Real-Time Collaborative Network Monitoring and Control Using the Open Source L3DGE system
|
|
|
- Cuthbert Russell
- 10 years ago
- Views:
Transcription
1 Real-Time Collaborative Network Monitoring and Control Using the Open Source L3DGE system Warren Harrop
2 FAQ : Who are you? How did you get into my house? PhD candidate at the Centre for Advanced Internet Architectures, Swinburne University Completed an internship with Cisco in 2007 Some financial assistance for this research from Cisco [email protected] August 22th, 2008 Page 2
3 Outline Network monitoring (Re)Introduce a greynet What does it do? How can it help? Introducing greynetd Network visualisation and control L3DGE project Quick demos Future work [email protected] August 22th, 2008 Page 3
4 Greynet Greynet term coined in [1] Part of an IDS (Intrusion Detection System) Not a user installed, unauthorised application on a network host We mean Distributed edge network darknet Ok... What's a darknet? [1] W.Harrop, G.Armitage "Defining and Evaluating Greynets (Sparse Darknets)," IEEE 30th Conference on Local Computer Networks (LCN 2005) Sydney, Australia, November, [email protected] August 22th, 2008 Page 4
5 Darknet (Network Telescope or Internet Motion Sensor) Not a private clandestine content distribution network Large contiguous chunk of (spare) IP address space At least a /24... but a /8 is better... Routed but otherwise unused - Dark No legitimate packets should be seen Automated malware (and the people who act like malware) will still send packets into this space in the search for hosts to defile [email protected] August 22th, 2008 Page 5
6 Darknet (2) Passively watch for these incoming packets Monitor the wider Internet for - Network scans (Malware activity) Internet backscatter (who's being DoSed?) SYNs (forged src address) SYN/ACKs Attacker(s) Victim Darknet [email protected] August 22th, 2008 Page 6
7 Greynet Distributed edge network darknet Make the darknet look 'inwards' Place the darknet inside your network Not many can afford an entire /24 for a darknet so... Put darknet hosts among 'regular' 'lit' network hosts Network scans find a greynet hard to avoid Normal Host Greynet Network Greynet Listener Host Spare IP address [email protected] August 22th, 2008 Page 7
8 Greynet (2) From the packets that come to the greynet you now know: Who's doing scanning inside my network? Who's infected with malware? What type of malware might be inferred from ports used and the scanning pattern August 22th, 2008 Page 8
9 Implementation Greynet monitoring host VLAN 10 VLAN 11 VLAN x Logical network layer view [email protected] August 22th, 2008 Page 9
10 Implementation For the service provider : Make the greynet hosts only sensitive to locally sourced traffic Track break-in attempts by customers Inform users of their infections Use on your own enterprise network Automatically send alerts Or you could visualise the data coming out... hmmm... [email protected] August 22th, 2008 Page 10
11 greynetd Coming soon... FreeBSD package Ease greynet implementation & deployment Stir together a FreeBSD machine & VLAN trunk DHCP integration SNMP monitoring interface Web interface for setup and control Demo... [email protected] August 22th, 2008 Page 11
12 Visualisation and Control PhD work Made possible in part by a grant from Cisco Cisco University Research Program Fund (URP) [email protected] August 22th, 2008 Page 12
13 The problem Monitoring of the many distinct, black boxes that make up a modern IP network Hard to do. The interpretation of the raw data gathered in the previous step Hard to do. Implementing a solution back onto the multiple, distinct boxes that make up the network Hard to do. Trained professionals required to perform this work [email protected] August 22th, 2008 Page 13
14 Can we? Lower the skills required to make a positive contribution to the monitoring, diagnosing and controlling of an IP network Let junior admins lend a helping hand Train them quicker Help you see the thing you didn't know you didn't know by... Creating suitably high-level, interactive and realtime abstractions and visualisations [email protected] August 22th, 2008 Page 14
15 L3DGE project L3DGE Leveraging 3D Game Engines Not a product active research (Not to say we wont take your money) [email protected] August 22th, 2008 Page 15
16 L3DGE 3D world, data visualisation and control tool Based on 'OpenArena' Based on Quake III Arena Modular design Developed to monitor data networks (in real-time) But not limited to this Lucas Parry 12 months of development August 22th, 2008 Page 16
17 L3DGE Monitored systems are represented by in-world entities Entity attributes (spin rate, colour... etc. ) are tied to monitored real-world metrics Viewer sees multiple metrics concurrently Multiple viewers in-world In-world interactions translated into external actions Basic permissions system implemented [email protected] August 22th, 2008 Page 17
18 L3DGE Released - GPL Input, output abstractions layers Binary versions for Windows, FreeBSD, Linux and Mac OS X [email protected] August 22th, 2008 Page 18
19 How does it work? 3D Game Clients System collaborators as players Network 3D Game Engine Server (Keeps 'world' state) Monitored systems (packets, netflow, SNMP, etc) Input Abstraction Layer Output Abstraction Layer External control commands (ACLs, etc) August 22th, 2008 Page 19
