Finding Network Security Breaches Using LiveAction Software to detect and analyze security issues in your network
|
|
- Ambrose Watson
- 7 years ago
- Views:
Transcription
1 LiveAction Application Note Finding Network Security Breaches Using LiveAction Software to detect and analyze security issues in your network September
2 Table of Contents 1. Introduction Identifying Real-Time Security Issues... 2 Detecting Port and IP Scan Behavior... 2 Unauthorized Application and QoS Marking Usage... 3 Denial of Service Attacks Forensic Analysis and Historical Reporting Conclusion... 9
3 1. Introduction It is generally understood that organizations cannot successfully defend against all cybersecurity attacks. Also, as the level of security is increased, so does the level of overhead and management that accompanies that security. So, while precautions must be taken to prevent such attacks, an equally important function is the discovery, investigation and understanding of network security breaches so that they can be stopped, if still ongoing, and prevented in the future. Investigating these abnormal network events will often uncover weaknesses in your current infrastructure and identify infected computers. If left unchecked these compromised resources can be the sources of future attacks or conduits for offloading of confidential company data. LiveAction software from ActionPacked! Networks enables network administrators and engineers to identify and mitigate security problems in real time and perform network forensics on events that have been recorded in its traffic flow and QoS historical databases. This application note will demonstrate these techniques and help you to better secure your network and IT infrastructure. 1
4 2. Identifying Real-Time Security Issues Detecting Port and IP Scan Behavior Port and IP scanning is a technique used to assess the capabilities and potential vulnerabilities of a given IP address or range of addresses. This type of scanning behavior generally indicates that an entity or script is searching for vulnerabilities or ports of entry into a given network. If this activity is not expected, one can interpret such scanning as a potential attack. When using LiveAction s NetFlow, or Flow view, you can quickly pick up abnormal scanning activity and identify the source. In order to view detailed real-time and historical traffic flow information, proceed to the device-level Flow view. Select the router of interest and then select the Flow or NetFlow tab. Figure 1 Navigating to the Device-Level NetFlow Screen Scanning of a subnet is quickly identified by the disproportionate number of destination endpoints in comparison to the sources. Scans appear as shown below in LiveAction. Here we see in tabular and topology views a single source scanning a whole subnet. IP scan got through to this host and requires further investigation. Figure 2 LiveAction Displaying an Active IP Subnet Scan In addition, the active hosts that responded to the scan can be seen below the E0/0 interface, while all the other addresses and ports were sent to the null interface on the right side. 2
5 Unauthorized Application and QoS Marking Usage LiveAction s unique ability to help you identify and mitigate security issues in real time can also be extended to discovering unauthorized applications consuming significant amounts of bandwidth on your network. Unauthorized video conference technologies tend to perform QoS marking and consume significant amounts of bandwidth. If trust boundaries are set to preserve traffic marked for video conferencing, dedicated queues on WAN edge devices can be exhausted creating poor network performance for applications that do not have their own dedicated queue. Below is an example of such an event displayed in LiveAction. In this topology view we can quickly identify QoS issues that we traced to a highbandwidth videoconferencing session. Through NetFlow we are able to identify and trace the offending session. Figure 3 Identifying Rogue Video Conference Traffic Once this issue has been identified, there are many actions one can take. The first is to review the QoS policies throughout the network. Perhaps trust boundaries at the access switches need to be reevaluated. It is also possible that traffic shaping functions on the edge routers could mitigate this issue as well. LiveAction s QoS management function can be used to display and modify these QoS policies. For more information, please see the QoS Best Practices Application Note. 3
6 Denial of Service Attacks Denial of service attacks are attempts to make network resources unavailable to other users. This is generally accomplished by flooding the systems with such large quantities of traffic requests that the systems are unable to respond to legitimate traffic. These attempts can not only prevent traffic from reaching legitimate users, but can also cause harm to the system being attacked if data corruption occurs or the system is forced into a crash state. Using LiveAction software, one can detect these Denial of Service attacks and quickly create an Access Control List (ACL) to mitigate the attack. Below is an example of such an attack and how it can be thwarted using LiveAction. Figure 4 Active Denial of Service Attack Once again from the device-level Flow view we can easily visual the traffic flows. In this example we can see the enormous amount of traffic requests being sent to the host with each request being shown as a separate flow. This view tells us the router itself is the target of the denial of service attack. 4
