How To Protect Gante From Attack On A Network With A Network Security System
|
|
- Preston Fletcher
- 3 years ago
- Views:
Transcription
1 NSHaRP: Network Security Handling and Response Process Wayne Routly, DANTE TF-CSIRT Technical Seminar Malahide.ie, 03 June 2011
2 Contents GEANT : Who What How GEANT : Security Protecting GEANT Users A Security Conundrum Overflowing with Requirements Early Work.Lots of It A Process is Born A Solution A Look Under the Hood So What Are the Options To Profile or Not to Profile The Process in Action Where Are We Now? Conclusion
3 GEANT : Who What How State of the Art Pan-European Network..Transit Network.ISP 18 Physical Pops 40 GB links -> 100GB TB of Data shifted 10 million+ IPs >100 Workstations Unusual Traffic Truly Global Interconnects NRENs Commercial & Commodity Traffic
4 Protecting GEANT Users In an age of ever faster networks, greater connectivity, networks and users are under even greater risk of attack. Network Based Attacks Paypal, VISA Amazon Wikileaks Political Maintain service levels by proactively monitoring and mitigating against potential attacks?
5 A Security Conundrum How do we notify potential victims / sources & assist in solving those incidents for dozens of situations? # Of EVENTS Number of Events Detected - 12 mnts How do we double the number of tickets we can handle without doubling the manpower? Automate it? Attacks where NREN DST - April 2011
6 Overflowing with Requirements Dozens of ways to report events.. How do we notify potential victims & assist in solving those incidents for dozens of situations? I only want to see events that have a HIGH severity rating I want Information gathering events to be sent to the CERT & my manager I want Denial of Service events sent to the CERT and Network Scan events _ sent to the Security Officer I want evidence of attack to be included for all events I only want to be notified of a maximum of 30 events per week I want to see all events originating from my network I want to see events targeting my network and coming from my network I can only handle 5 incidents per day I only want to be notified of DoS events I want to know what incidents are attacks on my network I need my notifications to be digitally signed
7 Early work.lots of it TF-CSIRT / TNC / APM Quantitative Cross Comparative Analysis of Tools for Anomaly Detection Anomaly Tool Implementation in GÉANT Anomaly Detection in Backbone Networks: Building a Security Service Upon an Innovative Tool GEANT Access Port Manager (APM) Meetings A dozen internal presentations ;-) Papers Computers & Security / IEEE Operational Experiences with Anomaly Detection in Backbone Networks Poster/Demo - SIGCOMM Towards Automatic Root-Cause Analysis of Network Anomalies using Frequent Itemset Mining
8 A Process is Born DANTE is rolling out NSHaRP Complete security solution Provides mechanism to quickly and effectively inform affected users Adds Value - Serves as an extension to NRENs CERT An Automated Incident Notification & Handling System Extends NRENs detection and mitigation capability to GEANT borders Innovative and Unique - Caters for different types of requirements Supported with GEANT NOC TTS
9 A Look Under The Hood Netreflex 2.5 BGP, IS-IS & Netflow Mashup Anomaly Detection & Alerting Ability to create profiles..lots of profiles Expandable Anomaly Type capability Can also be used by the NOC? Service Desk Express Automated GEANT NOC Ticket Creation 2 nd 3 rd Line Support Automated Ticket Closure Modular & Extendable about those profiles.
10 So what are the options
11 To Profile or Not to Profile
12 User Warning POWERPOINT ANIMATION VIEWER DISCRETION IS ADVISED
13 The Process.In Action NREN A Profile for NREN A Profile for NREN B Profile for Domain A Domain A GÉANT NREN B Usage of GÉANT resources to protect end users Not only a notification system, but a complete security solution
14 Where Are We Now Development Process Completed Testing in progress Training Next Steps Pilot 2 months (Invitation) Production August 2011 IP Peering Reporting Future enhancements Adding external sources? Correlate multiple events Expanding incident palette Evolution of threats X-ARF?
