How To Protect Gante From Attack On A Network With A Network Security System



Similar documents
Anomaly Detection in Backbone Networks: Building A Security Service Upon An Innovative Tool

Firewall on Demand Multidomain

DANCERT RFC2350 Description Date: Dissemination Level:

Security Toolsets for ISP Defense

Service Description DDoS Mitigation Service

A BRAINSTORMING ON SECURITY FIRE DRILLS

RID-DoS: Real-time Inter-network Defense Against Denial of Service Attacks. Kathleen M. Moriarty. MIT Lincoln Laboratory.

Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY

Report of Independent Auditors

Attacks Against the Cloud: A Mitigation Strategy. Cloud Attack Mitigation & Firewall on Demand

Instructions for Access to Summary Traffic Data by GÉANT Partners and other Organisations

NASA Consolidated Active Directory Overview ( August 20, 2012 ) Les Chafin Infrastructure Engineering HPES

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

How To Write A Privacy Policy For Annet Network And Exchange Point (Nnet) Network (Netnet)

How Cisco IT Protects Against Distributed Denial of Service Attacks

Modern Approach to Incident Response: Automated Response Architecture

Server Monitoring: Centralize and Win

GÉANT Open Service Description. High Performance Interconnectivity to Support Advanced Research

How To Stop A Ddos Attack On A Network From Tracing To Source From A Network To A Source Address

DDoS Threat Report. Chris Beal Chief Security Architect on Twitter

Distributed Denial of Service protection

Agenda. NRENs, GARR and GEANT in a nutshell SDN Activities Conclusion. Mauro Campanella Internet Festival, Pisa 9 Oct

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC)

SERVICE LEVEL AGREEMENT

Firewall on Demand User Guide. February 2016

DDOS in academic Networks. Herramientas para la seguridad prevención y mitigación de DDOS. CSUC. 3 de Abril 2014

How To Protect Your Network From Attack From A Hacker On A University Server

Network monitoring and analysis tools:

How To Create A Distributed Virtual Network Control System

CALNET 3 Category 7 Network Based Management Security. Table of Contents

KASPERSKY DDOS PROTECTION. Discover how Kaspersky Lab defends businesses against DDoS attacks

Part I: Overview. Core concepts presented:

BT Assure DoS Mitigation UK

Session 3: IT Infrastructure Security Track ThreatExchange Winning through collaboration. Tomas Sander HP Labs

perfsonar Multi-Domain Monitoring Service Deployment and Support: The LHC-OPN Use Case

SURE 5 Zone DDoS PROTECTION SERVICE

Performing Advanced Incident Response Interactive Exercise

Security Officer: An NREN Secondee Perspective

Operational Experiences with Anomaly Detection in Backbone Networks

Business & Finance Information Security Incident Response Policy

KENET NETWORK INFRASTUCTURE. KENNEDY ASEDA

NFSEN - Update 13th TF-CSIRT Meeting 23. September 2004 Malta Peter Haag

Extreme Networks Security Analytics G2 Risk Manager

NetFlow use cases. ICmyNet / NetVizura. Miloš Zeković, milos.zekovic@soneco.rs. ICmyNet Chief Customer Officer Soneco d.o.o.

Traffic delivery evolution in the Internet ENOG 4 Moscow 23 rd October 2012

Privacy Impact Assessment EINSTEIN Program

An Elastic and Adaptive Anti-DDoS Architecture Based on Big Data Analysis and SDN for Operators

Second-generation (GenII) honeypots

Stop DDoS Attacks in Minutes

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Glasnost or Tyranny? You Can Have Secure and Open Networks!

DDoS Mitigation Strategies

Cisco IOS Flexible NetFlow Technology

IBM QRadar Security Intelligence April 2013

NeMo. Network Monitoring and Bill Reconciliation Analysis

IP TRANSIT SERVICE SCHEDULE - Australia - (Including VOCUS INTERNET EXPRESS)

Application of Netflow logs in Analysis and Detection of DDoS Attacks

Network- vs. Host-based Intrusion Detection

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

The DANTE NOC Network Monitoring System

State of Vermont. Intrusion Detection and Prevention Policy. Date: Approved by: Tom Pelham Policy Number:

#42 D A N T E I N P R I N T. Tackling Network DoS on Transit Networks. David Harmelin

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

E-Guide. Sponsored By:

Introduction of TEIN2 NOC. Jilong Wang

Take the NetFlow Challenge!

MANAGED SECURITY SERVICES : IP AGNOSTIC DDOS AN IP AGNOSTIC APPROACH TO DISTRIBUTED DENIAL OF SERVICE DETECTION AND MITIGATION

THE EVOLUTION OF SIEM

Training objective. Tata Communications IP Network Surveillance & Monitoring Process. TRANSFORMATION SERVICES

ensuring security the way how we do it

Firewall-on-Demand. GRNET s approach to advanced network security services management via bgp flow-spec and NETCONF. Leonidas Poulopoulos

Understanding the Performance Management Process

nfdump and NfSen 18 th Annual FIRST Conference June 25-30, 2006 Baltimore Peter Haag 2006 SWITCH

USM IT Security Council Guide for Security Event Logging. Version 1.1

The University of Information Technology Management System

media network & internet access

THE ROLE OF IDS & ADS IN NETWORK SECURITY

DDoS Overview and Incident Response Guide. July 2014

FORTHcert. Internet-Sicherheit fördern kritische Infrastrukturen schützen. Foundation for Research and Technology Hellas Institute of Computer Science

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

#41 D A N T E I N P R I N T. TEN-155 Multicast: MBGP and MSDP monitoring. Jan Novak Saverio Pangoli

Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.