7 LiveAction also displays CPU and memory issues in real-time as a result of this attack as shown in Figure 5. Areas indicating CPU or memory overload are circled in red. Multiple indicators of CPU utilization issues due to DOS attack. Figure 5 CPU and Memory Alerts Resulting from DoS Attack In these instances where an attack is underway and the router is suffering, LiveAction s ACL editor allows the user to quickly create an Access Control List to mitigate the attack. To access the ACL editor, follow the steps below: 1. From the system topology or device-level topology view, right click on the flow of interest, then click Create ACL based on flow. This will launch the flow-based ACL editor. 5
8 2. Create a blocking ACL based on the denial of service flow being seen by choosing deny : Save the ACL to the device to mitigate the Denial of Service attack. This will prevent precious control plane services from being exhausted and will keep the router functioning normally. 6
9 3. Forensic Analysis and Historical Reporting Not only can LiveAction provide real-time visualization for traffic flows and link utilization, but the software also provides a full historical record of all flow and QoS data collected. This information can be displayed using the LiveAction Historical Reporting Engine. The engine can bring you back to any point in time when data was being collected and display the information as if it were being viewed in real time. This fully featured reporting engine allows users to perform forensic analysis on security breaches that happened in the past to get a better understanding on devices or hosts that may have been affected and to understand how to prevent them in the future. To launch the flow historical reporting engine, use the main menu to access Reporting Flow Historical Playback: Figure 6 Navigating to the Flow Historical Playback Screen Select the device and the interface of choice, and the Historical Playback engine will be displayed as shown below: Use the calendar and time-of-day slider to navigate to the appropriate time in the past. Figure 7 Selecting the Date and Time in the Historical Playback Screen Select the date and the time that you are interested in investigating and the flow data from that sampling period will be displayed. Unlike some other NetFlow vendors, LiveAction keeps and stores ALL data records collected and provides a complete view into the network activity from the past. These statistics can be retrieved for QoS as well to discover possible flaws in traffic shaping or queuing configurations based on reported outages or service quality issues. 7
10 In addition to the playback capability, LiveAction can generate reports based on historical data for quick investigation of security issues. These reports can be accessed from the device-level Flow toolbar. Figure 8 Using the Flow Historical Reporting Capabilities The Top Analysis report returns detailed information of all the flows from a specific time period specified by the user. The data can be sorted and filtered to narrow in on the metrics appropriate for your forensics investigation. For thorough investigations you can sort and filter on the whole database of historical flows. Figure 9 Examining the Historical Top Analysis Report 8
11 4. Conclusion There are many malicious attacks that can be targeted toward a given network. Understanding and reacting to these security problems requires an understanding for what types and quantities of traffic are in use. Once a baseline or known good state of the network has been established, LiveAction can be used to discover network irregularities, security vulnerabilities, or full-on denial of services attacks. By providing comprehensive intelligence and manageability into network devices, network administrators can reduce the number of service tickets opened, increase network uptime, and reduce operating expenditures. To learn more about LiveAction, and for information to help you deploy and manage QoS, please visit ActionPacked! Networks at: Copyright 2016 LiveAction, Inc. All rights reserved. LiveAction, the LiveAction logo and LiveAction Software are trademarks of LiveAction, Inc. Other company and product names are the trademarks of their respective companies. LiveAction, Inc West Bayshore Road Palo Alto, CA 94303, USA 9
Using LiveAction Software for Successful VoIP Deployments How to quickly and accurately deploy QoS for VoIP networks
LiveAction Application Note Using LiveAction Software for Successful VoIP Deployments How to quickly and accurately deploy QoS for VoIP networks September 2012 http://www.actionpacked.com Table of Contents
More informationNetwork Management for Common Topologies How best to use LiveAction for managing WAN and campus networks
Network Management for Common Topologies How best to use LiveAction for managing WAN and campus networks April 2014 www.liveaction.com Contents 1. Introduction... 1 2. WAN Networks... 2 3. Using LiveAction
More informationINCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS
WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by
More informationChapter 6: Fundamental Cloud Security
Chapter 6: Fundamental Cloud Security Nora Almezeini MIS Department, CBA, KSU From Cloud Computing by Thomas Erl, Zaigham Mahmood, and Ricardo Puttini(ISBN: 0133387526) Copyright 2013 Arcitura Education,
More informationDemystifying the Myth of Passive Network Discovery and Monitoring Systems
Demystifying the Myth of Passive Network Discovery and Monitoring Systems Ofir Arkin Chief Technology Officer Insightix Copyright 2012 - All Rights Reserved. This material is proprietary of Insightix.
