CINBAD. CERN/HP ProCurve Joint Project on Networking. Post-C5 meeting, 12 June 2009 (hepix, 26 May 2009)
|
|
- Nathaniel Cole
- 6 years ago
- Views:
Transcription
1 CINBAD CERN/HP ProCurve Joint Project on Networking Post-C meeting, 12 June 2009 (hepix, 26 May 2009) Ryszard Erazm Jurga - CERN Milosz Marian Hulboj - CERN
2 Outline Introduction to CERN network CINBAD project and its goals Data - sources, collection and analysis Results and conclusions 2
3 Simplified overall CERN campus network topology Computer Center Vault Computer Center Vault Farms 230 x BL3 BL RL BL4 RL4 RL3 BL2 RL2 BL1 RL1 Numbers: PL1 SL1 BL7 RL7 BB16 RB16 ATCN 40x 0x BB1 AB1 RB1 ZB1 BB2 AB2 ZB2 RB2 BB3 AB3 RB3 ZB3 ZB4 RB4 2-S S2 376-R 13-C 874-R BB4 AB4 13-CCR 13-CCR 100x or 874-CCC x active user devices Minor Starpoints 100x CERN sites 1Gb user ports Gb routers Gb ports 887-R switches ZB0 RB0 BB0 140 Gbps WAN connectivity 4.8 Tbps LCG Core 1x 1x TN Control AB0 BB17 RB17 ZB RB BB20 RB20 BB AB 1x ZB6 RB6 BB6 AB6 1x TN PG1 SG1 IB1 PG2 SG2 IB2 Control Monitoring BT1 RT16 Meyrin area BT2 BT3 BT RT3 RT4 RT14 RT13 LHC area 10x x BT12 433x Internet BT4 RT BT RT BT6 RT7 BT7 RT8 BT8 RT9 BT9 RT10 BT10 RT11 BT11 RT12 6 TT1 TT2 TT3 TT4 TT TT6 TT x 227 TN TT8 Control 10x Prevessin area BT1 BT RT17 RT x 287 TN CDR CDR CDR 8x CDR HLT 90x DAQ 2x DAQ 90x DAQ DAQ 3
4 CINBAD codename deciphered CERN Investigation of Network Behaviour and Anomaly Detection Project Goal To understand the behaviour of large computer networks ( nodes) in High Performance Computing or large Campus installations to be able to: Detect traffic anomalies in the system Be able to perform trend analysis Automatically take counter measures Provide post-mortem analysis facilities
5 What is anomaly? (1) Anomalies are a fact in computer networks Anomaly definition is very domain specific: Network faults Malicious attacks Viruses/worms Misconfiguration But there is a common denominator: Anomaly is a deviation of the system from the normal (expected) behaviour (baseline) Normal behaviour (baseline) is not stationary and is not always easy to define Anomalies are not necessarily easy to detect
6 What is anomaly? (2) Just a few examples of anomalies: The network infrastructure misuse unauthorised DHCP/DNS server (either malicious or accidental) network scans worms and viruses Violation of a local network/security policy NAT, TOR usage (not allowed at CERN) 6
7 data sources CINBAD project principle storage analysis collectors
8 sflow main data source Based on packet sampling (RFC 3176) on average 1-out-of-N packet is sampled by an agent and sent to a collector packet header and payload included (max 128 bytes) switching/routing/transport protocol information application protocol data (e.g. http, dns) SNMP counters included low CPU/memory requirements scalable For more details, see our technical report 8
9 sflow data usage Typically: traffic accounting (e.g. for billing, network planning, SLA etc.) Useful for post-mortem network analysis CERN-wide network tcpdump access to the whole CERN sampled network traffic information where and when the traffic has been seen particularly useful in detecting packets that should not be there (policy violation) Rare examples of sflow usage for anomaly detection 9
10 Other data sources Packet sampling data is not enough! Data is partial, cannot provide 100% accuracy Not always easy to identify the anomaly More data to understand flow of data in the network External sources provide useful information and time triggers Correlation between various data sources Example: Central Antivirus Service at CERN 10
11 CINBAD sflow data collection Current collection based on traffic from ~1000 switches ~6000 sampled packets per second ~ 300 snmp counter sets per second
12 Multistage data storage Stage 1 sflow datagram tree-like format unpacked into CINBAD file format to enable fast direct access Minimal space overhead introduced Stage 2 Oracle DB as a long-term storage data aggregation tradeoff between sflow randomness and space, data lifetime and anomaly detection requirements e.g. number of destination IPs for a given source IP 12
