffic packets that attempt to either enter or leave

More information

Firewall Testing Methodology W H I T E P A P E R

Firewall Testing Methodology W H I T E P A P E R Firewall ing W H I T E P A P E R Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness

More information

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls

More information

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

More information

Business Case for a DDoS Consolidated Solution

Business Case for a DDoS Consolidated Solution Business Case for a DDoS Consolidated Solution Executive Summary Distributed denial-of-service (DDoS) attacks are becoming more serious and sophisticated. Attack motivations are increasingly financial

More information

Summer Internship 2013

Summer Internship 2013 Summer Internship 2013 Group IV - Enhancement of Jmeter Week 4 Report 1 9 th June 2013 Shekhar Saurav Report on Configuration Element Plugin 'SMTP Defaults' Configuration Elements or config elements are

More information

Network Address Translation (NAT)

Network Address Translation (NAT) Network Translation () Relates to Lab 7. Module about private networks and. 1 Network IP network is an IP network that is not directly connected to the Internet IP addresses in a private network can be

More information

Flow Analysis Versus Packet Analysis. What Should You Choose?

Flow Analysis Versus Packet Analysis. What Should You Choose? Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation

More information

CMPSCI 453 Computer Networking. Professor V. Arun Department of Computer Science University of Massachusetts Amherst

CMPSCI 453 Computer Networking. Professor V. Arun Department of Computer Science University of Massachusetts Amherst CMPSCI 453 Computer Networking Professor V. Arun Department of Computer Science University of Massachusetts Amherst 1 What is this course about? introductory (first) course in computer networking q learn

More information

Cisco PIX vs. Checkpoint Firewall

Cisco PIX vs. Checkpoint Firewall Cisco PIX vs. Checkpoint Firewall Introduction Firewall technology ranges from packet filtering to application-layer proxies, to Stateful inspection; each technique gleaning the benefits from its predecessor.

More information

Darstellung Unterschied ZyNOS Firmware Version 4.02 => 4.03

Darstellung Unterschied ZyNOS Firmware Version 4.02 => 4.03 Darstellung Unterschied ZyNOS Firmware Version 4.02 => 4.03 1 - ZyWALL Firmware v4.03 Enhancement (1) - Content Filter Support for Multiple Policies : : November 14, 2007 2 - ZyWALL Firmware v4.03 Enhancement

More information

Chapter 3. TCP/IP Networks. 3.1 Internet Protocol version 4 (IPv4)

Chapter 3. TCP/IP Networks. 3.1 Internet Protocol version 4 (IPv4) Chapter 3 TCP/IP Networks 3.1 Internet Protocol version 4 (IPv4) Internet Protocol version 4 is the fourth iteration of the Internet Protocol (IP) and it is the first version of the protocol to be widely

More information

Dragonframe License Manager User Guide Version 1.2.2

Dragonframe License Manager User Guide Version 1.2.2 Dragonframe License Manager User Guide Version 1.2.2 The Dragonframe License Manager (DFLM) provides floating license management for Dragonframe 3.0 and above. You must contact support (support@dragonframe.com)

More information

The question becomes, How does the competent Windows IT professional open up their print server to their Mac clients?

The question becomes, How does the competent Windows IT professional open up their print server to their Mac clients? INTRODUCTION With the number of Macs growing, especially in the academic and consumer fields the need to support them has become a must have for many existing Windows environments. The question becomes,

More information

Configuring Network Load Balancing with Cerberus FTP Server

Configuring Network Load Balancing with Cerberus FTP Server Configuring Network Load Balancing with Cerberus FTP Server May 2016 Version 1.0 1 Introduction Purpose This guide will discuss how to install and configure Network Load Balancing on Windows Server 2012

More information

An apparatus for P2P classification in Netflow traces

An apparatus for P2P classification in Netflow traces An apparatus for P2P classification in Netflow traces Andrew M Gossett, Ioannis Papapanagiotou and Michael Devetsikiotis Electrical and Computer Engineering, North Carolina State University, Raleigh, USA