15 Conclusions Big.Really Big Network Protect Users - Wikileaks How to cater for user requirements? Can this be automated? I want it my way, oh, and that way as well NSHaRP Network Security Handling & Response Process Pieces that make it all work Netreflex & SDE TTS Profiles, Profiles and even more Profiles Pilot July, Production August Future Work New Anomalies X-ARF
16 Questions & Answers
17 Thank-You Thank You Wayne Routly Juan Quintanilla
Anomaly Detection in Backbone Networks: Building A Security Service Upon An Innovative Tool
Anomaly Detection in Backbone Networks: Building A Security Service Upon An Innovative Tool Wayne Routly, Maurizio Molina - (DANTE) Ignasi Paredes-Oliva - Universitat Politècnica de Catalunya (UPC) Ashish
More informationFirewall on Demand Multidomain
Firewall on Demand Multidomain S E C U R I T Y V I A B G P F L O W S P E C & A W E B P L A T F O R M Leonidas Poulopoulos GRNET NOC Wayne Routly DANTE Jeffrey Haas JUNIPER Firewall on Demand Multidomain
More informationDANCERT RFC2350 Description Date: 10-10-2014 Dissemination Level:
10-10-2014 Date: 10-10-2014 Dissemination Level: Owner: Authors: Public DANCERT DANTE Document Revision History Version Date Description of change Person 1.0 10-10-14 First version issued Jan Kohlrausch
More informationSecurity Toolsets for ISP Defense
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
More informationService Description DDoS Mitigation Service
Service Description DDoS Mitigation Service Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK Tel: +800 4683 7681 Email: info@interoute.com Contents Contents 1 Introduction...3 2 An Overview...3
More informationA BRAINSTORMING ON SECURITY FIRE DRILLS
A BRAINSTORMING ON SECURITY FIRE DRILLS Classification, Feasibility, Usefulness and Implications Maurizio Molina, DANTE Nino Jogun, CARNET on behalf of GÉANT3 project, SA2/T4 TF-CSIRT, Tallin, 25 th Sep.
More informationRID-DoS: Real-time Inter-network Defense Against Denial of Service Attacks. Kathleen M. Moriarty. MIT Lincoln Laboratory.
: Real-time Inter-network Defense Against Denial of Service Attacks Kathleen M. Moriarty 22 October 2002 This work was sponsored by the Air Force Contract number F19628-00-C-002. Opinions, interpretations,
More informationWorkshop on Infrastructure Security and Operational Challenges of Service Provider Networks
Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks Farnam Jahanian University of Michigan and Arbor Networks IFIP Working Group 10.4 June 29-30, 2006 What s the
More informationCISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY
CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY CISCO INFORMATION TECHNOLOGY SEPTEMBER 2004 1 Overview Challenge To troubleshoot capacity and quality problems and to understand
More informationReport of Independent Auditors
Ernst & Young LLP Suite 3300 370 17th Street Denver, Colorado 80202-5663 Tel: +1 720 931 4000 Fax: +1 720 931 4444 www.ey.com Report of Independent Auditors To the Management of NTT America, Inc.: We have
More informationAttacks Against the Cloud: A Mitigation Strategy. Cloud Attack Mitigation & Firewall on Demand
Attacks Against the Cloud: A Mitigation Strategy C L O U D A T T A C K M I T I G A T I O N & F I R E W A L L O N D E M A N D A l e x Z a c h a r i s a z a h a r i s @ a d m i n. g r n e t. g r G R N E
More informationInstructions for Access to Summary Traffic Data by GÉANT Partners and other Organisations
Contract Number: IST-2000-26417 Project Title: Deliverable D8 : Instructions for Access to Summary Traffic Data by GÉANT Partners and other Organisations Contractual Date: 31 May 2002 Actual Date: 14 August