More informationQuality of Service. PAN-OS Administrator s Guide. Version 6.0
Quality of Service PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationSecurity Toolsets for ISP Defense
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationService Description DDoS Mitigation Service
Service Description DDoS Mitigation Service Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK Tel: +800 4683 7681 Email: info@interoute.com Contents Contents 1 Introduction...3 2 An Overview...3
More informationDDoS Protection Technology White Paper
DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of
More informationCisco ASA and NetFlow Using ASA NetFlow with LiveAction Flow Software
LiveAction Application Note Cisco ASA and NetFlow Using ASA NetFlow with LiveAction Flow Software January 2013 http://www.actionpacked.com Table of Contents 1. Introduction... 1 2. ASA NetFlow Security
More informationOn the Deficiencies of Active Network Discovery Systems
On the Deficiencies of Active Network Discovery Systems Ofir Arkin Chief Technology Officer Insightix Copyright 2012 - All Rights Reserved. This material is proprietary of Insightix. Any unauthorized
More informationLiveAction: GUI-Based Management and Visualization for Cisco Intelligent WAN
Solution Overview LiveAction: GUI-Based Management and Visualization for Cisco Intelligent WAN Overview Cisco Intelligent WAN (IWAN) enables enterprises to realize significant cost savings by moving to
More informationWhat a Vulnerability Assessment Scanner Can t Tell You. Leveraging Network Context to Prioritize Remediation Efforts and Identify Options
White paper What a Vulnerability Assessment Scanner Can t Tell You Leveraging Network Context to Prioritize Remediation Efforts and Identify Options november 2011 WHITE PAPER RedSeal Networks, Inc. 3965
More informationThe Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold
The Essentials Series PCI Compliance sponsored by by Rebecca Herold Using PCI DSS Compliant Log Management to Identify Attacks from Outside the Enterprise...1 Outside Attacks Impact Business...1 PCI DSS
More informationGaining Operational Efficiencies with the Enterasys S-Series
Gaining Operational Efficiencies with the Enterasys S-Series Hi-Fidelity NetFlow There is nothing more important than our customers. Gaining Operational Efficiencies with the Enterasys S-Series Introduction
More informationWhite Paper. Five Steps to Firewall Planning and Design
Five Steps to Firewall Planning and Design 1 Table of Contents Executive Summary... 3 Introduction... 3 Firewall Planning and Design Processes... 3 Step 1. Identify Security Requirements for Your Organization...
More informationFlow Publisher v1.0 Getting Started Guide. Get started with WhatsUp Flow Publisher.
Flow Publisher v1.0 Getting Started Guide Get started with WhatsUp Flow Publisher. Contents CHAPTER 1 Welcome Welcome to Flow Publisher... 1 About Flow Publisher... 2 Deploying Deploying Flow Publisher...
More informationplixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels
Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to
More informationSix Days in the Network Security Trenches at SC14. A Cray Graph Analytics Case Study
Six Days in the Network Security Trenches at SC14 A Cray Graph Analytics Case Study WP-NetworkSecurity-0315 www.cray.com Table of Contents Introduction... 3 Analytics Mission and Source Data... 3 Analytics
More informationSolarWinds Certified Professional. Exam Preparation Guide
SolarWinds Certified Professional Exam Preparation Guide Introduction The SolarWinds Certified Professional (SCP) exam is designed to test your knowledge of general networking management topics and how
More information1. Firewall Configuration
1. Firewall Configuration A firewall is a method of implementing common as well as user defined security policies in an effort to keep intruders out. Firewalls work by analyzing and filtering out IP packets
More informationAlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard
AlienVault Unified Security Management (USM) 5.1 Running the Getting Started Wizard USM v5.1 Running the Getting Started Wizard, rev. 2 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault
More informationUnified network traffic monitoring for physical and VMware environments
Unified network traffic monitoring for physical and VMware environments Applications and servers hosted in a virtual environment have the same network monitoring requirements as applications and servers
More informationSOUTHERN POLYTECHNIC STATE UNIVERSITY. Snort and Wireshark. IT-6873 Lab Manual Exercises. Lucas Varner and Trevor Lewis Fall 2013
SOUTHERN POLYTECHNIC STATE UNIVERSITY Snort and Wireshark IT-6873 Lab Manual Exercises Lucas Varner and Trevor Lewis Fall 2013 This document contains instruction manuals for using the tools Wireshark and
More informationDeployment Guide for Microsoft Lync 2010
Deployment Guide for Microsoft Lync 2010 Securing and Accelerating Microsoft Lync with Palo Alto Networks Next-Generation Firewall and Citrix NetScaler Joint Solution Table of Contents 1. Overview...3
More informationData Security Concerns for the Electric Grid
Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid The U.S. power grid infrastructure is a vital component of modern society and commerce, and represents a critical
More informationSecuring the Database Stack
Technical Brief Securing the Database Stack How ScaleArc Benefits the Security Team Introduction Relational databases store some of the world s most valuable information, including financial transactions,
More informationSolarWinds Technical Reference
SolarWinds Technical Reference Best Practices for Troubleshooting NetFlow Introduction... 1 NetFlow Overview... 1 Troubleshooting NetFlow Service Status Issues... 3 Troubleshooting NetFlow Source Issues...
More informationLiveAction. Application-aware Network Performance Management with QoS Control
LiveAction Application-aware Network Performance Management with QoS Control LiveAction: Application-aware Network Performance Management LiveAction is a sophisticated network performance management and
More informationEndpoint Security Console. Version 3.0 User Guide
Version 3.0 Table of Contents Summary... 2 System Requirements... 3 Installation... 4 Configuring Endpoint Security Console as a Networked Service...5 Adding Computers, Groups, and Users...7 Using Endpoint
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationDISTRIBUTED DENIAL OF SERVICE OBSERVATIONS
: DDOS ATTACKS DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS 1 DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS NTT is one of the largest Internet providers in the world, with a significant share of the world s
More informationWhite Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
More informationNetwork Instruments white paper
Network Instruments white paper USING A NETWORK ANALYZER AS A SECURITY TOOL Network Analyzers are designed to watch the network, identify issues and alert administrators of problem scenarios. These features
More informationEnterprise Security Platform for Government
Enterprise Security Platform for Government Today s Cybersecurity Challenges in Government Governments are seeking greater efficiency and lower costs, adopting Shared Services models, consolidating data
More informationLiveAction Application Note
LiveAction Application Note Layer 2 Monitoring and Host Location Using LiveAction to monitor and identify inter-/intra-switch VLAN configurations, and locating workstations within the network infrastructure.
