Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification.

Slides:



Advertisements
Similar presentations
NETFLOW & NETWORK-BASED APPLICATION RECOGNITION
Advertisements

Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.
The leader in session border control for trusted, first class interactive communications.
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Point Protection 111. Check List AAA to the Network Devices Controlling Packets Destined to the Network Devices Config Audits.
Cisco Device Hardening Disabling Unused Cisco Router Network Services and Interfaces.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Securing the Router Chris Cunningham.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
2006 Double Shot Security, Inc. All rights reserved 1 Operational Security Current Practices APNIC22 - Kaohsiung, Taiwan Merike Kaeo
Network Management Workshop intERlab at AIT Thailand March 11-15, 2008 Network Operations and Network Management.
1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)
Implementing a Highly Available Network
Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.
1 Finding a Needle in a Haystack: Pinpointing Significant BGP Routing Changes in an IP Network Jian Wu (University of Michigan) Z. Morley Mao (University.
1 Controlling High Bandwidth Aggregates in the Network.
Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932
Monitoring System Monitors Basics Monitor Types Alarms Actions RRD Charts Reports.
COEN 252: Computer Forensics Router Investigation.
Lecture 15 Denial of Service Attacks
Putting the Tools to Work – DDOS Attack 111. DDOS = SLA Violation! ISPCPETarget Hacker What do you tell the Boss? SP’s Operations Teams have found that.
Netflow Overview PacNOG 6 Nadi, Fiji. Agenda Netflow –What it is and how it works –Uses and Applications Vendor Configurations/ Implementation –Cisco.
TUNDRA The Ultimate Netflow Data Realtime Analysis Jeffrey Papen Yahoo! Inc.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. CCNA ACLs Deepdive February, 2012 Jaskaran Kalsi Assoc. Technical Manager.
Edge Protection 111. The Old World: Network Edge Core routers individually secured Every router accessible from outside “outside” Core telnet snmp.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
NetfFow Overview SANOG 17 Colombo, Sri Lanka. Agenda Netflow –What it is and how it works –Uses and Applications Vendor Configurations/ Implementation.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.
1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 4 Routing Fundamentals and Subnets/ TCP/IP Transport and Application Layers.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Oppenheimer.
workshop eugene, oregon What is network management? System & Service monitoring  Reachability, availability Resource measurement/monitoring.
Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos.
24/10/2015draft-novak-bmwg-ipflow-meth- 03.txt 1 IP Flow Information Accounting and Export Benchmarking Methodology
Use cases Navigation Problem notification Problem analysis.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Part V: Monitoring Campus Networks.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2004 AARNet Pty Ltd Measurement in aarnet3 4 July 2004.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.
Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.
Open-Eye Georgios Androulidakis National Technical University of Athens.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
Network Sniffer Anuj Shah Advisor: Dr. Chung-E Wang Department of Computer Science.
Network Layer by peterl. forwarding table routing protocols path selection RIP, OSPF, BGP IP protocol addressing conventions datagram format packet handling.
CCDA DESCRIBE THE METHODOLOGY USED TO DESIGN A NETWORK.
Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists.
S7C7 – Multilayer Switching Design and Configuration.
Security Management Process 1. six-stage security operations model 2 In large networks, the potential for attacks exists at multiple points. It is suggested.
Net Flow Network Protocol Presented By : Arslan Qamar.
Access Control Lists (ACL). Access-List Overview 4 A Filter through which all traffic must pass 4 Used to Permit or Deny Access to Network 4 Provides.
Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://
Network Management CCNA 4 Chapter 7. Monitoring the Network Connection monitoring takes place every day when users log on Ping only shows that the connection.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
The New Policy for Enterprise Networking Robert Bays Chief Scientist June 2002.
NetVizura A network traffic analysis tool. Agenda Why NetVizura is needed How NetVizura works Where NetVizura is deployed Use cases.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
Application Protocol - Network Link Utilization Capability: Identify network usage by aggregating application protocol traffic as collected by a traffic.
Instructor Materials Chapter 5: Network Security and Monitoring
Jian Wu (University of Michigan)
Network Operations and Network Management
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Chapter 6: Network Layer
Introducing ACL Operation
Chapter 4: Access Control Lists (ACLs)
Chapter 8: Monitoring the Network
Session 3 Response Measure
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Presentation transcript:

Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification

Identifying an Attack

Identification Tools

Network Benchmark Parameter

Device Status  CPU  Memory  Temperature

CPU Load

Abnormal CPU Load

Identifying an Attack through CPU Load

Temperature

Traffic Analysis  Technology (Netflow & Sniffer)  Layer 3 or 4 based  Application based

Netflow Detect & Affirm

Use Netflow

Detect DoS

Example

Layer 3 or 4 TOP N  IP address based  Protocol based  Port based  Packet Size based  AS based

Index

overview Normalin/Normalout Spoofin/Spoofout Bandwidth 、 PPS and Packet Size

Traffic Statistics Picture According to bandwidth bandwidth 、 packet size and PPS According to direction normalin/normalout spoofin/spoofout According to time 4 hours , 2 days , 1 week , 2 months max , min , average , now

Traffic Statistics Picture (overview)

Traffic Statistics

IP TOP 20 Order by source/destination address Order by source  destination peer Order by bandwidth and PPS

Traffic Analyse (TOP20)

Packet size TOP20 Order by bandwidth 、 PPS

Port Distribution TOP20 Order by sour/dest port summary Order by sour/dest port direction Order by bandwidth and pps

Port distribution TOP20

Protocol statistic TOP20 According to protocol normalin 、 normalout 、 spoofin and spoofout Order by bandwidth and pps

Protocol Statistic TOP20

Protocol Picture According to bandwidth and pps According to type TCP UDP ICMP According to time 4hours , 2day , 1week , 2month Max, min, average, now

Protocol (TCP UDP ICMP) Statistics Overview

Protocol (TCP UDP ICMP) Statistics

AS Statistic TOP20 According to direction normalin 、 normalout 、 spoofin and spoofout According to bandwidth and pps

AS Statistic TOP20

Abnormal Traffic Query System

Routing Protocol Status  Route Entries  Routing Protocol Stability

Route Monitoring

Routing (BGP summary)

Routing Monitoring

BGP Statistics

BGP Monitoring (TEIN2-NORTH)

BGP Monitoring (TEIN2-SOUTH)

BGP Monitoring (TEIN2-JP)

AS Path Entries

Community Entries

IPv4 Prefix

IPv6 Prefix

Route Flapping Top 20 No.PREFIXASOscillation / / / / / / / / / / / / / / / / / / / / No.ASOscillation

IPv6 Route Flapping Top 10 No.PREFIXAS Oscillat ion 12001:4c00::/ :1a70::/ :1410::/ :4b58::/ :1b20::/ :a98::/ :720::/ :4170::/ :778::/ :1a18::/ No.ASOscillation

AAA & Log Audit  Account  SYSLOG  Log audit tools

Configuring Syslog on a router

Configuration change notification and logging

Log skill

SNMP Authentication Failure via SYSLOG

Classification Objectives

Classification ACLs

Classification and Traceback ACLs

Classification ACLs - Hints

Netflow Classification Technique

show ip cache flow

show ip cache verbose flow

Sink Hole – How to Classify?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.