and InMon Traffic Sentinel



Similar documents
Traffic Monitoring using sflow

Traffic Management for the Enterprise

Flow Analysis. Make A Right Policy for Your Network. GenieNRM

Cisco IOS Flexible NetFlow Technology

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

NetFlow/IPFIX Various Thoughts

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com

Maximize Network Visibility with NetFlow Technology. Andy Wilson Senior Systems Engineer Lancope

Classic IOS Firewall using CBACs Cisco and/or its affiliates. All rights reserved. 1

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Introduction to Cisco IOS Flexible NetFlow

with NetFlow Technology Adam Powers Chief Technology Officer

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

SSVP SIP School VoIP Professional Certification

Dynamic Rule Based Traffic Analysis in NIDS

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Network Security Management

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

Whitepaper. 10 Metrics to Monitor in the LTE Network. blog.sevone.com

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Flow Analysis Versus Packet Analysis. What Should You Choose?

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY

CTS2134 Introduction to Networking. Module Network Security

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令

Course Title: Penetration Testing: Security Analysis

INTRUSION DETECTION SYSTEMS and Network Security

Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial

Edge Configuration Series Reporting Overview

OpenFlow and Onix. OpenFlow: Enabling Innovation in Campus Networks. The Problem. We also want. How to run experiments in campus networks?

When Recognition Matters THE COMPARISON OF PROGRAMS FOR NETWORK MONITORING.

Firewall Firewall August, 2003

SSVVP SIP School VVoIP Professional Certification

Vulnerabili3es and A7acks

What would you like to protect?

CiscoWorks Internetwork Performance Monitor 4.0

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Cisco Network Analysis Module Software 4.0

8.2 The Internet Protocol

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Traffic Monitoring : Experience

10 METRICS TO MONITOR IN THE LTE NETWORK. [ WhitePaper ]

Brocade sflow for Network Traffic Monitoring

Plugging Network Security Holes using NetFlow. Loopholes in todays network security solutions and how NetFlow can help

OpenFlow: Enabling Innovation in Campus Networks

Linux Network Security

Using IEEE 802.1x to Enhance Network Security

OpenFlow and Software Defined Networking presented by Greg Ferro. OpenFlow Functions and Flow Tables

Transport and Network Layer

Internet Infrastructure Measurement: Challenges and Tools

Firewalls and Intrusion Detection

Networking 4 Voice and Video over IP (VVoIP)

VOICE OVER IP AND NETWORK CONVERGENCE

Securing SIP Trunks APPLICATION NOTE.

Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions

Intrusion Detection Categories (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

Security Toolsets for ISP Defense

The ntop Project: Open Source Network Monitoring

DDoS Mitigation Techniques

IPv6 SECURITY. May The Government of the Hong Kong Special Administrative Region

Chapter 11 Cloud Application Development

Avaya ExpertNet Lite Assessment Tool

Firewall Defaults and Some Basic Rules

Best Practices for Securing IP Telephony

NetFlow The De Facto Standard for Traffic Analytics

Technical Support Information Belkin internal use only

Network Instruments white paper

Security Technology White Paper

12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028

Deployment of Snort IDS in SIP based VoIP environments

Service Description DDoS Mitigation Service

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Lecture Computer Networks

IP address format: Dotted decimal notation:

8. Firewall Design & Implementation

Domain 5.0: Network Tools

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

SonicWALL Unified Threat Management. Alvin Mann April 2009

Analyzed compe.tors Cisco RadWare Top Layer RioRey IntruGuard. January Cristian Velciov. (+40)

Intrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS)

and reporting Slavko Gajin

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

(MPLS) MultiProtocol Labling Switching. Software Engineering 4C03 Computer Network & Computer Security Dr. Kartik Krishnan Winter 2004.

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Snort Installation - Ubuntu FEUP. SSI - ProDEI Paulo Neto and Rui Chilro. December 7, 2010

CS 457 Lecture 19 Global Internet - BGP. Fall 2011

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Advanced Software Engineering. Lecture 8: Data Center by Prof. Harold Liu

Enhancing Flow Based Network Monitoring

Transcription:

Netzwerkkonzept Informationsveranstaltung am 03.07.2007 Im Bristol Hotel Mainz Ideen zum Netzwerkdesign - Switching -WLAN - Security - VoIP Datum: 03.07.2007, Seite: 1 InMon Traffic Sentinel Complete network visibility and control with and InMon Traffic Sentinel Datum: 03.07.2007, Seite: 2 Seite 1