13 Data analysis Various approaches are being investigated Statistical analysis methods detect a change from normal network behaviour selection of suitable metrics is needed can detect new, unknown anomalies poor anomaly type identification Signature based we ported SNORT to work with sampled data performs well against know problems tends to have low false positive rate does not work against unknown anomalies 13
14 Synergy from both detection techniques Translation Rules Incoming sflow stream Sample-based SNORT evaluation engine Anomaly Alerts Statistical Analysis engine New baselines New Signatures Traffic Profiles 14
15 Campus and Internet traffic analysis Current results Identified anomalies which went undetected by the central CERN IDS Detected number of misbehaviors both statistical and pattern matching approaches used TOR, DNS abuse, Trojans, worms, network scans, p2p applications, rogue DHCP servers, etc. Findings reported to the CERN security team Security team adapted their policies 1
16 Achievements and next steps It has been demonstrated that pattern matching for anomaly detection is possible with sflow data Payload data is a key advantage of sflow sflow allows distributed detection at the edge of the network Combining statistical analysis with pattern matching is providing encouraging initial results Integration of the two mechanisms holds promise for zero-day detection 16
CERN network overview. Ryszard Jurga
CERN network overview Ryszard Jurga CERN openlab Summer Student Programme 2010 Outline CERN networks Campus network LHC network CERN openlab NCC 2 CERN campus network 3 Network Backbone Topology Gigabit
More informationProCurve Network Immunity
ProCurve Network Immunity Hans-Jörg Elias Key Account Manager hans-joerg.elias@hp.com 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationplixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels
Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to
More informationActivating Intrusion Prevention Service
Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers
More informationintelop Stealth IPS false Positive
There is a wide variety of network traffic. Servers can be using different operating systems, an FTP server application used in the demilitarized zone (DMZ) can be different from the one used in the corporate
More informationARAKIS An Early Warning and Attack Identification System
ARAKIS An Early Warning and Attack Identification System Piotr Kijewski Piotr.Kijewski@cert.pl 16th Annual FIRST Conference June 13-18, Budapest, Hungary Presentation outline Trends in large scale malicious
More informationConfiguring Antivirus Devices
CHAPTER 9 Revised: November 11, 2007 Antivirus (AV) devices provide detection and prevention against known viruses and anomalies. This chapter describes how to configure and add the following devices and
More informationDetecting Threats via Network Anomalies
Detecting Threats via Network Anomalies Gregory Pickett Hellfire Security Cybersecurity Operations @shogun7273 gregory.pickett@hellfiresecurity.com Not Network Like The Anomalies Others Utilizing Anomalies
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationHP0-Y16. ProCurve Network Immunity Solutions. Download Full Version :
HP HP0-Y16 ProCurve Network Immunity Solutions Download Full Version : http://killexams.com/pass4sure/exam-detail/hp0-y16 Which challenges does a unified NIM + IDS deployment meet? (Select two.) A. Reducing
More informationConfiguring sflow. Information About sflow. sflow Agent. This chapter contains the following sections:
This chapter contains the following sections: Information About sflow, page 1 Licensing Requirements, page 2 Prerequisites, page 2 Guidelines and Limitations for sflow, page 2 Default Settings for sflow,
More informationMeans for Intrusion Detection. Intrusion Detection. INFO404 - Lecture 13. Content
Intrusion Detection INFO404 - Lecture 13 21.04.2009 nfoukia@infoscience.otago.ac.nz Content Definition Network vs. Host IDS Misuse vs. Behavior Based IDS Means for Intrusion Detection Definitions (1) Intrusion:
More informationIDS: Signature Detection
IDS: Signature Detection Idea: What is bad, is known What is not bad, is good Determines whether a sequence of instructions being executed is known to violate the site security policy Signatures: Descriptions
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationEnhancing Byte-Level Network Intrusion Detection Signatures with Context
Enhancing Byte-Level Network Intrusion Detection Signatures with Context Robin Sommer sommer@in.tum.de Technische Universität München Germany Vern Paxson vern@icir.org International Computer Science Institute
More informationIntroduction to sflow
More From Your Network Introduction to sflow Holger Hasenaug, Technical Consultant HP ProCurve Networking CCIE#6343 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject
More informationEmerging Threat Intelligence using IDS/IPS. Chris Arman Kiloyan
Emerging Threat Intelligence using IDS/IPS Chris Arman Kiloyan Who Am I? Chris AUA Graduate (CS) Thesis : Cyber Deception Automation and Threat Intelligence Evaluation Using IDS Integration with Next-Gen
More informationIntroduction to Netflow
Introduction to Netflow Campus Network Design & Operations Workshop These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationAMP-Based Flow Collection. Greg Virgin - RedJack
AMP-Based Flow Collection Greg Virgin - RedJack AMP- Based Flow Collection AMP - Analytic Metadata Producer : Patented US Government flow / metadata producer AMP generates data including Flows Host metadata
More informationDriving Network Visibility
Flowmon Price List EUR Driving Network Visibility Flowmon Hardware Appliances... 2 Flowmon Virtual Appliances... 3 Flowmon Cloud... 3 Flowmon ADS Anomaly Detection System... 4 Flowmon DDoS Defender...
More informationHow to Configure IPS Policies
IPS policies control the behavior of the IPS when an attack is detected. You can define multiple IPS policies and apply them to individual firewall rules as needed. In this article: Default IPS Policy
More informationIntrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng
Intrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Internet Security Mechanisms Prevent: Firewall, IPsec, SSL Detect: Intrusion Detection Survive/ Response:
More informationCommunication Pattern Anomaly Detection in Process Control Systems
Communication Pattern Anomaly Detection in Process Control Systems Sponsored by the Department of Energy National SCADA Test Bed Program Managed by the National Energy Technology Laboratory The views herein
More informationNetwork Management and Monitoring
Network Management and Monitoring Introduction to Netflow These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationNetworking for Data Acquisition Systems. Fabrice Le Goff - 14/02/ ISOTDAQ
Networking for Data Acquisition Systems Fabrice Le Goff - 14/02/2018 - ISOTDAQ Outline Generalities The OSI Model Ethernet and Local Area Networks IP and Routing TCP, UDP and Transport Efficiency Networking
More informationHOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL
HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL CONTENTS EXECUTIVE SUMMARY 1 WEB APPLICATION SECURITY CHALLENGES 2 INSIST ON BEST-IN-CLASS CORE CAPABILITIES 3 HARNESSING ARTIFICIAL INTELLIGENCE
More informationDeveloping the Sensor Capability in Cyber Security
Developing the Sensor Capability in Cyber Security Tero Kokkonen, Ph.D. +358504385317 tero.kokkonen@jamk.fi JYVSECTEC JYVSECTEC - Jyväskylä Security Technology - is the cyber security research, development
More informationA tunnel discovery and monitoring overview. Ryszard Jurga CERN openlab
A tunnel discovery and monitoring overview Ryszard Jurga CERN openlab Agenda What is the tunnel? The tunnel discovery The tunnel monitoring Conclusions What is the tunnel? A connection where the packets
More informationIPv6 Security. David Kelsey (STFC-RAL) IPv6 workshop pre-gdb, CERN 7 June 2016