More informationNASA Consolidated Active Directory Overview ( August 20, 2012 ) Les Chafin Infrastructure Engineering HPES
NASA Consolidated Active Directory Overview ( August 20, 2012 ) Les Chafin Infrastructure Engineering HPES Introduction Les Chafin; Infrastructure Engineering Manager» HPES NASA ACES Responsible for:»
More informationDDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT
DDoS Protection How Cisco IT Protects Against Distributed Denial of Service Attacks A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge: Prevent low-bandwidth DDoS attacks coming from a broad
More informationHow To Write A Privacy Policy For Annet Network And Exchange Point (Nnet) Network (Netnet)
Document name: Data and Privacy Policy Implications and Privacy Principles Author(s): James Williams and Dale Finkleson Contributor(s): GNA Technical Group Date: 26 October 2015 Version: 0.9P Data and
More informationHow Cisco IT Protects Against Distributed Denial of Service Attacks
How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN
More informationModern Approach to Incident Response: Automated Response Architecture
SESSION ID: ANF-T10 Modern Approach to Incident Response: Automated Response Architecture James Carder Director, Security Informatics Mayo Clinic @carderjames Jessica Hebenstreit Senior Manager, Security
More informationServer Monitoring: Centralize and Win
Server Monitoring: Centralize and Win Table of Contents Introduction 2 Event & Performance Management 2 Troubleshooting 3 Health Reporting & Notification 3 Security Posture & Compliance Fulfillment 4 TNT
More informationGÉANT Open Service Description. High Performance Interconnectivity to Support Advanced Research
GÉANT Open Service Description High Performance Interconnectivity to Support Advanced Research Issue Date: 20 July 2015 GÉANT Open Exchange Overview Facilitating collaboration has always been the cornerstone
More informationHow To Stop A Ddos Attack On A Network From Tracing To Source From A Network To A Source Address
Inter-provider Coordination for Real-Time Tracebacks Kathleen M. Moriarty 2 June 2003 This work was sponsored by the Air Force Contract number F19628-00-C-002. Opinions, interpretations, conclusions, and
More informationDDoS Threat Report. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter
DDoS Threat Report Insights on Finding, Fighting, and Living with DDoS Attacks v1.1 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS in the News - 2014 DDoS Trends
More informationDistributed Denial of Service protection
Distributed Denial of Service protection The cost in terms of lost business caused by a successful DDoS attacks can be significant. Our solution recognises when a DDoS attack is happening and identifies
More informationAgenda. NRENs, GARR and GEANT in a nutshell SDN Activities Conclusion. Mauro Campanella Internet Festival, Pisa 9 Oct 2015 2
Agenda NRENs, GARR and GEANT in a nutshell SDN Activities Conclusion 2 3 The Campus-NREN-GÉANT ecosystem CAMPUS networks NRENs GÉANT backbone. GÉANT Optical + switching platforms Multi-Domain environment
More informationResearch and Educational Networking Information Analysis and Sharing Center (REN-ISAC)
Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Doug Pearson Director, REN-ISAC ren-isac@iu.edu Copyright Trustees of Indiana University 2003. Permission is granted
More informationSERVICE LEVEL AGREEMENT
SERVICE LEVEL AGREEMENT This service level agreement ( SLA ) is incorporated into the master services agreement ( MSA ) and applies to all services delivered to customers. This SLA does not apply to the
More informationFirewall on Demand User Guide. February 2016