More information

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006 Reverse Shells Enable Attackers To Operate From Your Network Richard Hammer August 2006 Reverse Shells? Why should you care about reverse shells? How do reverse shells work? How do reverse shells get installed

More information

Stateful Inspection Technology

Stateful Inspection Technology Stateful Inspection Technology Security Requirements TECH NOTE In order to provide robust security, a firewall must track and control the flow of communication passing through it. To reach control decisions

More information

COMPUTER NETWORKING PRIMER

COMPUTER NETWORKING PRIMER COMPUTER NETWORKING PRIMER To help you understand the uses and benefits of Novell products, this primer explains basic computer networking concepts and technology and also introduces computer networking

More information

Protection and Security [supplemental] 1. Network Firewalls

Protection and Security [supplemental] 1. Network Firewalls Protection and Security [supplemental] 1 Network Firewalls How to connect a trusted computer system to an untrusted network? Put a firewall between the trusted (system or systems) and the untrusted. All

More information

Table of Contents. Cisco Blocking Peer to Peer File Sharing Programs with the PIX Firewall

Table of Contents. Cisco Blocking Peer to Peer File Sharing Programs with the PIX Firewall Table of Contents Blocking Peer to Peer File Sharing Programs with the PIX Firewall...1 Document ID: 42700...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...1 Conventions...2 PIX

More information

Figure 41-1 IP Filter Rules

Figure 41-1 IP Filter Rules 41. Firewall / IP Filter This function allows user to enable the functionality of IP filter. Both inside and outside packets through router could be decided to allow or drop by supervisor. Figure 41-1

More information

IDS / IPS. James E. Thiel S.W.A.T.

IDS / IPS. James E. Thiel S.W.A.T. IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods

More information

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address : 69.43.165.11

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address : 69.43.165.11 Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: rsync.net ASV Company: Comodo CA Limited 06-02-2015 Scan expiration date: 08-31-2015 Part 2. Component

More information

CSCI 7000-001 Firewalls and Packet Filtering

CSCI 7000-001 Firewalls and Packet Filtering CSCI 7000-001 Firewalls and Packet Filtering November 1, 2001 Firewalls are the wrong approach. They don t solve the general problem, and they make it very difficult or impossible to do many things. On

More information

Network Traffic Evolution. Prof. Anja Feldmann, Ph.D. Dr. Steve Uhlig

Network Traffic Evolution. Prof. Anja Feldmann, Ph.D. Dr. Steve Uhlig Network Traffic Evolution Prof. Anja Feldmann, Ph.D. Dr. Steve Uhlig 1 Example trace Name port % bytes % packets bytes per packet world-wide-web 80???????????? netnews 119???????????? pop-3 mail 110????????????...

More information

New Products and New Features May, 2015

New Products and New Features May, 2015 NetAcquire Server 8 New Products and New Features May, 2015 1. Includes all NetAcquire 7.6 and earlier enhancements 2. Runs on a new real-time operating system: NetAcquire Deterministic Linux (NDL) a.

More information

Network Security: A Practical Approach. Jan L. Harrington

Network Security: A Practical Approach. Jan L. Harrington Network Security: A Practical Approach Jan L. Harrington ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of

More information

Lab - Using Wireshark to Observe the TCP 3-Way Handshake

Lab - Using Wireshark to Observe the TCP 3-Way Handshake Topology Objectives Part 1: Prepare Wireshark to Capture Packets Select an appropriate NIC interface to capture packets. Part 2: Capture, Locate, and Examine Packets Capture a web session to www.google.com.

More information

IPSec or SSL VPN? Copyright 2004 Juniper Networks, Inc. www.juniper.net 1

IPSec or SSL VPN? Copyright 2004 Juniper Networks, Inc. www.juniper.net 1 IPSec or SSL VPN? Copyright 2004 Juniper Networks, Inc. www.juniper.net 1 Copyright 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 2 The Traditional Extended Enterprise Fixed

More information

DDoS Protection Technology White Paper

DDoS Protection Technology White Paper DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of

More information

Network Security Topologies. Chapter 11

Network Security Topologies. Chapter 11 Network Security Topologies Chapter 11 Learning Objectives Explain network perimeter s importance to an organization s security policies Identify place and role of the demilitarized zone in the network