IBM Security Intelligence Strategy

Tel: Fax: ey.com. Report of Independent Auditors

AMRES NOC Bojan Jakovljević. 8 th TF-NOC meeting, Athens 2013.

and reporting Slavko Gajin

Strategies to Protect Against Distributed Denial of Service (DD

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com

Operational Model for E2E links in the NREN/GÉANT2 and NREN/Cross-Border-Fibre supplied optical platform

Network Visibility Guide

Gaining Operational Efficiencies with the Enterasys S-Series

CWSI Service Definition for Server Monitoring

Mitigating Denial of Service Attacks. Why Crossing Fingers is Not a Strategy

ANATOMY OF A CODE RED II ATTACK

Pacnet Premium Dedicated Internet Access Dedicated Internet Access for Web-Centric Enterprises

Sharing Intelligence is our Best Defense: Cyber Security Today Is a bit Like the Keystone Cops

Centralized Cloud Firewall. Ivan Ivanovic BUCC/AMRES Tbilisi, December 2013.

CISCO IOS NETFLOW AND SECURITY

TELCO challenge: Learning and managing the network behavior

Transcription:

NSHaRP: Network Security Handling and Response Process Wayne Routly, DANTE TF-CSIRT Technical Seminar Malahide.ie, 03 June 2011

Contents GEANT : Who What How GEANT : Security Protecting GEANT Users A Security Conundrum Overflowing with Requirements Early Work.Lots of It A Process is Born A Solution A Look Under the Hood So What Are the Options To Profile or Not to Profile The Process in Action Where Are We Now? Conclusion

GEANT : Who What How State of the Art Pan-European Network..Transit Network.ISP 18 Physical Pops 40 GB links -> 100GB TB of Data shifted 10 million+ IPs >100 Workstations Unusual Traffic Truly Global Interconnects NRENs Commercial & Commodity Traffic

Protecting GEANT Users In an age of ever faster networks, greater connectivity, networks and users are under even greater risk of attack. Network Based Attacks Paypal, VISA Amazon Wikileaks Political Maintain service levels by proactively monitoring and mitigating against potential attacks?

A Security Conundrum How do we notify potential victims / sources & assist in solving those incidents for dozens of situations? # Of EVENTS 3500 3000 2500 2000 1500 1000 500 0 Number of Events Detected - 12 mnts How do we double the number of tickets we can handle without doubling the manpower? Automate it? 300 250 200 150 100 50 0 Attacks where NREN DST - April 2011

Overflowing with Requirements Dozens of ways to report events.. How do we notify potential victims & assist in solving those incidents for dozens of situations? I only want to see events that have a HIGH severity rating I want Information gathering events to be sent to the CERT & my manager I want Denial of Service events sent to the CERT and Network Scan events _ sent to the Security Officer I want evidence of attack to be included for all events I only want to be notified of a maximum of 30 events per week I want to see all events originating from my network I want to see events targeting my network and coming from my network I can only handle 5 incidents per day I only want to be notified of DoS events I want to know what incidents are attacks on my network I need my notifications to be digitally signed

Early work.lots of it Presentations @ TF-CSIRT / TNC / APM Quantitative Cross Comparative Analysis of Tools for Anomaly Detection Anomaly Tool Implementation in GÉANT Anomaly Detection in Backbone Networks: Building a Security Service Upon an Innovative Tool GEANT Access Port Manager (APM) Meetings A dozen internal presentations ;-) Papers Computers & Security / IEEE Operational Experiences with Anomaly Detection in Backbone Networks Poster/Demo - SIGCOMM Towards Automatic Root-Cause Analysis of Network Anomalies using Frequent Itemset Mining

A Process is Born DANTE is rolling out NSHaRP Complete security solution Provides mechanism to quickly and effectively inform affected users Adds Value - Serves as an extension to NRENs CERT An Automated Incident Notification & Handling System Extends NRENs detection and mitigation capability to GEANT borders Innovative and Unique - Caters for different types of requirements Supported with GEANT NOC TTS

A Look Under The Hood Netreflex 2.5 BGP, IS-IS & Netflow Mashup Anomaly Detection & Alerting Ability to create profiles..lots of profiles Expandable Anomaly Type capability Can also be used by the NOC? Service Desk Express Automated GEANT NOC Ticket Creation 2 nd 3 rd Line Support Automated Ticket Closure Modular & Extendable about those profiles.

So what are the options

To Profile or Not to Profile

User Warning POWERPOINT ANIMATION VIEWER DISCRETION IS ADVISED

The Process.In Action NREN A Profile for NREN A Profile for NREN B Profile for Domain A Domain A GÉANT NREN B Usage of GÉANT resources to protect end users Not only a notification system, but a complete security solution

Where Are We Now Development Process Completed Testing in progress Training Next Steps Pilot 2 months (Invitation) Production August 2011 IP Peering Reporting Future enhancements Adding external sources? Correlate multiple events Expanding incident palette Evolution of threats X-ARF?

Conclusions Big.Really Big Network Protect Users - Wikileaks How to cater for user requirements? Can this be automated? I want it my way, oh, and that way as well NSHaRP Network Security Handling & Response Process Pieces that make it all work Netreflex & SDE TTS Profiles, Profiles and even more Profiles Pilot July, Production August Future Work New Anomalies X-ARF

Questions & Answers

Thank-You Thank You Wayne Routly wayne.routly@dante.net Juan Quintanilla Juan.Quintanilla@dante.net

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information