Firewall on Demand User Guide February 2016 Contents Introduction FoD Capabilities FoD Requirements, Constraints and Limitations Eligibility and How to Subscribe How To Use Firewall on Demand - Introduction
More informationDDOS in academic Networks. Herramientas para la seguridad prevención y mitigación de DDOS. CSUC. 3 de Abril 2014
DDOS in academic Networks Herramientas para la seguridad prevención y mitigación de DDOS. CSUC. 3 de Abril 2014 Academic networks? Real Target for DDOS? Lesson learned; DDOS @RedIRIS Mitigation Projects
More informationHow To Protect Your Network From Attack From A Hacker On A University Server
Network Security: A New Perspective NIKSUN Inc. Security: State of the Industry Case Study: Hacker University Questions Dave Supinski VP of Regional Sales Supinski@niksun.com Cell Phone 215-292-4473 www.niksun.com
More informationNetwork monitoring and analysis tools:
P0 TELECOM ITALIA Network monitoring and analysis tools: Security Operation experiences in Carrier-class IP Backbone protection IT.TS.SOC - Security Operation Center Ing. Fabio Zamparelli 2nd TMA Phd School
More informationHow To Create A Distributed Virtual Network Control System
Network Management Framework: A Distributed Virtual NOC Architecture Octavian Rusu RoEduNet Iasi Branch Iasi, Romania octavian@roedu.net Abstract Today s networks superpose multiple sets of services belonging
More informationCALNET 3 Category 7 Network Based Management Security. Table of Contents
State of California IFB STPD 12-001-B CALNET 3 Category 7 Network Based Security Table of Contents 7.2.1.4.a DDoS Detection and Mitigation Features... 1 7.2.2.3 Email Monitoring Service Features... 2 7.2.3.2
More informationKASPERSKY DDOS PROTECTION. Discover how Kaspersky Lab defends businesses against DDoS attacks
KASPERSKY DDOS PROTECTION Discover how Kaspersky Lab defends businesses against DDoS attacks CYBERCRIMINALS ARE TARGETING BUSINESSES If your business has ever suffered a Distributed Denial of Service (DDoS)
More informationPart I: Overview. Core concepts presented:
Part I: Overview Core concepts presented: What is network monitoring What is network management Getting started Why network management Attack detection Consolidating the data The big picture What is network
More informationBT Assure DoS Mitigation UK
BT Assure DoS Mitigation UK Annex to the Internet Connect UK Schedule Contents A note on we and you... 2 1. Service Summary... 2 2. Service Standard Components... 2 3. Service Options... 2 4. Service Management
More informationSession 3: IT Infrastructure Security Track ThreatExchange Winning through collaboration. Tomas Sander HP Labs
Session 3: IT Infrastructure Security Track ThreatExchange Winning through collaboration Tomas Sander HP Labs Forward Looking Statements Rolling roadmap up to three years and is subject to change without
More informationperfsonar Multi-Domain Monitoring Service Deployment and Support: The LHC-OPN Use Case
perfsonar Multi-Domain Monitoring Service Deployment and Support: The LHC-OPN Use Case Fausto Vetter, Domenico Vicinanza DANTE TNC 2010, Vilnius, 2 June 2010 Agenda Large Hadron Collider Optical Private
More informationSURE 5 Zone DDoS PROTECTION SERVICE
SURE 5 Zone DDoS PROTECTION SERVICE Sure 5 Zone DDoS Protection ( the Service ) provides a solution to protect our customer s sites against Distributed Denial of Service (DDoS) attacks by analysing incoming
More informationPerforming Advanced Incident Response Interactive Exercise
Performing Advanced Incident Response Interactive Exercise Post-Conference Summary Merlin Namuth Robert Huber SCENARIO 1 - PHISHING EMAILS... 3... 3 Mitigations... 3 SCENARIO 2 - IDS ALERT FOR PSEXEC...