More information

Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS)

Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS) Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS) Internet (In)Security Exposed Prof. Dr. Bernhard Plattner With some contributions by Stephan Neuhaus Thanks to Thomas Dübendorfer, Stefan

More information

Computer Networks. A Top-Down Approach. Behrouz A. Forouzan. and. Firouz Mosharraf. \Connect Mc \ Learn. Hill

Computer Networks. A Top-Down Approach. Behrouz A. Forouzan. and. Firouz Mosharraf. \Connect Mc \ Learn. Hill Computer Networks A Top-Down Approach Behrouz A. Forouzan and Firouz Mosharraf \Connect Mc \ Learn Graw I Succeed* Hill Preface xvii Trademarks xxiii Chapter 1 Introduction 1 1.1 OVERVIEW OF THE INTERNET

More information

Flashback: Internet design goals. Security Part Two: Attacks and Countermeasures. Security Vulnerabilities. Why did they leave it out?

Flashback: Internet design goals. Security Part Two: Attacks and Countermeasures. Security Vulnerabilities. Why did they leave it out? Flashback: Internet design goals Security Part Two: Attacks and Countermeasures 1. Interconnection 2. Failure resilience 3. Multiple types of service 4. Variety of networks 5. Management of resources 6.

More information

SAP WEB DISPATCHER Helps you to make decisions on Web Dispatcher implementation

SAP WEB DISPATCHER Helps you to make decisions on Web Dispatcher implementation A BasisOnDemand.com White Paper SAP WEB DISPATCHER Helps you to make decisions on Web Dispatcher implementation by Prakash Palani Table of Contents 1. Purpose... 3 2. What is Web Dispatcher?... 3 3. Can

More information

Proxy Server, Network Address Translator, Firewall. Proxy Server

Proxy Server, Network Address Translator, Firewall. Proxy Server Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as

More information

Final Project Presentation Simulation of Packet Classification on Network Simulator (NS2) Yang Li Fatin G. Sabbagha Jinzhu Chen

Final Project Presentation Simulation of Packet Classification on Network Simulator (NS2) Yang Li Fatin G. Sabbagha Jinzhu Chen Final Project Presentation Simulation of Packet Classification on Network Simulator (NS2) Yang Li Fatin G. Sabbagha Jinzhu Chen Outline Introduction What is NS2? Packet Classification Related Algorithms

More information

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec CSCI 454/554 Computer and Network Security Topic 8.1 IPsec Outline IPsec Objectives IPsec architecture & concepts IPsec authentication header IPsec encapsulating security payload 2 IPsec Objectives Why

More information

NEC contribution to OpenDaylight: Virtual Tenant Network (VTN)

NEC contribution to OpenDaylight: Virtual Tenant Network (VTN) NEC contribution to OpenDaylight: Virtual Tenant Network (VTN) June. 2013 NEC Page 1 Agenda OpenDaylight Virtual Tenant Network - VTN Model Live Demo VTN Implementation Page 2 OpenDaylight Virtual Tenant

More information

Large-Scale TCP Packet Flow Analysis for Common Protocols Using Apache Hadoop

Large-Scale TCP Packet Flow Analysis for Common Protocols Using Apache Hadoop Large-Scale TCP Packet Flow Analysis for Common Protocols Using Apache Hadoop R. David Idol Department of Computer Science University of North Carolina at Chapel Hill david.idol@unc.edu http://www.cs.unc.edu/~mxrider

More information

Are Second Generation Firewalls Good for Industrial Control Systems?

Are Second Generation Firewalls Good for Industrial Control Systems? Are Second Generation Firewalls Good for Industrial Control Systems? Bernie Pella, CISSP Schneider Electric Cyber Security Services bernie.pella@schneider-electric.com Firewall Overview Firewalls provide

More information

Voice Over IP and Firewalls

Voice Over IP and Firewalls Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Use of Voice Over IP (VoIP) in enterprises is becoming more and more

More information

Firewall. User Manual

Firewall. User Manual Firewall User Manual 1 IX. Firewall This chapter introduces firewall general policy, access rule, and content filter settings to ensure network security. 9.1 General Policy The firewall is enabled by default.