IPv6 Security David Kelsey (STFC-RAL) IPv6 workshop pre-gdb, CERN 7 June 2016 Outline MORE MATERIAL HERE THAN TIME TO PRESENT & DISCUSS (BUT SLIDES AVAILABLE FOR LATER REFERENCE) IPv6 security & threats
More informationBeyond a sensor. Towards the Globalization of SURFids. FIRST 20 th Annual Conference Vancouver, Canada
Beyond a sensor Towards the Globalization of SURFids Wim.Biemolt@surfnet.nl FIRST 20 th Annual Conference Vancouver, Canada 1 SURFnet6 2 SURFcert 3 18 th Annual FIRST Conference Goals - Understanding:
More informationOverview Intrusion Detection Systems and Practices
Overview Intrusion Detection Systems and Practices Chapter 13 Lecturer: Pei-yih Ting Intrusion Detection Concepts Dealing with Intruders Detecting Intruders Principles of Intrusions and IDS The IDS Taxonomy
More informationSystrome Next Gen Firewalls
N E T K S Systrome Next Gen Firewalls Systrome s Next Generation Firewalls provides comprehensive security protection from layer 2 to layer 7 for the mobile Internet era. The new next generation security
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationMonitoring and Threat Detection
Monitoring and Threat Detection with Netflow Michael Belan Consulting Systems Engineer Cisco GSSO January 2017 AGENDA What is SW? Where does it fit in overall Cisco Security framework? What is SW? What
More informationChapter 7. Network Intrusion Detection and Analysis. SeoulTech UCS Lab (Daming Wu)
SeoulTech UCS Lab Chapter 7 Network Intrusion Detection and Analysis 2015. 11. 3 (Daming Wu) Email: wdm1517@gmail.com Copyright c 2015 by USC Lab All Rights Reserved. Table of Contents 7.1 Why Investigate
More informationDistributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 29. Firewalls Paul Krzyzanowski Rutgers University Fall 2015 2013-2015 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive data & systems not accessible Integrity:
More informationTowards a collaborative, flow-based, distributed inter-domain Intrusion Detection System
Towards a collaborative, flow-based, distributed inter-domain Intrusion Detection System Frank Tietze Institut für Technische Informatik Fakultät für Informatik frank.tietze@unibw.de 1 Structure Introduction
More informationsflow Agent Contents 14-1
14 sflow Agent Contents Overview..................................................... 14-2 Flow Sampling by the sflow Agent........................... 14-2 Counter Polling by the sflow Agent...........................
More informationBehavior-Based IDS: StealthWatch Overview and Deployment Methodology
Behavior-Based IDS: Overview and Deployment Methodology Lancope 3155 Royal Drive, Building 100 Alpharetta, Georgia 30022 Phone: 770.225.6500 Fax: 770.225.6501 www.lancope.com techinfo@lancope.com Overview
More informationIntrusion Detection Systems
Intrusion Detection Systems Dr. Ahmad Almulhem Computer Engineering Department, KFUPM Spring 2008 Ahmad Almulhem - Network Security Engineering - 2008 1 / 15 Outline 1 Introduction Overview History 2 Types
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationAnomaly Detection in Communication Networks
Anomaly Detection in Communication Networks Prof. D. J. Parish High Speed networks Group Department of Electronic and Electrical Engineering D.J.Parish@lboro.ac.uk Loughborough University Overview u u
More informationIntrusion Detection by Combining and Clustering Diverse Monitor Data
Intrusion Detection by Combining and Clustering Diverse Monitor Data TSS/ACC Seminar April 5, 26 Atul Bohara and Uttam Thakore PI: Bill Sanders Outline Motivation Overview of the approach Feature extraction
More informationMaximize Network Visibility with NetFlow Technology. Adam Powers Chief Technology Officer Lancope
Maximize Network Visibility with NetFlow Technology Adam Powers Chief Technology Officer Lancope Agenda What is NetFlow h Introduction to NetFlow h NetFlow Examples NetFlow in Action h Network Operations
More informationRoot-Cause Network Troubleshooting Optimizing the Process Tim Titus CTO, PathSolutions
Root-Cause Network Troubleshooting Optimizing the Process Tim Titus CTO, PathSolutions 1 Agenda Business disconnect Why is troubleshooting so hard? Troubleshooting methodology Tool selection Finding the