More informationEdge Configuration Series Reporting Overview
Reporting Edge Configuration Series Reporting Overview The Reporting portion of the Edge appliance provides a number of enhanced network monitoring and reporting capabilities. WAN Reporting Provides detailed
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationNetwork & Information Security Policy
Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk
More informationWHITE PAPER WHAT HAPPENED?
WHITE PAPER WHAT HAPPENED? ENSURING YOU HAVE THE DATA YOU NEED FOR EFFECTIVE FORENSICS AFTER A DATA BREACH Over the past ten years there have been more than 75 data breaches in which a million or more
More informationTHE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.
THE 2014 THREAT DETECTION CHECKLIST Six ways to tell a criminal from a customer. Telling criminals from customers online isn t getting any easier. Attackers target the entire online user lifecycle from
More informationSECURING APACHE : DOS & DDOS ATTACKS - I
SECURING APACHE : DOS & DDOS ATTACKS - I In this part of the series, we focus on DoS/DDoS attacks, which have been among the major threats to Web servers since the beginning of the Web 2.0 era. Denial
More informationObserver Analyzer Provides In-Depth Management
Comprehensive Wireless Network Management Made Simple From deploying access points to baselining activity to enforcing corporate security policies, the Observer Performance Management Platform is a complete,
More informationSOLARWINDS ENGINEER S TOOLSET FAST FIXES TO NETWORK ISSUES
DATASHEET SOLARWINDS ENGINEER S TOOLSET FAST FIXES TO NETWORK ISSUES SolarWinds Engineer s Toolset (ETS) helps you monitor and troubleshoot your network with the most trusted tools in network management.
More informationCisco Network Foundation Protection Overview
Cisco Network Foundation Protection Overview June 2005 1 Security is about the ability to control the risk incurred from an interconnected global network. Cisco NFP provides the tools, technologies, and
More informationStrategies to Protect Against Distributed Denial of Service (DD
Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationTake the NetFlow Challenge!
TM Scrutinizer NetFlow and sflow Analysis Scrutinizer is a NetFlow and sflow analyzer that provides another layer of cyber threat detection and incredibly detailed network utilization information about
More informationThis chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How
This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How Network Security Is Breached Network Security Policy
More informationNMS300 Network Management System
NMS300 Network Management System User Manual June 2013 202-11289-01 350 East Plumeria Drive San Jose, CA 95134 USA Support Thank you for purchasing this NETGEAR product. After installing your device, locate
More informationStreamlining Web and Email Security
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor
More informationAbstract. Introduction. Section I. What is Denial of Service Attack?
Abstract In this report, I am describing the main types of DoS attacks and their effect on computer and network environment. This report will form the basis of my forthcoming report which will discuss
More informationHP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide
HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide Abstract This guide contains comprehensive information for network administrators, engineers, and operators working with
More informationSecuring Endpoints without a Security Expert
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series
More informationStrategies to Protect Against Distributed Denial of Service (DDoS) Attacks
Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks Document ID: 13634 Contents Introduction Understanding the Basics of DDoS Attacks Characteristics of Common Programs Used to Facilitate
More informationNetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com
NetFlow Tracker Overview Mike McGrath x ccie CTO mike@crannog-software.com 2006 Copyright Crannog Software www.crannog-software.com 1 Copyright Crannog Software www.crannog-software.com 2 LEVELS OF NETWORK
More informationMonitor Network Activity
Monitor Network Activity Panorama provides a comprehensive, graphical view of network traffic. Using the visibility tools on Panorama the Application Command Center (ACC), logs, and the report generation
More informationLab 8.4.2 Configuring Access Policies and DMZ Settings
Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set
More informationTaxonomic Modeling of Security Threats in Software Defined Networking
Taxonomic Modeling of Security Threats in Software Defined Networking Recent advances in software defined networking (SDN) provide an opportunity to create flexible and secure next-generation networks.