More informationSecurity Officer: An NREN Secondee Perspective
Security Officer: An NREN Secondee Perspective Jan Kohlrausch, DANTE TF-CSIRT Meeting 18/19 September 2014 Rome Background About me: Senior Incident Handler and Researcher with DFN-CERT Currently member
More informationOperational Experiences with Anomaly Detection in Backbone Networks
Operational Experiences with Anomaly Detection in Backbone Networks Maurizio Molina a,, Ignasi Paredes-Oliva b,, Wayne Routly a, Pere Barlet-Ros b a DANTE 126-130 Hills Road, Cambridge CB2 1PQ, United
More informationBusiness & Finance Information Security Incident Response Policy
Business & Finance Information Security Incident Response Policy University of Michigan http://www.umich.edu/~busfin/ Document Version: 10 Effective Date: 6/1/2006 Review Date: 7/31/2009 Responsible: Approval
More informationKENET NETWORK INFRASTUCTURE. KENNEDY ASEDA kaseda@kenet.or.ke
KENET NETWORK INFRASTUCTURE KENNEDY ASEDA kaseda@kenet.or.ke Country of marathon winners? 2 Google Confidential and Proprietary Contents Network Infrastructure Network Operations Achievements & Challenges
More informationNFSEN - Update 13th TF-CSIRT Meeting 23. September 2004 Malta Peter Haag
NFSEN - Update 13th TF-CSIRT Meeting 23. September 2004 Malta Peter Haag 2004 SWITCH NFSEN ( NetFlow Sensor ) 12th TF-CSIRT Meeting Hamburg: 2004 SWITCH 2 NFSEN http://www.terena.nl/tech/task-forces/tf-csirt/meeting12/nfsen-haag.pdf
More informationExtreme Networks Security Analytics G2 Risk Manager
DATA SHEET Extreme Networks Security Analytics G2 Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance HIGHLIGHTS Visualize current and potential
More informationNetFlow use cases. ICmyNet / NetVizura. Miloš Zeković, milos.zekovic@soneco.rs. ICmyNet Chief Customer Officer Soneco d.o.o.
NetFlow use cases ICmyNet / NetVizura, milos.zekovic@soneco.rs Soneco d.o.o. Serbia Agenda ICmyNet / NetVizura overview Use cases / case studies Statistics per exporter/interfaces Traffic Patterns NREN
More informationTraffic delivery evolution in the Internet ENOG 4 Moscow 23 rd October 2012
Traffic delivery evolution in the Internet ENOG 4 Moscow 23 rd October 2012 January 29th, 2008 Christian Kaufmann Director Network Architecture Akamai Technologies, Inc. way-back machine Web 1998 way-back
More informationPrivacy Impact Assessment EINSTEIN Program
Privacy Impact Assessment EINSTEIN Program Collecting, Analyzing, and Sharing Computer Security Information Across the Federal Civilian Government Department of Homeland Security National Cyber Security
More informationAn Elastic and Adaptive Anti-DDoS Architecture Based on Big Data Analysis and SDN for Operators
An Elastic and Adaptive Anti-DDoS Architecture Based on Big Data Analysis and SDN for Operators Liang Xia Frank.xialiang@huawei.com Tianfu Fu Futianfu@huawei.com Cheng He Danping He hecheng@huawei.com
More informationSecond-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they
More informationStop DDoS Attacks in Minutes
PREVENTIA Forward Thinking Security Solutions Stop DDoS Attacks in Minutes 1 On average there are more than 7,000 DDoS attacks observed daily. You ve seen the headlines. Distributed Denial of Service (DDoS)
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationGlasnost or Tyranny? You Can Have Secure and Open Networks!
AT&T is a proud sponsor of StaySafe Online Glasnost or Tyranny? You Can Have Secure and Open Networks! Steven Hurst CISSP Director - AT&T Security Services and Technology AT&T Chief Security Office 2009
More informationDDoS Mitigation Strategies
DDoS Mitigation Strategies Internet2 Security Working Group 23 Feb 2016 Mark Beadles Information Security Officer mbeadles@oar.net Kevin Nastase Network Security Engineer knastase@oar.net www.oar.net Slide
More informationCisco IOS Flexible NetFlow Technology
Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationNeMo. Network Monitoring and Bill Reconciliation Analysis
NeMo Network Monitoring and Bill Reconciliation Analysis NeMo Network Monitoring and Bill Reconciliation Analysis The telecom industry needs change, and CYWEST is delivering it with NeMo, providing more
More informationIP TRANSIT SERVICE SCHEDULE - Australia - (Including VOCUS INTERNET EXPRESS)
IP TRANSIT SERVICE SCHEDULE - Australia - (Including VOCUS INTERNET EXPRESS) 1. DEFINITIONS Business Hours means a period of time from 9am to 5pm on a day that is not a Saturday, Sunday or a public holiday.
