SlideShare ist ein Scribd-Unternehmen logo

Plugging Network Security Holes Using NetFlow

NetFlow Analyzer
NetFlow Analyzer
Technologie
1 von 65
Downloaden Sie, um offline zu lesen
Plugging Network Security Holes using NetFlow Loopholes in todays network security solutions and how NetFlow can help
About ManageEngine Servers & Windows Event Log & Network Desktop ServiceDesk Security Applications Infrastructure Compliance Network Server Desktop Active Windows Vulnerability Helpdesk Monitoring Monitoring Management Directory Event Logs Analysis Application NetFlow Asset ITIL Service Syslog Patch Perf SQL Server Analysis Management Desk Management Management Monitoring Software Network End User Remote Exchange Firewall Log Password License Config Mgmt Experience Control Server Analyzer Management Tracking ManageEngine is an IT management vendor focused on bringing a complete IT management portfolio to all types of enterprises
Network Security Concerns
Network Security Concerns Increasing Network Security Violations 2010 : Major DDoS attacks and arrival of STUXNET 2011 : HB Gary Federal & Sony PSN Hacked - Emails made public and user data stolen Since then : Sony Pictures, Nintendo, Fox Networks, Eve’s online, Lockheed Martin, PBS, Honda Canada, Booz Allen Hamilton, C.I.A…The list is growing
Network Security Concerns Malwares – More Numbers and More Sophisticated Malware 350 300 250 200 150 100 50 0 The start 1971 1990 2011
Network Security Concerns Malwares – More Numbers and More Sophisticated More numbers and more sophisticated malwares Symantec’s 2011 Internet Security Threat Report states: “In 2010, Symantec encountered more than 286 million unique variants of malware.” Targeted, custom malwares appearing. STUXNET is just the beginning The era of the zero-day malware and attacks is here
Network Security Concerns Telecommuting & Erosion of Perimeter Percentage of US workers Telecommuting 35 30 25 20 15 ?? 10 17% 5 7.5% 0 1994 2004 2014
Network Security Concerns Telecommuting & Erosion of Perimeter More number of telecommuters per enterprise Increasing number of enterprise users have mobile devices like laptops & tablets Disappearing perimeter – Users connect over VPN, 3G, Public Wi-Fi, etc. from home or mobile devices Less secure transactions - Susceptible to malwares and Trojans
Network Security Concerns Telecommuting & Erosion of Perimeter More number of telecommutersTelecommuting Percentage of US workers per enterprise 35 30 Increasing number of enterprise users have mobile 25 devices like laptops & tablets 20 15 ?? Disappearing perimeter – Users connect over VPN, 3G, 10 Public Wi-Fi, etc. from home17% mobile devices or 5 7.5% 0 Less secure transactions - Susceptible to malwares and 1994 2004 2014 Trojans
Network Security Concerns Faster Networks – More Business Localization Increasing Network Bandwidth – The fastest Ethernet will soon move from 10 Gigabit to 100 Gigabit Ethernet Newer applications and services added everyday Business localization – Increased users and thus higher volume of network traffic More unknown applications are encountered
Network Security Concerns Faster Networks – More Business Localization Increasing Network Bandwidth – The fastest Ethernet will soon move from 10 Gigabit to 100 Gigabit Ethernet Newer applications and services added everyday Business localization – Increased users and thus higher volume of network traffic More unknown applications are encountered
Network Security Concerns Star Topology Complex Meshed Networks Networks are no longer based on the simple STAR topology Distributed networks in MESH topology Huge number of devices and nodes interconnected Traffic moves in multiple directions through different nodes
Network Security Concerns Complex Meshed Networks Networks are no longer based on the simple STAR topology Distributed networks in MESH topology Huge number of devices and nodes interconnected Traffic moves in multiple directions through different nodes
Network Security Concerns Meshed Networks Complex Meshed Networks Networks are no longer based on the simple STAR topology Distributed networks in MESH topology Huge number of devices and nodes interconnected Traffic moves in multiple directions through different nodes
Loopholes in current network security systems
The Loopholes Internet IDS Internal Network M A L W A R E Signature Anomaly Blocked R E A L W A M Non Signature Anomaly Undetected