20 Why use a game engine? Advanced graphics ability and 3D rendering Collaboration Interaction Real-time optimised code Proven (defacto) world navigation system Human spatial senses leveraged Detection of anomalies with human pattern recognition Allowing for simplified presentation of complicated ( non-physical ) systems [email protected] August 22th, 2008 Page 20
21 L3DGE software Precursor LTMON L3DGE Traffic Monitor by Alex Shoolman (Released January 2007) L3DGEWorld 2.3 by Lucas Parry (Released December 2007) Using the L3DGE engine: LupsMON 0.2 by Michael Allen (Released May 2008) (L3DGEWorld Uninterruptible Power Supply Monitoring) LCMON 1.1 by Carl Javier and Adam Black (Released December 2007) (L3DGEWorld Cluster-node Monitoring) August 22th, 2008 Page 21
22 LTMON August 22th, 2008 Page 22
23 August 22th, 2008 Page 23
24 LCMON Demo August 22th, 2008 Page 24
25 LupsMON August 22th, 2008 Page 25
26 L3DGE in the 'media' The Age Physical Online August 22th, 2008 Page 26
27 L3DGE in the 'media' (2) August 22th, 2008 Page 27
28 L3DGE in the 'media' (3) August 22th, 2008 Page 28
29 L3DGE in the 'media' (4) and blogging leads to... August 22th, 2008 Page 29
30 Future work Speculative research years of life span Community contributions...? Long term Change of game engine Some advanced features to negate having to leave the world Eg. ssh in-world And...and...and... August 22th, 2008 Page 30
31 Conclusion Reintroduced a greynet Introduced greynetd L3DGE Leveraging 3D Game Engines L3DGEWorld LCMON Super cluster monitoring LUPSMON UPS monitoring Future work Thank you [email protected] August 22th, 2008 Page 31
LCMON Network Traffic Analysis
LCMON Network Traffic Analysis Adam Black Centre for Advanced Internet Architectures, Technical Report 79A Swinburne University of Technology Melbourne, Australia [email protected] Abstract The Swinburne
PROFESSIONAL SECURITY SYSTEMS
PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security
Secure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
The SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
ForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
Intrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS) What are They and How do They Work? By Wayne T Work Security Gauntlet Consulting 56 Applewood Lane Naugatuck, CT 06770 203.217.5004 Page 1 6/12/2003 1. Introduction Intrusion
Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík
Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík {celeda velan jirsik}@ics.muni.cz Part I Introduction P. Čeleda et al. Network Security Monitoring and Behavior
INTRODUCTION TO FIREWALL SECURITY
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
Introduction of Intrusion Detection Systems
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
Monitoring VMware ESX Virtual Switches
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
Security Incident Management Essentials Compiled as a service to the community by Internet2, EDUCAUSE, and REN-ISAC
Compiled as a service to the community by Internet2, EDUCAUSE, and REN-ISAC Background and Overview The Computer Security Incidents Internet2 (CSI2) working group organizes activities to better identify
A LITERATURE REVIEW OF NETWORK MONITORING THROUGH VISUALISATION AND THE INETVIS TOOL
A LITERATURE REVIEW OF NETWORK MONITORING THROUGH VISUALISATION AND THE INETVIS TOOL Christopher Schwagele Supervisor: Barry Irwin Computer Science Department, Rhodes University 29 July 2010 Abstract Network
6.0. Getting Started Guide
6.0 Getting Started Guide Netmon Getting Started Guide 2 Contents Contents... 2 Appliance Installation... 3 IP Address Assignment (Optional)... 3 Logging In For the First Time... 5 Initial Setup... 6 License
Network Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
Study of Network Performance Monitoring Tools-SNMP
310 Study of Network Performance Monitoring Tools-SNMP Mr. G.S. Nagaraja, Ranjana R.Chittal, Kamod Kumar Summary Computer networks have influenced the software industry by providing enormous resources
Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)
Cisco Certified Network Associate Exam Exam Number 200-120 CCNA Associated Certifications CCNA Routing and Switching Operation of IP Data Networks Operation of IP Data Networks Recognize the purpose and
Network Management Deployment Guide
Smart Business Architecture Borderless Networks for Midsized organizations Network Management Deployment Guide Revision: H1CY10 Cisco Smart Business Architecture Borderless Networks for Midsized organizations
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates
DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT
DDoS Protection How Cisco IT Protects Against Distributed Denial of Service Attacks A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge: Prevent low-bandwidth DDoS attacks coming from a broad
Lab Objectives & Turn In
Firewall Lab This lab will apply several theories discussed throughout the networking series. The routing, installing/configuring DHCP, and setting up the services is already done. All that is left for
nfdump and NfSen 18 th Annual FIRST Conference June 25-30, 2006 Baltimore Peter Haag 2006 SWITCH
18 th Annual FIRST Conference June 25-30, 2006 Baltimore Peter Haag 2006 SWITCH Some operational questions, popping up now and then: Do you see this peek on port 445 as well? What caused this peek on your
Intro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved.
Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security
Instructions for Access to Summary Traffic Data by GÉANT Partners and other Organisations
Contract Number: IST-2000-26417 Project Title: Deliverable D8 : Instructions for Access to Summary Traffic Data by GÉANT Partners and other Organisations Contractual Date: 31 May 2002 Actual Date: 14 August
Cisco Nexus 1000V Switch for Microsoft Hyper-V
Data Sheet Cisco Nexus 1000V Switch for Microsoft Hyper-V Product Overview Cisco Nexus 1000V Switches provide a comprehensive and extensible architectural platform for virtual machine and cloud networking.
Recommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 [email protected] This Page Intentionally Left Blank ii Warnings
CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY
CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY CISCO INFORMATION TECHNOLOGY SEPTEMBER 2004 1 Overview Challenge To troubleshoot capacity and quality problems and to understand
An Open Source IPS. IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan
An Open Source IPS IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan Introduction IPS or Intrusion Prevention System Uses a NIDS or Network Intrusion Detection System Includes
COUNTERSNIPE WWW.COUNTERSNIPE.COM
COUNTERSNIPE WWW.COUNTERSNIPE.COM COUNTERSNIPE SYSTEMS LLC RELEASE 7.0 CounterSnipe s version 7.0 is their next major release and includes a completely new IDS/IPS leveraging high performance scalability
Second-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. [email protected] Abstract Honeypots are security resources which trap malicious activities, so they
Chapter 11 Cloud Application Development
Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How
Configuring and Managing Token Ring Switches Using Cisco s Network Management Products
Configuring and Managing Token Ring Switches Using Cisco s Network Management Products CHAPTER 12 Cisco offers several network management applications that you can use to manage your Catalyst Token Ring
RAVEN, Network Security and Health for the Enterprise
RAVEN, Network Security and Health for the Enterprise The Promia RAVEN is a hardened Security Information and Event Management (SIEM) solution further providing network health, and interactive visualizations
PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example
PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example Document ID: 77869 Contents Introduction Prerequisites Requirements Components Used Related Products
D. Grzetich 6/26/2013. The Problem We Face Today
Ideas on Using Asset Criticality Inference (ACI) Through Gathering and Processing of Asset Contextual Utilizing Analytical Models and Processing Rules D. Grzetich 6/26/2013 The Problem We Face Today Security
plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels
Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to
Recommendations for Network Traffic Analysis Using the NetFlow Protocol Best Practice Document
Recommendations for Network Traffic Analysis Using the NetFlow Protocol Best Practice Document Produced by AMRES NMS Group (AMRES BPD 104) Author: Ivan Ivanović November 2011 TERENA 2010. All rights reserved.
Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
Traffic Monitoring : Experience
Traffic Monitoring : Experience Objectives Lebah Net To understand who and/or what the threats are To understand attacker operation Originating Host Motives (purpose of access) Tools and Techniques Who
Maximize Network Visibility with NetFlow Technology. Andy Wilson Senior Systems Engineer Lancope
Maximize Network Visibility with NetFlow Technology Andy Wilson Senior Systems Engineer Lancope Agenda What is NetFlow Introduction to NetFlow NetFlow Examples NetFlow in Action Network Operations User
ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0
ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Introduction to Network Security
Richard Bejtlich [email protected] www.taosecurity.com / taosecurity.blogspot.com BSDCan 14 May 04
Network Security Monitoring with Sguil Richard Bejtlich [email protected] www.taosecurity.com / taosecurity.blogspot.com BSDCan 14 May 04 Overview Introduction to NSM The competition (ACID, etc.)