More informationCheck Point DDoS Protector Introduction
Check Point DDoS Protector Introduction Petr Kadrmas SE Eastern Europe pkadrmas@checkpoint.com Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 2 (D)DoS Attack Methods
More informationIBM Security QRadar Version Architecture and Deployment Guide IBM
IBM Security QRadar Version 7.3.1 Architecture and Deployment Guide IBM Note Before you use this information and the product that it supports, read the information in Notices on page 41. Product information
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationIntroducing Campus Networks
Cisco Enterprise Architecture Introducing Campus Networks 2003, Cisco Systems, Inc. All rights reserved. 2-1 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0 2-2 Campus Data Center Combines switching
More informationScrutinizer Flow Analytics
Scrutinizer Flow Analytics TM Scrutinizer Flow Analytics Scrutinizer Flow Analytics is an expert system that highlights characteristics about the network. It uses flow data across dozens or several hundred
More informationCisco Security Monitoring, Analysis and Response System 4.2
Q&A Cisco Security Monitoring, Analysis and Response System 4.2 GENERAL Q. What is the Cisco Security Monitoring, Analysis and Response System? A. The Cisco Security Monitoring, Analysis and Response System
More informationFlows at Masaryk University Brno
Flows at Masaryk University Brno Jan Vykopal Masaryk University Institute of Computer Science GEANT3/NA3/T4 meeting October 21st, 2009, Belgrade Masaryk University, Brno, Czech Republic The 2nd largest
More informationConfiguring sflow. About sflow. sflow Agent
About sflow This chapter describes how to configure sflow on Cisco NX-OS devices. This chapter includes the following sections: About sflow, on page 1 Licensing Requirements for sflow, on page 2 Prerequisites
More informationTraining for the cyber professionals of tomorrow
Hands-On Labs Training for the cyber professionals of tomorrow CYBRScore is a demonstrated leader in professional cyber security training. Our unique training approach utilizes immersive hands-on lab environments
More informationIntrusion Detection and Malware Analysis
Intrusion Detection and Malware Analysis IDS Taxonomy and Architecture Pavel Laskov Wilhelm Schickard Institute for Computer Science IDS functionality IDS functionality Restrict access to legitimate service
More informationMaster Course Computer Networks IN2097
Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master Course Computer Networks IN2097 Chapter 7 - Network Measurements Introduction Architecture & Mechanisms
More informationListening to the Network: Leveraging Network Flow Telemetry for Security Applications Darren Anstee EMEA Solutions Architect
Listening to the Network: Leveraging Network Flow Telemetry for Security Applications Darren Anstee EMEA Solutions Architect Introduction Security has an increased focus from ALL businesses, whether they
More informationCovert channel detection using flow-data
Covert channel detection using flow-data Guido Pineda Reyes MSc. Systems and Networking Engineering University of Amsterdam July 3, 2014 Guido Pineda Reyes (UvA) Covert channel detection using flow-data
More informationSecurity Assessment Checklist
Security Assessment Checklist Westcon Security Checklist - Instructions The first step to protecting your business includes a careful and complete assessment of your security posture. Our Security Assessment
More informationMonitoring and diagnostics of data infrastructure problems in power engineering. Jaroslav Stusak, Sales Director CEE, Flowmon Networks
Monitoring and diagnostics of data infrastructure problems in power engineering Jaroslav Stusak, Sales Director CEE, Flowmon Networks 35,000 kilometers of electric power, which feeds around 740,000 clients...
More informationIntrusion prevention systems are an important part of protecting any organisation from constantly developing threats.