More information

02 Internet!= Web. Internet Technology. MSc in Communication Sciences 2010-11 Program in Technologies for Human Communication.

02 Internet!= Web. Internet Technology. MSc in Communication Sciences 2010-11 Program in Technologies for Human Communication. di scienze MSc in Communication Sciences 2010-11 Program in Technologies for Human Communication Davide Eynard nternet Technology 02 nternet!= Web di scienze 2 The client-server model When you use an nternet-based

More information

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering Introduction Digi Connect Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering The Digi Connect supports five features which provide security and IP traffic forwarding when using incoming

More information

- OSI Reference Model -

- OSI Reference Model - 1 Network Reference Models - OSI Reference Model - A computer network connects two or more devices together to share information and services. Multiple networks connected together form an internetwork.

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

Robustness and Performance Evaluation of Firewall and VPN Services

Robustness and Performance Evaluation of Firewall and VPN Services Robustness and Performance Evaluation of Firewall and VPN Services Bernd Klusmann Project Manager EANTC AG Presentation Topics Introduction EANTC Need for Testing? How to Test? Test Equipment Test Experience

More information

Trends and Differences in Connection-behavior within Classes of Internet Backbone Traffic

Trends and Differences in Connection-behavior within Classes of Internet Backbone Traffic MonNet a project for network and traffic monitoring Trends and Differences in Connection-behavior within Classes of Internet Backbone Traffic Wolfgang John, Sven Tafvelin and Tomas Olovsson Department

More information

OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS

OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS Eric Vyncke (@evyncke) Cisco Session ID: ARCH W01 Session Classification: Advanced Agenda Status of WorldWide IPv6 Deployment IPv6 refresher:

More information

Automated Service Discovery for Enterprise Network Management

Automated Service Discovery for Enterprise Network Management Automated Service Discovery for Enterprise Network Management William Tu, Priya Thangaraj, Jui-hao Chiang Professor Tzi-cker Chiueh CEWIT Stony Brook University March 8, 2009 1 Introductin A key pillar

More information

Networking for Caribbean Development

Networking for Caribbean Development Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n

More information

Quantum Hyper- V plugin

Quantum Hyper- V plugin Quantum Hyper- V plugin Project blueprint Author: Alessandro Pilotti Version: 1.0 Date: 01/10/2012 Hyper-V reintroduction in OpenStack with the Folsom release was primarily focused

More information

Introduc)on* X.509*Cer)ficates* X.509* By:$Holz,$Braun,$Kammenhuber,$and$Carle$ Presented$by:$William$Garrard$

Introduc)on* X.509*Cer)ficates* X.509* By:$Holz,$Braun,$Kammenhuber,$and$Carle$ Presented$by:$William$Garrard$ Introduc)on* By:$Holz,$Braun,$Kammenhuber,$and$Carle$ Presented$by:$William$Garrard$! How$secure$is$our$online$communication?$! Transport$Layer$Security$(TLS)/Secure$Sockets$Layer$ (SSL)$infrastructure$!

More information

Internet Traffic Measurement

Internet Traffic Measurement Internet Traffic Measurement Internet Traffic Measurement Network Monitor Placement Measurement Analysis Tools Measurement Result Reporting Probing Mechanism Vantage Points Edge vs Core Hardware vs Software

More information

EXPLORER. TFT Filter CONFIGURATION

EXPLORER. TFT Filter CONFIGURATION EXPLORER TFT Filter Configuration Page 1 of 9 EXPLORER TFT Filter CONFIGURATION Thrane & Thrane Author: HenrikMøller Rev. PA4 Page 1 6/15/2006 EXPLORER TFT Filter Configuration Page 2 of 9 1 Table of Content

More information

From traditional to alternative approach to storage and analysis of flow data. Petr Velan, Martin Zadnik