More informationSolarWinds. NetFlow Traffic Analyzer. Evaluation Guide. Version 4.2
SolarWinds NetFlow Traffic Analyzer Version 4.2 Evaluation Guide Last Updated: June 29, 2016 2016 SolarWinds Worldwide, LLC. All rights reserved. This document may not be reproduced by any means nor modified,
More informationThe Coremelt Attack. Ahren Studer and Adrian Perrig. We ve Come to Rely on the Internet
The Coremelt Attack Ahren Studer and Adrian Perrig 1 We ve Come to Rely on the Internet Critical for businesses Up to date market information for trading Access to online stores One minute down time =
More informationApplication Performance Management
Application Performance Management Intelligence for an Optimized WAN xo.com Application Performance Management Intelligence for an Optimized WAN Contents Abstract 3 Introduction 3 Business Drivers for
More informationSapphireIMS 4.0 BSM Feature Specification
SapphireIMS 4.0 BSM Feature Specification v1.4 All rights reserved. COPYRIGHT NOTICE AND DISCLAIMER No parts of this document may be reproduced in any form without the express written permission of Tecknodreams
More informationAssignment One. ITN534 Network Management. Title: Report on an Integrated Network Management Product (Solar winds 2001 Engineer s Edition)
Assignment One ITN534 Network Management Title: Report on an Integrated Network Management Product (Solar winds 2001 Engineer s Edition) Unit Co-coordinator, Mr. Neville Richter By, Vijayakrishnan Pasupathinathan
More informationBest Practices for NetFlow/IPFIX Analysis and Reporting
WHITEPAPER Best Practices for NetFlow/IPFIX Analysis and Reporting IT managers and network administrators are constantly making decisions affecting critical business activity on the network. Management
More informationStopping secure Web traffic from bypassing your content filter. BLACK BOX
Stopping secure Web traffic from bypassing your content filter. BLACK BOX 724-746-5500 blackbox.com Table of Contents Introduction... 3 Implications... 4 Approaches... 4 SSL CGI Proxy... 5 SSL Full Proxy...
More informationProtecting Critical Infrastructure
Protecting Critical Infrastructure SCADA Network Security Monitoring March 20, 2015 Table of Contents Introduction... 4 SCADA Systems... 4 In This Paper... 4 SCADA Security... 4 Assessing the Security
More informationNetFlow Analytics for Splunk
NetFlow Analytics for Splunk User Manual Version 3.5.1 September, 2015 Copyright 2012-2015 NetFlow Logic Corporation. All rights reserved. Patents Pending. Contents Introduction... 3 Overview... 3 Installation...
More informationDenial of Service (DOS) Testing IxChariot
TEST PLAN Denial of Service (DOS) Testing IxChariot www.ixiacom.com 915-6681-01, 2005 Contents Overview of Denial of Service functionality in IxChariot...3 A brief outline of the DoS attack types supported
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationA Layperson s Guide To DoS Attacks
A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4
More informationApplication Visibility and Monitoring >
White Paper Application Visibility and Monitoring > An integrated approach to application delivery Application performance drives business performance Every business today depends on secure, reliable information
More informationAnalyze hop-by-hop path, devices, interfaces, and queues Locate and troubleshoot problems
Visualization, Management, and Control for Cisco IWAN Data sheet Overview Intelligent WAN is a Cisco solution that enables enterprises to realize significant cost savings by moving to less expensive transport
More informationWhatsUpGold. v3.0. WhatsConnected User Guide
WhatsUpGold v3.0 WhatsConnected User Guide Contents CHAPTER 1 Welcome to WhatsConnected Finding more information and updates... 2 Sending feedback... 3 CHAPTER 2 Installing and Configuring WhatsConnected
More informationNetwork Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw
Network Monitoring On Large Networks Yao Chuan Han (TWCERT/CC) james@cert.org.tw 1 Introduction Related Studies Overview SNMP-based Monitoring Tools Packet-Sniffing Monitoring Tools Flow-based Monitoring
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to
More informationUsing SolarWinds Orion for Cisco Assessments
Using SolarWinds Orion for Cisco Assessments Cisco Network Assessments Registering Your Assessment... 1 Installing SolarWinds Orion Network Performance Monitor... 1 Discovering Your Network... 1 Polling