More informationApplication of Netflow logs in Analysis and Detection of DDoS Attacks
International Journal of Computer and Internet Security. ISSN 0974-2247 Volume 8, Number 1 (2016), pp. 1-8 International Research Publication House http://www.irphouse.com Application of Netflow logs in
More informationNetwork- vs. Host-based Intrusion Detection
Network- vs. Host-based Intrusion Detection A Guide to Intrusion Detection Technology 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free: 800.776.2362 Fax: 678.443.6477
More informationEffective Threat Management. Building a complete lifecycle to manage enterprise threats.
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
More informationThe DANTE NOC Network Monitoring System
The DANTE NOC Network Monitoring System Xavier Martins-Rivas, DANTE TNC 2010, Vilnius, 2 nd June 2010 The DANTE NOC Network Monitoring System The brief for the DANTE Network Operations Centre Network Monitoring
More informationState of Vermont. Intrusion Detection and Prevention Policy. Date: 11-02-10 Approved by: Tom Pelham Policy Number:
State of Vermont Intrusion Detection and Prevention Policy Date: 11-02-10 Approved by: Tom Pelham Policy Number: 1 Table of Contents 1.0 Introduction... 3 1.1 Authority... 3 1.2 Purpose... 3 1.3 Scope...
More information#42 D A N T E I N P R I N T. Tackling Network DoS on Transit Networks. David Harmelin
D A T E I P R I T #42 Tackling etwork DoS on Transit etworks David Harmelin DATE I PRIT is a track record of papers and articles published by, or on behalf of DATE. HTML and Postscript versions are available
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security
More informationE-Guide. Sponsored By:
Security and WAN optimization: Getting the best of both worlds E-Guide As the number of people working outside primary office locations increases, the challenges surrounding security and optimization are
More informationIntroduction of TEIN2 NOC. Jilong Wang
Introduction of TEIN2 NOC Jilong Wang Outline 1. NRCT Network Research Center of Tsinghua University Structure TUNET NOC Service CERNET NOC Service CERNET2 NOC Service Other NOC Services
More informationTake the NetFlow Challenge!
TM Scrutinizer NetFlow and sflow Analysis Scrutinizer is a NetFlow and sflow analyzer that provides another layer of cyber threat detection and incredibly detailed network utilization information about
More informationMANAGED SECURITY SERVICES : IP AGNOSTIC DDOS AN IP AGNOSTIC APPROACH TO DISTRIBUTED DENIAL OF SERVICE DETECTION AND MITIGATION
AN IP AGNOSTIC APPROACH TO DISTRIBUTED DENIAL OF SERVICE DETECTION AND MITIGATION Overview Distributed Denial of Service (DDoS) attacks saturate target networks with service requests that consume the capacity
More informationTHE EVOLUTION OF SIEM
THE EVOLUTION OF SIEM WHY IT IS CRITICAL TO MOVE BEYOND LOGS Despite increasing investments in security, breaches are still occurring at an alarming rate. 43% Traditional SIEMs have not evolved to meet
More informationTraining objective. Tata Communications IP Network Surveillance & Monitoring Process. TRANSFORMATION SERVICES
Training objective Tata Communications IP Network Surveillance & Monitoring Process. TRANSFORMATION SERVICES 1 Monitoring system Functional Architecture SM Notification Collection Topology Services Alarm
More informationensuring security the way how we do it
ensuring security the way how we do it HUSTEF, 2015.11.18 Attila Tóth 1 Nokia Solutions and Networks 2014 Disclaimer The ideas, processes, tools are presented from a practitioner s point of view working
More informationFirewall-on-Demand. GRNET s approach to advanced network security services management via bgp flow-spec and NETCONF. Leonidas Poulopoulos
