Presentation is loading. Please wait.

Presentation is loading. Please wait.

MONITORING TOOLS Open Source Security Tools to monitor your network.

Published byMalcolm Johns Modified over 9 years ago

Similar presentations

Presentation on theme: "MONITORING TOOLS Open Source Security Tools to monitor your network."— Presentation transcript:

1 MONITORING TOOLS Open Source Security Tools to monitor your network

2 DEFINITION Monitoring is defined as "observing and analyzing the status and behavior of the network, which involves end systems, intermediate systems and the core network. By monitoring a network the management entity can get the static, dynamic and statistical information of the network."

3 NAGIOS WHY? Offers monitoring and alerting capability for servers, switches, applications, and services Offers monitoring and alerting capability for servers, switches, applications, and services Very flexible in integrating with other third party programs Very flexible in integrating with other third party programs Many free plugins already developed by companies Many free plugins already developed by companiesplugins

4 NAGIOS REALLY A SECURITY TOOL? Can be compared as a policemen who does round-the-clock patrols “ISPs claim heightened awareness and vigorous monitoring have helped reduce damage”

5 NAGIOS ADD-ONS Other projects extend the core functionality provided with a basic Nagios install NSTI + SNMPTT - For managing SNMP traps and receiving alerts NSTI + SNMPTT - For managing SNMP traps and receiving alerts NSTISNMPTT NSTISNMPTT NagVis - A visualization program that can be used to visualize data NagVis - A visualization program that can be used to visualize data NagVis NagiosQL - A web based administration tool that helps you to easily build, manage, and use a complex configuration with all options enabled NagiosQL - A web based administration tool that helps you to easily build, manage, and use a complex configuration with all options enabled NagiosQL BPI - An advanced grouping tool that allows you to define more complex dependencies for determining groups states BPI - An advanced grouping tool that allows you to define more complex dependencies for determining groups states BPI

6 CACTI WHY? Provides performance measurement and advanced data acquisition methods Provides performance measurement and advanced data acquisition methods Many flexible graph templates already available Many flexible graph templates already available Keeps historical data collection for a long period of time Keeps historical data collection for a long period of time Little overhead and keeps storage requirements extremely low Little overhead and keeps storage requirements extremely low

7 CACTI ADD-ONS Other plugins extend the core functionality provided by a basic Cacti installation Other plugins extend the core functionality provided by a basic Cacti installation Thold - A threshold Alert Module Thold - A threshold Alert Module Thold Nectar - Plugin to send Graphs and Text to specified mail address(es) Nectar - Plugin to send Graphs and Text to specified mail address(es) Nectar Discovery - Adds auto host discovery to the software Discovery - Adds auto host discovery to the software Discovery Cycle - Automatically cycles through graphs Cycle - Automatically cycles through graphs Cycle Boost - A large Site Performance Booster Boost - A large Site Performance Booster Boost

8 SNORT WHY? Offers a network intrusion prevention and detection system (IDS/IPS) Offers a network intrusion prevention and detection system (IDS/IPS) The most widely deployed IDS/IPS technology worldwide The most widely deployed IDS/IPS technology worldwide Perfect for quickly writing simple and powerful new rules Perfect for quickly writing simple and powerful new rules The de facto standard for IPS The de facto standard for IPS

9 SNORT DEPLOYMENT SCENARIO 1

10 SNORT DEPLOYMENT SCENARIO 2

11 SNORT ADD-ONS Other projects extend the core functionality provided by a basic Snort install Other projects extend the core functionality provided by a basic Snort install Snorby - A new and modern Snort IDS front-end Snorby - A new and modern Snort IDS front-end Snorby Barnyard2 - A dedicated spooler for Snort's unified2 binary output format Barnyard2 - A dedicated spooler for Snort's unified2 binary output format Barnyard2 Pulled_Pork - Perl script that automatically updates Snort rules Pulled_Pork - Perl script that automatically updates Snort rules Pulled_Pork bProbe - A Snort IDS configured to run in packet logger mode bProbe - A Snort IDS configured to run in packet logger mode bProbe

12 LOGSTASH WHY? Offers logs/event transport, processing, management, and search Offers logs/event transport, processing, management, and search Very fast search results even on a billion logs (elasticsearch) Very fast search results even on a billion logs (elasticsearch) Can produce multiple personalized dashboards Can produce multiple personalized dashboards Can easily parse text-based logs Can easily parse text-based logs

13 LOGSTASH ADD-ONS Other projects extend the core functionality provided by a basic Logstash install Other projects extend the core functionality provided by a basic Logstash install Elasticsearch – A distributed, RESTful, Real time analytics and search engine Elasticsearch – A distributed, RESTful, Real time analytics and search engine ElasticsearchRESTful ElasticsearchRESTful Kibana - The visual front end for Logstash & Elasticsearch Kibana - The visual front end for Logstash & Elasticsearch Kibana RabbitMQ – An Advanced Message Queuing Protocol RabbitMQ – An Advanced Message Queuing Protocol RabbitMQ

14 NTOP WHY? Shows traffic measurement, characterization and network usage in a real time Shows traffic measurement, characterization and network usage in a real time Monitor high speeds (1 Gbit and above) with common PCs Monitor high speeds (1 Gbit and above) with common PCs Detection of network security violations Detection of network security violations Work with NetFlow & sFlow protocols Work with NetFlow & sFlow protocolsNetFlowsFlowNetFlowsFlow

15 NTOP DEPLOYMENT SCENARIO 1

16 NTOP DEPLOYMENT SCENARIO 2

17 NTOP DEPLOYMENT SCENARIO 3

18 NTOP ADD-ONS Other projects extend the core functionality provided by a basic Ntop install. Other projects extend the core functionality provided by a basic Ntop install. Packet Filter Ring (PF_RING) - High-speed packet capture, filtering and analysis Packet Filter Ring (PF_RING) - High-speed packet capture, filtering and analysisPF_RING nProbe - An Extensible NetFlow v5/v9/IPFIX Probe for IPv4/v6 nProbe - An Extensible NetFlow v5/v9/IPFIX Probe for IPv4/v6 nProbe

19 PRIVAL & BLESK WHY? Provides advanced technologies and solutions to its customers Provides advanced technologies and solutions to its customers Blesk represents ten years of development & knowledge in Open Source Blesk represents ten years of development & knowledge in Open Source Resources to help you implement open source monitoring technologies in your enterprise Resources to help you implement open source monitoring technologies in your enterprise Provides support and updates of all open source monitoring components Provides support and updates of all open source monitoring components Customize and Improve open source technologies for your needs Customize and Improve open source technologies for your needs

Download ppt "MONITORING TOOLS Open Source Security Tools to monitor your network."

Similar presentations

XProtect ® Professional Efficient solutions for mid-sized installations.

XProtect ® Professional Efficient solutions for mid-sized installations.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.

Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.
A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.

A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.
Log Monitoring, Management and Analysis with Nagios

Log Monitoring, Management and Analysis with Nagios
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
INTRUSION DETECTION SYSTEM

INTRUSION DETECTION SYSTEM
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Penetration Testing Security Analysis and Advanced Tools: Snort.

Penetration Testing Security Analysis and Advanced Tools: Snort.

Similar presentations

Ads by Google