The Loopholes More targeted, custom made, STUXNET like malwares IDS and IPS is based on “signatures”, a known characteristic of some particular attack Increasing number of zero day attacks whose signatures has not yet been documented Firewalls are ineffective against zero-day malwares as they block only traffic defined by the user
The Loopholes Telecommuters – Access the Internet from public Wi-Fi spots & unknown networks Personal computers are easier to attack and infect Users carry infected devices into the network or connect via VPN - Malware spreads across the LAN Packet inspection technologies are impractical for use in LAN due to the number of nodes to be monitored IDS not feasible for internal network monitoring
The Loopholes Telecommuters – Access the Internet from public Wi-Fi spots & unknown networks Personal computers are easier to attack and infect Users carry infected devices into the network or connect via VPN - Malware spreads across the LAN Packet inspection technologies are impractical for use in LAN due to the number of nodes to be monitored IDS not feasible for internal network monitoring
The Loopholes With malwares in your LAN, your network could be the one hosting an attack or sending spam STUXNET spread across 100,000 computers and never used Internet as the stream Each time STUXNET infected a system, it connected to 2 public domains to report about the infected machines Egress traffic accounting can help with early detection IDS and IPS does only ingress traffic accounting
The Loopholes 10 Gigabit network is now standard & 100 Gigabit network is around the corner Organizations now have more traffic and applications Packet Inspection is rendered ineffective due to the volume of traffic involved High performance and scalable packet inspection tools are highly expensive
The Loopholes 10 Gigabit network is now standard & 100 Gigabit network is around the corner Organizations now have more traffic and applications Packet Inspection is rendered ineffective due to the volume of traffic involved High performance and scalable packet inspection tools are highly expensive
The Loopholes Localization and branching of enterprises means more users and many services Firewall rules are used to block any undesired traffic but web service traffic (port 80) is allowed in most networks Sophisticated attacks use port 80 with the ACK bit set so that traffic appears to be legitimate web transactions Such traffic surpasses the firewalls and enters your network
The Loopholes Localization and branching of enterprises means more users and many services Firewall rules are used to block any undesired traffic but web service traffic (port 80) is allowed in most networks Sophisticated attacks use port 80 with the ACK bit set so that traffic appears to be legitimate web transactions Such traffic surpasses the firewalls and enters your network
The Loopholes Meshed networks include more nodes than the STAR topologies of the old times Traffic between sites choose the best path and do not always traverse through a center node Packet analysis / inspection technology not be feasible at all nodes Multiple locations and hence data collection for packet inspection at each point is difficult
The Loopholes Meshed networks include more nodes than the STAR topologies of the old times Traffic between sites choose the best path and do not always traverse through a center node Packet analysis / inspection technology not be feasible at all nodes Multiple locations and hence data collection for packet inspection at each point is difficult
The Solution
The Solution Enter NetFlow Technology developed by Cisco Systems - initially used as a switching path Primary network IP traffic accounting technology All major vendors now support flow export : NetFlow - Cisco, Adtran, 3COM sFlow - Alcatel, HP, Brocade, Enterasys, Dell IPFIX - Nortel / J-Flow - Juniper
The Solution About NetFlow Captures specific information from network IP Traffic and stores to the device’s NetFlow cache Traffic information exported as UDP packets to the configured destination 7 Key fields defines a flow as one unique conversation in NetFlow
The Solution About NetFlow Source Interface (ifindex) Protocol Source IP Address Destination IP Address Source Port Destination Port ToS
The Solution Core Network Edge Router NetFlow enabled interface UDP NetFlow NetFlow Collector
The Solution Core Network Edge Router NetFlow enabled interface UDP NetFlow NetFlow Collector
