Presentation is loading. Please wait.

Presentation is loading. Please wait.

Go Back in Time On Your Network Get Faster Problem Resolution.

Published byAntony Tyler Modified over 8 years ago

Similar presentations

Presentation on theme: "Go Back in Time On Your Network Get Faster Problem Resolution."— Presentation transcript:

1 Go Back in Time On Your Network Get Faster Problem Resolution

2 A typical network day…

3 Traditional Troubleshooting Methodology a)Ignore it, hope the problem goes away b)Check a few network statistics, and then “pull cables” until it seems like the issue has been resolved c)Reallocate analyzer resources to monitor the problem, and hope that the problem happens again so you can investigate. (If the problem does not reappear, see option a)

4 New Methodology – Network Forensics  Forensics is the ability to go back in time and investigate network problems  Retrospective Network Analysis – The technology that allows forensics to happen  RNA eliminates the time-consuming task of having to recreate the issue  Allows IT professionals to go immediately to problem resolution mode

5 What is RNA advantage? Before RNA After RNA

6 Implementing Network Forensics  Network Troubleshooting  Performs root-cause analysis  Allows for historical problem identification  Internal and governmentally mandated compliance  Provides enforcement of acceptable use policies  Helps fight industrial espionage  Assists with Sarbanes Oxley compliance  Security  Provides pre-intrusion tracking and identification  Helps deliver a post-intrusion “paper-trail”

7 Network Troubleshooting

8 Troubleshooting – Why poor call quality?  Helpdesk receives notice of poor call quality from a VoIP user  This issue is sporadic  Aggregate statistics show that overall VoIP quality is high  A quick check shows that while some links have had high utilization, overall network usage appears within the norm

9 Troubleshooting – Why poor call quality?  Timeline  8:45 a.m. – Helpdesk receives call of poor voice quality  9:10 a.m. – After troubleshooting, helpdesk escalates the call to Tier-3 support  9:50 a.m. – Tier-3 investigates the issue, only to find that the problem has disappeared

10 Troubleshooting - Why poor call quality? Isolate the time surrounding the issue

11 Troubleshooting - Why poor call quality? Isolate the user and the specific time frame

12 Troubleshooting - Why poor call quality? Let the Expert do the work

13 Why poor call quality?  RNA demonstrated that VoIP Call Manager’s precedence bit was not configured correctly for that user  RNA tracks not only key applications but VoIP communication

14 Compliance

15 Compliance – Dealing with a policy violation  John has been accused of visiting inappropriate websites during work  With Forensics, we can prove if John is guilty or not  But providing only domain names or URLs is not acceptable according to the HR policy  Offenses must be documented

16 Compliance – Dealing with a policy violation  The Challenge  Traditional methods of tracking web activity only provides domain names and URL  The Solution  RNA and its Stream Reconstruction capability

17 Compliance - Dealing with a policy violation Isolate the time of activity

18 Compliance - Dealing with a policy violation Select the user station(s)

19 Compliance – Use Stream Reconstruction Select the HTML file Display the page the user visited as it appeared

20 Dealing with a policy violation  RNA evidence proves that John has visited prohibited web sites during business hours  IT department can provide HR the evidence they need to make their decision RNA delivers the evidence and proof you need to assist with forensics investigations and to maintain internal and external compliance

21 Security

22 Security Attack Identified  DMZ attacked  IPS detected and repelled these attacks  Unbeknown to the IPS/IDS at the same time a brute force attack got past the VPN  Trojan applications such as remote control utilities and keystroke loggers were installed  Resulted in malicious activity against our internal systems

23 Security – What happened during the attack? Isolate the time frame

24 Security - What happened during the attack? Utilize Snort rules to diagnose the attack

25 Security - What happened during the attack? Identify data accessed during intrusion

26 Security – What happened during the attack? Use MultiHop Analysis to identify every system that was compromised

27 What happened during the attack?  RNA provides the following detail on security attacks  What attacks took place  Which systems were compromised  What data was uploaded or downloaded during the attack  What path the attack took across the network RNA shows security problems in context of all network behavior and activity so you can not only track but resolve the problem

28 Thank you

Download ppt "Go Back in Time On Your Network Get Faster Problem Resolution."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Intelligent Pressure and DMA Management

Intelligent Pressure and DMA Management
Basic Internet Terms Digital Design. Arpanet The first Internet prototype created in 1965 by the Department of Defense.

Basic Internet Terms Digital Design. Arpanet The first Internet prototype created in 1965 by the Department of Defense.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Web Content Control Application Providing Secure & Reliable Internet Access December 2010.

Web Content Control Application Providing Secure & Reliable Internet Access December 2010.
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
Technical Troubleshooting 1. Disclaimer Vendor technology is being shared to illustrate this field and is not an endorsement of the product or vendor.

Technical Troubleshooting 1. Disclaimer Vendor technology is being shared to illustrate this field and is not an endorsement of the product or vendor.
Network Instruments Troubleshooting Techniques. What to look for in network monitoring solutions… Key Elements Real Time Statistics Visual Network Traffic.

Network Instruments Troubleshooting Techniques. What to look for in network monitoring solutions… Key Elements Real Time Statistics Visual Network Traffic.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
Copyright © sFlow.org. 2004 All Rights Reserved sFlow & Benefits Complete Network Visibility and Control You cannot control what you cannot see.

Copyright © sFlow.org All Rights Reserved sFlow & Benefits Complete Network Visibility and Control You cannot control what you cannot see.
Module 20 Troubleshooting Common SQL Server 2008 R2 Administrative Issues.

Module 20 Troubleshooting Common SQL Server 2008 R2 Administrative Issues.
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
Best Practices – Overview

Best Practices – Overview
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.

Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.

Similar presentations

Ads by Google