Securing end devices
Securing end devices Securing the network edge is already covered. Infrastructure devices in the LAN Workstations Servers IP phones Access points Storage area networking (SAN) devices. Endpoint Security
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
s@lm@n CompTIA Exam N10-006 CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ]
s@lm@n CompTIA Exam N10-006 CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ] Topic break down Topic No. of Questions Topic 1: Network Architecture 183 Topic 2: Network Operations 149
Detecting Botnets with NetFlow
Detecting Botnets with NetFlow V. Krmíček, T. Plesník {vojtec plesnik}@ics.muni.cz FloCon 2011, January 12, Salt Lake City, Utah Presentation Outline NetFlow Monitoring at MU Chuck Norris Botnet in a Nutshell
How To Learn Cisco Cisco Ios And Cisco Vlan
Interconnecting Cisco Networking Devices: Accelerated Course CCNAX v2.0; 5 Days, Instructor-led Course Description Interconnecting Cisco Networking Devices: Accelerated (CCNAX) v2.0 is a 60-hour instructor-led
Network Monitoring Comparison
Network Monitoring Comparison vs Network Monitoring is essential for every network administrator. It determines how effective your IT team is at solving problems or even completely eliminating them. Even
When Recognition Matters THE COMPARISON OF PROGRAMS FOR NETWORK MONITORING. www.pecb.com
When Recognition Matters THE COMPARISON OF PROGRAMS FOR NETWORK MONITORING www.pecb.com Imagine a working environment comprised of a number of switches, routers, some terminals and file servers. Network
AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide
AlienVault Unified Security Management (USM) 4.x-5.x Deployment Planning Guide USM 4.x-5.x Deployment Planning Guide, rev. 1 Copyright AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
Cisco IPS 4200 Series Sensors
Cisco IPS 4200 Series Sensors In today s busy network environments, business continuity relies on effective network intrusion prevention to stop malicious attacks, worms, and application abuse before they
Cisco Certified Security Professional (CCSP)
529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Security Professional (CCSP) Program Summary This instructor- led program with a combination
Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.
Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects
Unified network traffic monitoring for physical and VMware environments
Unified network traffic monitoring for physical and VMware environments Applications and servers hosted in a virtual environment have the same network monitoring requirements as applications and servers
SANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
Technical Note. ForeScout CounterACT: Virtual Firewall
ForeScout CounterACT: Contents Introduction... 3 What is the vfw?.... 3 Technically, How Does vfw Work?.... 4 How Does vfw Compare to a Real Firewall?.... 4 How Does vfw Compare to other Blocking Methods?...
AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard
AlienVault Unified Security Management (USM) 5.1 Running the Getting Started Wizard USM v5.1 Running the Getting Started Wizard, rev. 2 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault
642 523 Securing Networks with PIX and ASA
642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall
The ntop Project: Open Source Network Monitoring
The ntop Project: Open Source Network Monitoring Luca Deri 1 Agenda 1. What can ntop do for me? 2. ntop and network security 3. Integration with commercial protocols 4. Embedding ntop 5. Work in
IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令
IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令 1 内 容 流 量 分 析 简 介 IPv6 下 的 新 问 题 和 挑 战 协 议 格 式 变 更 用 户 行 为 特 征 变 更 安 全 问 题 演 化 流 量 导 出 手 段 变 化 设 备 参 考 配 置 流 量 工 具 总 结 2 流 量 分 析 简 介 流 量 分 析 目 标 who, what, where,
Cisco IPS Tuning Overview
Cisco IPS Tuning Overview Overview Increasingly sophisticated attacks on business networks can impede business productivity, obstruct access to applications and resources, and significantly disrupt communications.
DDoS Attacks. An open-source recipe to improve fast detection and automate mitigation techniques
DDoS Attacks An open-source recipe to improve fast detection and automate mitigation techniques Vicente De Luca Sr. Network Engineer [email protected] AS21880 / AS61186 Introduction Tentative to solve:
GMI CLOUD SERVICES. GMI Business Services To Be Migrated: Deployment, Migration, Security, Management
GMI CLOUD SERVICES Deployment, Migration, Security, Management SOLUTION OVERVIEW BUSINESS SERVICES CLOUD MIGRATION Founded in 1983, General Microsystems Inc. (GMI) is a holistic provider of product and
ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.