More informationUsing Rsync for NAS-to-NAS Backups
READYNAS INSTANT STORAGE Using Rsync for NAS-to-NAS Backups Infrant Technologies 3065 Skyway Court, Fremont CA 94539 www.infrant.com Using Rsync For NAS-To-NAS Backups You ve heard it before, but it s
More informationDenial of Service Attacks, What They are and How to Combat Them
Denial of Service Attacks, What They are and How to Combat Them John P. Pironti, CISSP Genuity, Inc. Principal Enterprise Solutions Architect Principal Security Consultant Version 1.0 November 12, 2001
More informationData Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan
WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data
More informationAnalyzing your network traffic using a onearmed
Analyzing your network traffic using a onearmed sniffer You can use a one-armed sniffer in coordination with a FortiAnalyzer to analyze traffic going through a main FortiGate to minimize the impact on
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationHOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT
HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT The frequency and sophistication of Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Most of the earliest
More informationHow To Block A Ddos Attack On A Network With A Firewall
A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial
More informationVisualization, Management, and Control for Cisco IWAN
Visualization, Management, and Control for Cisco IWAN Overview Cisco Intelligent WAN (IWAN) delivers an uncompromised user experience over any connection, whether that connection is Multiprotocol Label
More informationLumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks
IPsonar provides visibility into every IP asset, host, node, and connection on the network, performing an active probe and mapping everything that's on the network, resulting in a comprehensive view of
More informationAbout Firewall Protection
1. This guide describes how to configure basic firewall rules in the UTM to protect your network. The firewall then can provide secure, encrypted communications between your local network and a remote
More informationSecure Virtualization in the Federal Government
White Paper Secure Virtualization in the Federal Government Achieve efficiency while managing risk Table of Contents Ready, Fire, Aim? 3 McAfee Solutions for Virtualization 4 Securing virtual servers in
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationWhy a Network-based Security Solution is Better than Using Point Solutions Architectures
Why a Network-based Security Solution is Better than Using Point Solutions Architectures In This Paper Many threats today rely on newly discovered vulnerabilities or exploits CPE-based solutions alone
More informationWhy Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation www.lumeta.
Why Leaks Matter Leak Detection and Mitigation as a Critical Element of Network Assurance A publication of Lumeta Corporation www.lumeta.com Table of Contents Executive Summary Defining a Leak How Leaks
More informationNetwork Performance Monitoring at Minimal Capex
Network Performance Monitoring at Minimal Capex Some Cisco IOS technologies you can use to create a high performance network Don Thomas Jacob Technical Marketing Engineer About ManageEngine Network Servers
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationIntraVUE Plug Scanner/Recorder Installation and Start-Up
IntraVUE Plug Scanner/Recorder Installation and Start-Up The IntraVUE Plug is a complete IntraVUE Hardware/Software solution that can plug directly into any network to continually scan and record details
More informationSafety in Numbers. Using Multiple WAN Links to Secure Your Network. Roger J. Ruby Sr. Product Manager August 2002. Intelligent WAN Access Solutions
Copyright 2002 Quick Eagle Networks Inc. All rights reserved. The White Paper Series Safety in Numbers Using Multiple WAN Links to Secure Your Network Roger J. Ruby Sr. Product Manager August 2002 Executive
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationSecurity Event Management. February 7, 2007 (Revision 5)
Security Event Management February 7, 2007 (Revision 5) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 CRITICAL EVENT DETECTION... 3 LOG ANALYSIS, REPORTING AND STORAGE... 7 LOWER TOTAL COST
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More information