The Solution ManageEngine NetFlow Analyzer Without NetFlow Analysis Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic With NetFlow Analysis TCP ESP Kazaa HTTP Src IP Cnvrstn IPv4 DSCP Octets 80 UDP GRE Torrent Telnet Dst IP Host IPv6 ToS Time 23
The Solution ManageEngine NetFlow Analyzer Leverages on the flow data exported from your network devices Reports on traffic, applications, hosts, conversations, QoS, etc. Easy to use GUI and extensive graph options for quick understanding and fast problem drill down
The Solution Source Port Source IP Address Who ? Destination Port What ? Destination IP Address Protocol When ? Packet Count Usage ? Flow Start and End time Octet count ToS QoS ? TCP Flags QoS ? Protocol NextHop Input and Output Interface Path ? Source AS Information Route ? (ifindex) Destination AS Information
The Solution Advanced Security Analytics Module Flow based network behavior analysis tool Add-On to ManageEngine NetFlow Analyzer and leverages on its agentless data collection capabilities Uses the NetFlow or sFlow data received by NetFlow Analyzer for internal and external threat detection Continuous Stream Mining Engine TM detects network anomalies in real-time
The Solution Advanced Security Analytics Module Flow based network behavior analysis tool Add-On to ManageEngine NetFlow Analyzer and leverages on its agentless data collection capabilities Uses the NetFlow or sFlow data received by NetFlow Analyzer for internal and external threat detection Continuous Stream Mining Engine TM detects network anomalies in real-time
The Solution NetFlow Data Advanced Security Analytics Module NetFlow Analyzer Flow based network behavior analysis tool Add-On to ManageEngine NetFlow Analyzer and Continuous Stream Mining Engine leverages on its agentless data collection capabilities Advanced Security Analytics Uses the NetFlow or sFlow data received by NetFlow Analyzer for internal and external threat detection Events Continuous Stream Mining Engine TM detects network anomalies in real-time User
Plugging Loopholes
Detect Hacking Attempts Network Hacking Reconnaissance Methods Port Scans DNS Lookup Ping Sweeps Traceroute Except port scan, all the traffic is detectable as it is using NetFlow data ASAM analyzes NetFlow data and detect scans – TCP Scans like SYN scan, reverse scan, Xmas-Tree scan
Detect Hacking Attempts Network Hacking Reconnaissance Methods Port Scans DNS Lookup Ping Sweeps Traceroute Except port scan, all the traffic is detectable as it is using NetFlow data ASAM analyzes NetFlow data and detect scans – TCP Scans like SYN scan, reverse scan, Xmas-Tree scan
Stopping Zero-Day Malwares Identify the Top N and baseline your network behavior Change in traffic patterns can be identified using NetFlow data Sudden increase in traffic, spike in UDP traffic, etc. Get alerted when such changes occur
Stopping Zero-Day Malwares Identify the Top N and baseline your network behavior Change in traffic patterns can be identified using NetFlow data Sudden increase in traffic, spike in UDP traffic, etc. Get alerted when such changes occur
Stopping Zero-Day Malwares Session based identification helps track malware Abnormal traffic to many hosts from single host on a single port can be a worm Traffic from IANA reserved addresses or over reserved protocols is malicious traffic ASAM identifies such traffic and creates alerts
Stopping Zero-Day Malwares Session based identification helps track malware Identify the Top N and baseline your network behavior Abnormal traffic to many hosts from single host on a Change in traffic patterns can be identified using single port can be a worm NetFlow data Traffic from IANA reserved addresses or over Sudden increase in traffic, spike in UDP traffic, etc. reserved protocols is malicious traffic Get alerted when such changes occur ASAM identifies such traffic and creates alerts
Internal Network Threat Detection Telecommuting brings malwares into the network An IDS deployment for internal traffic is not feasible NetFlow is light on the bandwidth and device resources Most of your devices come with support for NetFlow or similar flow format Enable flow export and get visibility on both ingress and egress traffic flow
Internal Network Threat Detection Telecommuting brings malwares into the network An IDS deployment for internal traffic is not feasible NetFlow is light on the bandwidth and device resources Most of your devices come with support for NetFlow or similar flow format Enable flow export and get visibility on both ingress and egress traffic flow