Network management without visibility control decisions based on guesswork guess experiment Run around with a protocol analyser during an emergency Delayed control decisions based on partial data Business productivity impacted by slow resolution to network problems Untargeted reactive controls cause significant business impact Labour intensive resolutions = high cost Datum: 03.07.2007, Seite: 3 The industry standard for monitoring traffic in complex, multi-layer switched and routed networks intranet internet central mgmt core dc distribution wired edge Measurements from every port, all of the time = network-wide visibility Effective controls to ensure high performance and reliable networks Datum: 03.07.2007, Seite: 4 Seite 2

in operation Switch/Router Datagram forwarding tables interface counters Switching ASIC agent 1 in N sampling packet header src/dst i/f sampling parms forwarding user ID URL i/f counters eg 128B rate pool src 802.1p/Q dst 802.1p/Q next hop src/dst mask AS path communities localpref MPLS src/dst Radius TACACS InMon Traffic Sentinel Collector & Analyser Datum: 03.07.2007, Seite: 5 Network-wide visibility all of the time Collector/Analyzer Eg InMon Traffic Sentinel Always-on, real-time measurements from every port sent to a single collector forms central, network-wide view Control decisions that ensure high performance and reliable networks Datum: 03.07.2007, Seite: 6 Seite 3

Traffic Sentinel detecting and controlling threats Identify security threats Suspicious and anomalous behaviour Network intrusions Policy violation Unauthorised traffic Scans DoS ARP storms Ensure quality of service of VoIP in converged networks Troubleshoot network and application problems Why is the network is slow? Pinpoint congestion Account for traffic and chargeback to discourage misuse Optimise BGP peering Manage multicast traffic Analyse trends in usage for network planning Datum: 03.07.2007, Seite: 7 Firewall, IDS necessary for perimeter defence but Rules not installed for zero day attacks email, web, plugins not blocked Insecure or unauthorized wireless access Infected hosts brought in from outside Unauthorised access to servers Perimeter protection may be breached or evaded Cannot rely on integrity of or access to end hosts Datum: 03.07.2007, Seite: 8 Seite 4

and Traffic Sentinel detects internal security threats Traffic Sentinel Continuous, network-wide monitoring with immediately detects anomalous behavior and threat signatures from the inside Datum: 03.07.2007, Seite: 9 Security in depth Alert on anomalous host behaviour: This host appears to have been compromised Alert on specific signatures: I know that packet should not be on my network Back it up with a detailed traffic history: Who else did he talk to? how much data was transferred? what other services is he running? Datum: 03.07.2007, Seite: 10 Seite 5

Alert on anomalous behaviour: Scanning Security alert raised on detection of anomalous scanning behaviour 172.16.144.52 has been observed connecting to a large number of hosts using TCP ports 445 and 139 Datum: 03.07.2007, Seite: 11 Back it up with detailed traffic history Scanning behavior has been consistent for the last hour. Large number of ICMP destination unreachable messages often associated with scanning Hosts are grouped into security zones. Fan indicates scanning activity contained within single zone Datum: 03.07.2007, Seite: 12 Seite 6

Detect policy violations: Unauthorised NAT device Policy forbids users to attach their own NAT devices, since this could allow unauthorised hosts to obtain unrestricted access to the network Datum: 03.07.2007, Seite: 13 Detection of unauthorised NAT device Detect unauthorised NAT device by correlating TTL values exported in and raise alert Identify NAT device manufacturer by MAC address Identify switch and interface connecting NAT device Datum: 03.07.2007, Seite: 14 Seite 7

Ensure quality of service VoIP is carried by RTP which provides distributed connectivity for load balancing and redundancy. Traffic Sentinel s network-wide monitoring with is uniquely suited to directly identifying QoS problems Datum: 03.07.2007, Seite: 15 Reports identify QoS issues Packet loss is fairly consistent But spike in jitter at 10:35 Problem is confined to Embarcadero zone Datum: 03.07.2007, Seite: 16 Seite 8

Controlling utilisation, error rates and discards Alert on thresholds Pinpoint the problem Identify the cause Datum: 03.07.2007, Seite: 17 More information information http://www.sflow.org Tools supporting InMon Traffic Sentinel, IronView, HP-IUM, HP-OV Performance Insight, GenieNRM, NetScout, Trend. Public Domain tcpdump, snort, ntop, rrdtool, ethereal http://www.inmon.com Products - Product data sheets Technology - Application notes Demo & http://demo.inmon.com - Demo http://www.inmon.com/technology/sflow.php - Open source tool Datum: 03.07.2007, Seite: 18 Seite 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information