Real-time Network Monitoring and Security Platform for Securing Next-Generation Network. Assoc. Prof. Dr. Sureswaran Ramadass

Transcription

1 Real-time Network Monitoring and Security Platform for Securing Next-Generation Network Assoc. Prof. Dr. Sureswaran Ramadass

2 The platform Definition A description of a software framework that makes services available to other applications through set of API s. Objectives To provide an extendable Features through the pluggable interfaces. To ease the software development process. The platform can be considered as a core component for enabling network applications. (network monitoring, network security, real-time applications, etc.)

3 The platform The platform The platform

4 Features and Benefits Provide a cross platform environment Provide a an open architecture applications. Provide a standard packet capture engine Provide advanced protocol decoder Provide a high performance circular buffer support. Provide API for network monitoring application customization API for network worm detection. API for intelligent network monitoring. API for grid monitoring. API for advanced network statistics. API for Network Security Applications. API for Buffering and Archiving.

5 Monitoring and Security solutions

6 Application Application: Network security solution.

7 Security solution. - Networks are suffering from viruses, worms, Trojans, spy-wares, adwares, hijackers, pop generators, spam, intrusion and many more. - If you have an internet connection (home, corporate) then, your machine is exposed to the Internet world. And hence you are vulnerable against Worms and Viruses. -Virus and Worm are the biggest contributors to today s network problems. -With these modern threats, firewall and antivirus alone are not enough To protect your organization from the blended threats.

8 Application: Application: Security solution i.e. i.e. worms/viruses. Because of the Speed of there infection / spread. Cost for cleanup of worms worldwide. - Sobig: USD 37.1 billion - MyDoom: USD 22.6 billion - Klez: USD 19.8 billion - Nachi: USD 13 billion - Mimail: USD 11.5 billion - Swen: USD 10.4 billion - Love Bug: USD 8.8 billion - Bugbear: USD 3.9 billion Cost for cleanup of worms in Malaysia. Code Red: RM 22 million Nimda: RM 22 million Blaster: RM 31 million Nachi: RM 31 million Source: NISER study

9 What Worms / Viruses Can do to you? Once the host is infected, it can: Steal YOUR private info and distribute it to all the users in your database. Send dummy traffic to paralyze your network. Destroy key system files that would damage and crash your computer. Destroy database system within your server.

10 Worm Attack Scenarios Network Parallelized Patched Patched infected Infected Network Alert Busy Network Patched Patched Warning

11 How to Get Protected? You Need: To cover the loopholes left by other security products for an all round protection. To Be able to detect internal worm attack as well as external. To be updated against recent worm. To be Alerted or warned for threats attempts by. Locating the source of the problem. Providing possible solutions.

12 Efficiency and Speed The platform Provides a Set of APIs to interact with the Buffering API in order to: Adopt the Current Networks Speeds. Operate at wire speed. Archive / store critical information. Also the platform Provides a Set of APIs to interact with the Worm Engine in order to : Parse Network traffic Packets by Packets. Compare against the updated Signature DB. Detect worm existence and alerting. Extract Useful and relevant information for further action.

13 Worm Attack Detection Propagation Source IP Propagation Destination IP

14 Application: Application: Network Monitoring solution.

15 Network Monitoring Characteristics

16 What do we Need? We Need: - Bandwidth Monitoring Capability. - Application Monitoring Capability. - Websites Monitoring Capability. - Network Utilization Capability. - Critical Node monitoring Capability. - Anomaly Detection and identification Capability. - Packet Capturing, Filtering and Buffering Capability. - Switching Environment Monitoring Capability (MPLS) - VLAN Monitoring Capability. - Protocol Dissecting Capability. - Top User Tracking capability - General Statistics. - On trunk VLAN Decoding Capability. - Remote Network Monitoring Capability. - Clustering and network Behavior Modeling capability. The Platform Provides the necessary set of API to support Network and Distributed Network Monitoring Applications.

17 Packet Capturing and Dissection

18 Distributed Network Traffic Buffering

19 The Platform Pluggable Interfaces

20 R.T Distributed Network Monitoring 3-Tier Architecture for a Real time Distributed Network Monitoring inet Enterprise.

21 inet Enterprise: Enterprise: How to monitoring Distributed Networks.

22 inet Enterprise: Enterprise: The Architecture.

23 inet Enterprise: Enterprise: Functional Solution

24 inet Enterprise: Enterprise: Control Sequence

25 inet Enterprise: Enterprise: Remote Traffic Capturing Interface.

26 inet Enterprise: inet inet Console

27 inet Enterprise: inet inet Console Statistics

28 inet Enterprise: inet inet Console Console-Critical Critical Elements monitoring

29 inet Enterprise: the Whole 1 2

30 inet Enterprise: Features Passive Monitoring Technique Not like any other active network monitoring tools that tend to be intrusive Critical Node Monitoring Netrace Observe communication among devices and stations MPLS Distribution Statistic Able to detect MPLS packets and show its packet size and protocol distribution Application Monitoring List down the applications that being used and their bandwidth usage Web Monitoring Monitor users and the websites they visited Network Address Book Detect devices detailed information such as the MAC Address and Workgroup on a network Network Reporting Toolkit Generate report of compiled information from various monitoring modules Network Packet Analyzer Capture and decode any packets within the network

31 inet Enterprise: Features Distribution Statistic Show the packets distribution according to the size, application protocol, network protocol, etc General Statistic Show the statistic of the number of packet per second, bits per second and the network utilization Critical Elements Monitoring (Server..etc) Monitor the status of the servers and send alerts whenever a server (and/or its service) is down Top Bandwidth Usage Keep track of the users who use the bandwidth the most VLAN Distribution Statistic Show the packets distribution according to the size, application protocol, network protocol on the VLAN VLAN General Statistic Show the statistic of the number of packet per second, bits per second and the network utilization On Trunk VLAN Packet Analyzer Able to detect VLAN packets

32 The Platform Applications.

33 Thank You