Monitoring High Speed Networks Packet inspection software capable of handling 10G network traffic are few and expensive NetFlow data captures just the important information from actual traffic Do traffic analytics using NetFlow information Use packet capture only where absolutely necessary Brings down cost and helps in faster troubleshooting
Monitoring High Speed Networks Packet inspection software capable of handling 10G network traffic are few and expensive NetFlow data captures just the important information from actual traffic Do traffic analytics using NetFlow information Use packet capture only where absolutely necessary Brings down cost and helps in faster troubleshooting
Solution for Meshed Networks The star (hub and spoke) networks are a thing of past Meshed networks today allow traffic to pass through all nodes depending on best path An IDS or packet inspection at each node is not feasible Utilize the already available NetFlow from your network devices in locations like branches
Solution for Meshed Networks The star (hub and spoke) networks are a thing of past Meshed networks today allow traffic to pass through all nodes depending on best path An IDS or packet inspection at each node is not feasible Utilize the already available NetFlow from your network devices in locations like branches
ManageEngine NetFlow Analyzer
ManageEngine NetFlow Analyzer An all software solution for bandwidth monitoring, traffic analytics and anomaly detection Supports all flow formats as well as most of Cisco’s performance monitoring technologies Cisco NBAR, CBQoS, IPSLA and WAAS reports Additional features includes AS reporting, capacity planning, support for Cisco ASA NSEL, usage alerts, etc.
What else is NetFlow Analyzer Highly granular traffic reports based on speed, volume, utilization and packets updated in real-time Conversations details for each minute thus helping with the quick troubleshooting of network incidents
What else is NetFlow Analyzer Highly granular traffic reports based on speed, volume, Details on protocol distribution, in real-time usage & custom utilization and packets updated application application monitoring Conversations details for each minute thus helping with the Future ready with IPv6of network incidents quick troubleshooting conversation reports
What else is NetFlow Analyzer Highly granular traffic reports based on speed, volume, Details on protocol distribution, in real-time usage & custom utilization and packets updated application application monitoring Conversations details for each minute thus helping with the Future ready with IPv6of network incidents quick troubleshooting conversation reports
What else is NetFlow Analyzer Highly granular traffic reports based on speed, volume, Details on protocol distribution, in real-time usage & custom utilization and packets updated application application monitoring Conversations details for each minute thus helping with the Future ready with IPv6of network incidents quick troubleshooting conversation reports
What else is NetFlow Analyzer Highly granular traffic reports based on speed, volume, Details on protocol distribution, in real-time usage & custom utilization and packets updated application application monitoring Conversations details for each minute thus helping with the Future ready with IPv6of network incidents quick troubleshooting conversation reports
Advanced Security Analytics Module
ASAM – An Overview Security Posture page to list all detected anomalies grouped under problem classes Drill down on each problem for problem analysis or resource analysis In-depth details on each event, source, destination and route Helps you take quick decisions to block IP’s or take action on the device level
ASAM – An Overview Security Posture page to list all detected anomalies grouped under problem classes Drill down on each problem for problem analysis or resource analysis In-depth details on each event, source, destination and route Helps you take quick decisions to block IP’s or take action on the device level
ASAM – An Overview
Conclusion An IDS and firewall only system is a thing of the past New age networks face more sophisticated problems A combination of well set firewall rules, an effective IDS/IPS system and NetFlow analysis is the answer
Conclusion
Questions? ManageEngine NetFlow Analyzer is used by over 4000 customers worldwide. Visit our website for details: www.manageengine.com www.netflowanalyzer.com sales@manageengine.com nfs@manageengine.com