ICND2 NetFlow Question 1 What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring B. Network Planning C. Security Analysis D. Accounting/Billing Answer: A C D NetFlow
Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment
Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment Introduction 1 Distributed SCADA security 2 Radiflow Defense-in-Depth tool-set 4 Network Access
The Purview Solution Integration With Splunk
The Purview Solution Integration With Splunk Integrating Application Management and Business Analytics With Other IT Management Systems A SOLUTION WHITE PAPER WHITE PAPER Introduction Purview Integration
Strategies to Protect Against Distributed Denial of Service (DD
Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics
IDS Categories. Sensor Types Host-based (HIDS) sensors collect data from hosts for
Intrusion Detection Intrusion Detection Security Intrusion: a security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts
OpenWIPS-ng A modular and Open source WIPS. Thomas d Otreppe, Author of Aircrack-ng
OpenWIPS-ng A modular and Open source WIPS Thomas d Otreppe, Author of Aircrack-ng 1 Agenda What is OpenWIPS-ng? Origin Architecture Internal design Release plan Demo ~# whoami Author of Aircrack-ng and
The Basics. Configuring Campus Switches to Support Voice
Configuring Campus Switches to Support Voice BCMSN Module 7 1 The Basics VoIP is a technology that digitizes sound, divides that sound into packets, and transmits those packets over an IP network. VoIP
Flow Analysis Versus Packet Analysis. What Should You Choose?
Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation
100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)
100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1) Course Overview This course provides students with the knowledge and skills to implement and support a small switched and routed network.
Cisco NetFlow Generation Appliance (NGA) 3140
Q&A Cisco NetFlow Generation Appliance (NGA) 3140 General Overview Q. What is Cisco NetFlow Generation Appliance (NGA) 3140? A. Cisco NetFlow Generation Appliance 3140 is purpose-built, high-performance
Critical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC [email protected] @mcncsecurity on Twitter The Critical Security Controls The Critical Security
By Jascha Wanger ([email protected]) ([email protected])
Managing Data Center Functions with Open Source Tools By Jascha Wanger ([email protected]) ([email protected]) Outline Firewalls IDS (Intrusion Detection) Monitoring/Administration Auditing
Netflow Collection with AlienVault Alienvault 2013
Netflow Collection with AlienVault Alienvault 2013 CONFIGURE Configuring NetFlow Capture of TCP/IP Traffic from an AlienVault Sensor or Remote Hardware Level: Beginner to Intermediate Netflow Collection
CCT vs. CCENT Skill Set Comparison
Operation of IP Data Networks Recognize the purpose and functions of various network devices such as Routers, Switches, Bridges and Hubs Select the components required to meet a given network specification
Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University
Module II. Internet Security Chapter 7 Intrusion Detection Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 7.1 Threats to Computer System 7.2 Process of Intrusions
Implementing Cisco IOS Network Security
Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles
CSCI 4250/6250 Fall 2015 Computer and Networks Security
CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP
Network Defense Tools
Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds [email protected] What is Firewall? A firewall
"Charting the Course...
Description "Charting the Course... Course Summary Interconnecting Cisco Networking Devices: Accelerated (CCNAX), is a course consisting of ICND1 and ICND2 content in its entirety, but with the content
Interconnecting Cisco Network Devices 1 Course, Class Outline
www.etidaho.com (208) 327-0768 Interconnecting Cisco Network Devices 1 Course, Class Outline 5 Days Interconnecting Cisco Networking Devices, Part 1 (ICND1) v2.0 is a five-day, instructorled training course
Service Description DDoS Mitigation Service
Service Description DDoS Mitigation Service Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK Tel: +800 4683 7681 Email: [email protected] Contents Contents 1 Introduction...3 2 An Overview...3
How Cisco IT Protects Against Distributed Denial of Service Attacks
How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN
How To Extend Security Policies To Public Clouds
What You Will Learn Public sector organizations without the budget to build a private cloud can consider public cloud services. The drawback until now has been tenants limited ability to implement their
with NetFlow Technology Adam Powers Chief Technology Officer [email protected]
Maximize Network Visibility with NetFlow Technology Adam Powers Chief Technology Officer [email protected] www.lancope.com com Agenda What is NetFlow h Introduction to NetFlow h NetFlow Examples NtFl
Tue Apr 19 11:03:19 PDT 2005 by Andrew Gristina thanks to Luca Deri and the ntop team
Tue Apr 19 11:03:19 PDT 2005 by Andrew Gristina thanks to Luca Deri and the ntop team This document specifically addresses a subset of interesting netflow export situations to an ntop netflow collector
SEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID
SEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID ZBIGNIEW KALBARCZYK EMAIL: [email protected] UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN JANUARY 2014
How To Manage Sourcefire From A Command Console
Sourcefire TM Sourcefire Capabilities Store up to 100,000,000 security & host events, including packet data Centralized policy & sensor management Centralized audit logging of configuration & security
WhatsUpGold. v3.0. WhatsConnected User Guide
WhatsUpGold v3.0 WhatsConnected User Guide Contents CHAPTER 1 Welcome to WhatsConnected Finding more information and updates... 2 Sending feedback... 3 CHAPTER 2 Installing and Configuring WhatsConnected