Firewall-on-Demand GRNET s approach to advanced network security services management via bgp flow-spec and NETCONF Leonidas Poulopoulos 1 leopoul@nocgrnetgr 1 NOC/Greek Research and Technology Network
More informationUnderstanding the Performance Management Process
Understanding the Performance Management Process Monitoring Market Monitoring tools account for more then 50% of market Most organizations have not matured their monitoring environment Missing Process
More informationnfdump and NfSen 18 th Annual FIRST Conference June 25-30, 2006 Baltimore Peter Haag 2006 SWITCH
18 th Annual FIRST Conference June 25-30, 2006 Baltimore Peter Haag 2006 SWITCH Some operational questions, popping up now and then: Do you see this peek on port 445 as well? What caused this peek on your
More informationUSM IT Security Council Guide for Security Event Logging. Version 1.1
USM IT Security Council Guide for Security Event Logging Version 1.1 23 November 2010 1. General As outlined in the USM Security Guidelines, sections IV.3 and IV.4: IV.3. Institutions must maintain appropriate
More informationThe University of Information Technology Management System
IT Monitoring Code of Practice 1.4 University of Ulster Code of Practice Cover Sheet Document Title IT Monitoring Code of Practice 1.4 Custodian Approving Committee Deputy Director of Finance and Information
More informationmedia network & internet access
This document explains the design principles behind the Sohonet Media Network, how it provides enhanced ISP services, and provides a single fully integrated connectivity solution. The Sohonet Media Platform
More informationTHE ROLE OF IDS & ADS IN NETWORK SECURITY
THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker
More informationDDoS Overview and Incident Response Guide. July 2014
DDoS Overview and Incident Response Guide July 2014 Contents 1. Target Audience... 2 2. Introduction... 2 3. The Growing DDoS Problem... 2 4. DDoS Attack Categories... 4 5. DDoS Mitigation... 5 1 1. Target
More informationFORTHcert. Internet-Sicherheit fördern kritische Infrastrukturen schützen. Foundation for Research and Technology Hellas Institute of Computer Science
FORTHcert Foundation for Research and Technology Hellas Institute of Computer Science Internet-Sicherheit fördern kritische Infrastrukturen schützen 31 st TF-CSIRT Meeting September 2010 - Istanbul, Turkey
More informationICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.
ICND2 NetFlow Question 1 What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring B. Network Planning C. Security Analysis D. Accounting/Billing Answer: A C D NetFlow
More information#41 D A N T E I N P R I N T. TEN-155 Multicast: MBGP and MSDP monitoring. Jan Novak Saverio Pangoli
D A N T E I N P R I N T TEN-155 Multicast: #41 MBGP and MSDP monitoring Jan Novak Saverio Pangoli DANTE IN PRINT is a track record of papers and articles published by, or on behalf of DANTE. An HTML version
More informationEnvironment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.
Cyber Security. Environment, Solutions and Case study. Special Telecommunications Service David Gabriel, Buciu Adrian Contact: gdavid13@sts.ro adibuciu@sts.ro Environment Network/services can be damaged
More informationIBM Security Intelligence Strategy
IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational
More informationTel: +1 123 456 7890 Fax: +1 123 456 7890 ey.com. Report of Independent Auditors
Ernst & Young LLP Suite 3300 370 17th Street Denver, Colorado 80202-5663 Tel: +1 123 456 7890 Fax: +1 123 456 7890 ey.com To the Management of NTT America, Inc.: Report of Independent Auditors We have
More informationAMRES NOC Bojan Jakovljević. 8 th TF-NOC meeting, Athens 2013.