From traditional to alternative approach to storage and analysis of flow data. Petr Velan, Martin Zadnik From traditional to alternative approach to storage and analysis of flow data Petr Velan, Martin Zadnik Introduction Network flow monitoring Visibility of network traffic Flow analysis and storage enables

More information

Proxy Server, Network Address Translator, Firewall

Proxy Server, Network Address Translator, Firewall For Summer Training on Computer Networking visit Proxy Server, Network Address Translator, Firewall Prepared by : Swapan Purkait Director Nettech Private Limited swapan@nettech.in + 91 93315 90003 Proxy

More information

Introduction to Wireshark Network Analysis

Introduction to Wireshark Network Analysis Introduction to Wireshark Network Analysis Page 2 of 24 Table of Contents INTRODUCTION 4 Overview 4 CAPTURING LIVE DATA 5 Preface 6 Capture Interfaces 6 Capture Options 6 Performing the Capture 8 ANALYZING

More information

Boosting Capacity Utilization in MPLS Networks using Load-Sharing MPLS JAPAN 2007. Sanjay Khanna Foundry Networks skhanna@foundrynet.

Boosting Capacity Utilization in MPLS Networks using Load-Sharing MPLS JAPAN 2007. Sanjay Khanna Foundry Networks skhanna@foundrynet. Boosting Capacity Utilization in MPLS Networks using Load-Sharing MPLS JAPAN 2007 Sanjay Khanna Foundry Networks skhanna@foundrynet.com Agenda Why we need Load-Sharing Methods to boost capacity Trunks/Link

More information

F-SECURE MESSAGING SECURITY GATEWAY

F-SECURE MESSAGING SECURITY GATEWAY F-SECURE MESSAGING SECURITY GATEWAY DEFAULT SETUP GUIDE This guide describes how to set up and configure the F-Secure Messaging Security Gateway appliance in a basic e-mail server environment. AN EXAMPLE

More information

CS101 Lecture 19: Internetworking. What You ll Learn Today

CS101 Lecture 19: Internetworking. What You ll Learn Today CS101 Lecture 19: Internetworking Internet Protocol IP Addresses Routing Domain Name Services Aaron Stevens (azs@bu.edu) 6 March 2013 What You ll Learn Today What is the Internet? What does Internet Protocol

More information

Early Recognition of Encrypted Applications

Early Recognition of Encrypted Applications Early Recognition of Encrypted Applications Laurent Bernaille with Renata Teixeira Laboratoire LIP6 CNRS Université Pierre et Marie Curie Paris 6 Can we find the application inside an SSL connection? Network

More information

Overview. Protocols. VPN and Firewalls

Overview. Protocols. VPN and Firewalls Computer Network Lab 2015 Fachgebiet Technische h Informatik, Joachim Zumbrägel Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls VPN-Definition VPNs (Virtual Private Networks)

More information

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013 CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access

More information

AN OVERVIEW OF SILVER PEAK S WAN ACCELERATION TECHNOLOGY

AN OVERVIEW OF SILVER PEAK S WAN ACCELERATION TECHNOLOGY AN OVERVIEW OF SILVER PEAK S WAN ACCELERATION TECHNOLOGY TABLE OF CONTENTS Understanding WAN Challenges 2 Network Memory - Maximize Bandwidth Efficiency 2 Network Integrity - Overcome Congestion and Packet

More information

Lecture 28: Internet Protocols

Lecture 28: Internet Protocols Lecture 28: Internet Protocols 15-110 Principles of Computing, Spring 2016 Dilsun Kaynar, Margaret Reid-Miller, Stephanie Balzer Reminder: Exam 2 Exam 2 will take place next Monday, on April 4. Further

More information

VIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS

VIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS VIEWABILL Cloud Security and Operational Architecture featuring RUBY ON RAILS VAB_CloudSecurity V1 : May 2014 Overview The Viewabill.com cloud is a highly-secure, scalable and redundant solution that enables

More information

Introduction to Network Security. Topics

Introduction to Network Security. Topics Introduction to Network Security Chapter 2 Network Protocols 1 Topics Protocol Specifications Protocol Addresses Protocol Headers 2 Protocol Specifications Open vs. Closed Specification methods English

More information