Network IPS Overview Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats. By using protocol recognition, identification, and traffic analysis
More informationChapter 1 B: Exploring the Network
Chapter 1 B: Exploring the Network Types of Networks The two most common types of network infrastructures are: Local Area Network (LAN) Wide Area Network (WAN). Other types of networks include: Metropolitan
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationIJSER. Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology
ISSN 2229-5518 321 Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology Abstract - Nowadays all are working with cloud Environment(cloud
More informationMobile IP. Mobile IP 1
Mobile IP Mobile IP 1 Motivation for Mobile IP Routing based on IP destination address, network prefix (e.g. 129.13.42) determines physical subnet change of physical subnet implies change of IP address
More informationIP Profiler. Tracking the activity and behavior of an IP address. Author: Fred Thiele (GCIA, CISSP) Contributing Editor: David Mackey (GCIH, CISSP)
Security Intelligence June 2005 IP Profiler Tracking the activity and behavior of an IP address Author: Fred Thiele (GCIA, CISSP) Contributing Editor: David Mackey (GCIH, CISSP) Page 2 Contents 3 Profiling
More informationSnort: The World s Most Widely Deployed IPS Technology
Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,
More informationCisco Intrusion Prevention Solutions
Cisco Intrusion Prevention Solutions Proactive Integrated, Collaborative, and Adaptive Network Protection Cisco Intrusion Prevention System (IPS) solutions accurately identify, classify, and stop malicious
More informationImproving Your Network Defense. Joel M Snyder Senior Partner Opus One
Improving Your Network Defense Joel M Snyder Senior Partner Opus One jms@opus1.com Agenda: Improving Your Network Defense What s the Thesis? Intrusion Detection Collecting Information Enabling Features
More informationsflow Elisa Jasinska
sflow Elisa Jasinska elisa.jasinska@ams-ix.net Agenda What is sflow? What is AMS-IX? AMS-IX requirements Existing software solutions Performance issues Software used at AMS-IX Privacy Results What is sflow?
More informationCheck Point DDoS Protector Simple and Easy Mitigation
Check Point DDoS Protector Simple and Easy Mitigation Jani Ekman janie@checkpoint.com Sales Engineer DDoS Protector 1 (D)DoS Attacks 2 3 4 DDoS Protector Behavioral DoS Protection Summary 2 What is an
More informationTraffic Flow Measurements within IP Networks: Requirements, Technologies and Standardization
Traffic Flow Measurements within IP Networks: Requirements, Technologies and Standardization Jürgen Quittek NEC Europe Ltd., Network Laboratories, Heidelberg, Germany Tanya Szeby, Georg Carle, Sebastian
More informationIntel PRO/1000 PT and PF Quad Port Bypass Server Adapters for In-line Server Appliances
Technology Brief Intel PRO/1000 PT and PF Quad Port Bypass Server Adapters for In-line Server Appliances Intel PRO/1000 PT and PF Quad Port Bypass Server Adapters for In-line Server Appliances The world
More informationHands-On IP for TeleCom Technicians Internetworking, TCP/IP, VLANS, Wirelss and more...
Hands-On Internetworking, TCP/IP, VLANS, Wirelss 802.11 and more... Course Description The Internet Protocol Suite, commonly known as TCP/IP, forms the basis for the Internet and the next generation of
More informationSecurity Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis
Security Automation Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis Network Admission Control See Managed Unmanaged Computing
More informationMulti-phase IRC Botnet & Botnet Behavior Detection Model
Software Verification and Validation Multi-phase IRC Botnet & Botnet Behavior Detection Model Aymen AlAwadi aymen@tmit.bme.hu Budapest university of technology and economics Department of Telecommunications
More informationFloCon Netflow Collection and Analysis at a Tier 1 Internet Peering Point. San Diego, CA. Fred Stringer
10 January 2017 FloCon 2017 San Diego, CA Netflow Collection and Analysis at a Tier 1 Internet Peering Point Fred Stringer AT&T Chief Security Organization Systems Engineer/Network Architect AT&T Intellectual
More information1. Intrusion Detection and Prevention Systems
1. Intrusion Detection and Prevention Systems Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which
More informationExtensible Network Configuration and Communication Framework
Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood Applied Research Laboratory Department of Computer Science and Engineering: Washington University in Saint Louis
More informationRequest for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )
Appendix 1 1st Tier Firewall The Solution shall be rack-mountable into standard 19-inch (482.6-mm) EIA rack. The firewall shall minimally support the following technologies and features: (a) Stateful inspection;
More informationIP SLAs Overview. Finding Feature Information. Information About IP SLAs. IP SLAs Technology Overview
This module describes IP Service Level Agreements (SLAs). IP SLAs allows Cisco customers to analyze IP service levels for IP applications and services, to increase productivity, to lower operational costs,
More informationTowards Traffic Anomaly Detection via Reinforcement Learning and Data Flow
Towards Traffic Anomaly Detection via Reinforcement Learning and Data Flow Arturo Servin Computer Science, University of York aservin@cs.york.ac.uk Abstract. Protection of computer networks against security
More informationWhat is New in Cisco ACE 4710 Application Control Engine Software Release 3.1
What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1 PB478675 Product Overview The Cisco ACE Application Control Engine 4710 represents the next generation of application switches
More informationTrisul Network Analytics - Traffic Analyzer
Trisul Network Analytics - Traffic Analyzer Using this information the Trisul Network Analytics Netfllow for ISP solution provides information to assist the following operation groups: Network Operations
More informationNETWORK THREATS DEMAN
SELF-DEFENDING NETWORK NETWORK THREATS DEMAN NEW SECURITY: STRATEGIES TECHNOLOGIES Self-Propagating Threats A combination of: self propagating threats Collaborative applications Interconnected environments
More informationNetwork Security. Chapter 0. Attacks and Attack Detection
Network Security Chapter 0 Attacks and Attack Detection 1 Attacks and Attack Detection Have you ever been attacked (in the IT security sense)? What kind of attacks do you know? 2 What can happen? Part
More informationMaximizing visibility for your
Maximizing visibility for your OptiView Series III Integrated Network Analyzer Network management and security departments have different network access requirements from the end user and server groups.
More informationTransforming the Cisco WAN with Network Intelligence
Transforming the Cisco WAN with Network Intelligence Introduction Branch office networks and the enterprise WAN are in a state of dramatic transformation, driven by three key trends. Enterprises are using
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationBotnet Detection Using Honeypots. Kalaitzidakis Vasileios
Botnet Detection Using Honeypots Kalaitzidakis Vasileios Athens, June 2009 What Is Botnet A Botnet is a large number of compromised computers, controlled by one or more Command-and-Control Servers, the
More informationImproving the Database Logging Performance of the Snort Network Intrusion Detection Sensor
-0- Improving the Database Logging Performance of the Snort Network Intrusion Detection Sensor Lambert Schaelicke, Matthew R. Geiger, Curt J. Freeland Department of Computer Science and Engineering University
More informationIPv4 addressing, NAT. Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley.
IPv4 addressing, NAT http://xkcd.com/195/ Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley Some materials copyright 1996-2012 J.F Kurose and K.W. Ross, All Rights
More informationCisco Service Control Business Intelligence Solution Guide,
CISCO SERVICE CONTROL SOLUTION GUIDE Cisco Service Control Business Intelligence Solution Guide, Release 4.1.x 1 Overview 2 Features Revised: December 23, 2013, OL-30603-01 Note This document supports
More informationDarknet Traffic Monitoring using Honeypot
Darknet Traffic Monitoring using Honeypot 1 Hemal khorasia, 2 Mr. Girish Khilari 1 IT Systems & Network Security, 1 Gujarat Technological University, Ahmedabad, India Abstract - A "Darknet" is a portion
More informationNSG50/100/200 Nebula Cloud Managed Security Gateway
NSG50/100/200 The Zyxel is built with remote management and ironclad security for organizations with multiple distributed sites. With an extensive suite of security features including ICSAcertified firewall,
More informationFlowMon ADS implementation case study
FlowMon ADS implementation case study Kamil Doležel Kamil.dolezel@advaict.com AdvaICT, a.s. Brno, Czech Republic Abstract FlowMon ADS implementation provides completely new insight into networks of all
More informationIntrusion Detection Systems and Network Security
Intrusion Detection Systems and Network Security Chapter 13 Background A layered network security approach starts with a well-secured system: Up-to-date application and operating system patches. Well-chosen
More information