AMRES NOC Bojan Jakovljević 8 th TF-NOC meeting, Athens 2013. Who are we? AMRES is National Research and Education Network of Serbia Initial development of the AMRES network started in the early 90 s when
More informationand reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs
ICmyNet.Flow: NetFlow based traffic investigation, analysis, and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs AMRES Academic Network of Serbia RCUB - Belgrade University Computer Center ETF Faculty
More informationStrategies to Protect Against Distributed Denial of Service (DD
Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics
More informationNetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com
NetFlow Tracker Overview Mike McGrath x ccie CTO mike@crannog-software.com 2006 Copyright Crannog Software www.crannog-software.com 1 Copyright Crannog Software www.crannog-software.com 2 LEVELS OF NETWORK
More informationOperational Model for E2E links in the NREN/GÉANT2 and NREN/Cross-Border-Fibre supplied optical platform
Operational Model for E2E links in the NREN/GÉANT2 and NREN/Cross-Border-Fibre supplied optical platform 0 Background In the GÉANT2 project plan it is foreseen that end-to-end (E2E) links (essentially
More informationNetwork Visibility Guide
Network Visibility Guide Even Superman could only see through walls, not networks! We understand your lack of Network visibility. So we give you ManageEngine NetFlow Analyzer! Network visibility is the
More informationGaining Operational Efficiencies with the Enterasys S-Series
Gaining Operational Efficiencies with the Enterasys S-Series Hi-Fidelity NetFlow There is nothing more important than our customers. Gaining Operational Efficiencies with the Enterasys S-Series Introduction
More informationCWSI Service Definition for Server Monitoring
CWSI Service Definition for Server Monitoring October 2015 Contents I. Document Control... 3 a). History... 3 b). Reference Documents... 3 II. Company and Contact information... 3 1. About CWSI... 4 2.
More informationMitigating Denial of Service Attacks. Why Crossing Fingers is Not a Strategy
Mitigating Denial of Service Attacks Why Crossing Fingers is Not a Strategy Introduction Mark Baldwin - Owner of Tectonic Security MSSP and Security Consulting Primarily Work With SMBs DDoS Mitigation
More informationANATOMY OF A CODE RED II ATTACK
ANATOMY OF A CODE RED II ATTACK IMPROVING FIREWALL SECURITY USING PATROL FOR CHECK POINT FIREWALL-1 BILL KENNON, SENIOR SOFTWARE CONSULTANT BMC SOFTWARE, INC 1 The Surprise Attack As the NT Systems Administrator
More informationPacnet Premium Dedicated Internet Access Dedicated Internet Access for Web-Centric Enterprises
Products and Services INTERNET ACCESS Pacnet Premium Dedicated Internet Access Dedicated Internet Access for Web-Centric Enterprises MEETING THE CRITICAL DEMANDS OF TODAY S MULTI-SITE ENTERPRISES Enterprises
More informationSharing Intelligence is our Best Defense: Cyber Security Today Is a bit Like the Keystone Cops
Sharing Intelligence is our Best Defense: Incentives That Work versus Disincentives That Can Be Solved William Yurcik* Adam Slagell Jun Wang NCSA Security Research (NCSA) University of Illinois at Urbana-Champaign
More informationCentralized Cloud Firewall. Ivan Ivanovic BUCC/AMRES Tbilisi, December 2013.
Centralized Cloud Firewall Ivan Ivanovic BUCC/AMRES Tbilisi, December 2013. AMRES NREN 172 institutions ~2200 km dark fiber links 22 cities 3 cross border optical links Redundant Geant internet links 1
More informationCISCO IOS NETFLOW AND SECURITY
CISCO IOS NETFLOW AND SECURITY INTERNET TECHNOLOGIES DIVISION FEBRUARY 2005 1 Cisco IOS NetFlow NetFlow is a standard for acquiring IP network and operational data Benefits Understand the impact of network
More informationTELCO challenge: Learning and managing the network behavior
TELCO challenge: Learning and managing the network behavior M.Sc. Ljupco Vangelski CEO, Scope Innovations Kiril Oncevski NOC, ISP Neotel Skopje Presentation overview Challenges for the modern network monitoring
More information