Empfohlen

SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSIS
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSISSECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSIS
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSISIJNSA Journal
 
Dell sonicwall connected security
Dell sonicwall connected securityDell sonicwall connected security
Dell sonicwall connected securityMotty Ben Atia
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIJNSA Journal
 
Wireless Security Needs For Enterprises
Wireless Security Needs For EnterprisesWireless Security Needs For Enterprises
Wireless Security Needs For Enterprisesshrutisreddy
 
Attacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network SecurityAttacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network Securityijtsrd
 
Wns rogues wp_1011_v3
Wns rogues wp_1011_v3Wns rogues wp_1011_v3
Wns rogues wp_1011_v3Advantec Distribution
 
IRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET Journal
 
Viable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be JeopardizedViable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be JeopardizedIRJET Journal
 

Empfohlen

SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSIS
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSISSECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSIS
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSISIJNSA Journal
 
Dell sonicwall connected security
Dell sonicwall connected securityDell sonicwall connected security
Dell sonicwall connected securityMotty Ben Atia
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIJNSA Journal
 
Wireless Security Needs For Enterprises
Wireless Security Needs For EnterprisesWireless Security Needs For Enterprises
Wireless Security Needs For Enterprisesshrutisreddy
 
Attacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network SecurityAttacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network Securityijtsrd
 
Wns rogues wp_1011_v3
Wns rogues wp_1011_v3Wns rogues wp_1011_v3
Wns rogues wp_1011_v3Advantec Distribution
 
IRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET Journal
 
Viable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be JeopardizedViable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be JeopardizedIRJET Journal
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetIvan Carmona
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceIcomm Technologies
 
Ch20 Wireless Security
Ch20 Wireless SecurityCh20 Wireless Security
Ch20 Wireless Securityphanleson
 
Security 2 Q 07[1]
Security 2 Q 07[1]Security 2 Q 07[1]
Security 2 Q 07[1]Sharpe Smith
 
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2LinkedIn
 
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis MPhil/MRes/BSc
 
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin RodillasTI Safe
 
Day1
Day1Day1
Day1Jai4uk
 
4 wifi security
4 wifi security4 wifi security
4 wifi securityal-sari7
 
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...Lindsey Landolfi
 
Domain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network HackingDomain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network HackingShivamSharma909
 
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK IJNSA Journal
 
8 Threats Your Anti-Virus Won't Stop
8 Threats Your Anti-Virus Won't Stop8 Threats Your Anti-Virus Won't Stop
8 Threats Your Anti-Virus Won't StopSophos
 
IronPort
IronPortIronPort
IronPortNetwax Lab
 
Wireless security
Wireless securityWireless security
Wireless securityNguyen Minh Thu
 
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...IRJET Journal
 
Latest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityLatest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityIOSR Journals
 
Is Your Network Ready for BYOD?
Is Your Network Ready for BYOD?Is Your Network Ready for BYOD?
Is Your Network Ready for BYOD?Sophos
 
Porque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNPorque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNaloscocco
 
Netflow slides
Netflow slidesNetflow slides
Netflow slidesJose Manuel Vega Monroy
 
NetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat DefenseNetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat DefenseCisco Canada
 

Weitere ähnliche Inhalte

Was ist angesagt?

Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetIvan Carmona
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceIcomm Technologies
 
Ch20 Wireless Security
Ch20 Wireless SecurityCh20 Wireless Security
Ch20 Wireless Securityphanleson
 
Security 2 Q 07[1]
Security 2 Q 07[1]Security 2 Q 07[1]
Security 2 Q 07[1]Sharpe Smith
 
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2LinkedIn
 
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis MPhil/MRes/BSc
 
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin RodillasTI Safe
 
4 wifi security
4 wifi security4 wifi security
4 wifi securityal-sari7
 
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...Lindsey Landolfi
 
Domain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network HackingDomain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network HackingShivamSharma909
 
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK IJNSA Journal
 
8 Threats Your Anti-Virus Won't Stop
8 Threats Your Anti-Virus Won't Stop8 Threats Your Anti-Virus Won't Stop
8 Threats Your Anti-Virus Won't StopSophos
 
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...IRJET Journal
 
Latest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityLatest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityIOSR Journals
 
Is Your Network Ready for BYOD?
Is Your Network Ready for BYOD?Is Your Network Ready for BYOD?
Is Your Network Ready for BYOD?Sophos
 
Porque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNPorque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNaloscocco
 

Was ist angesagt? (20)

Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work force
 
Ch20 Wireless Security
Ch20 Wireless SecurityCh20 Wireless Security
Ch20 Wireless Security
 
Security 2 Q 07[1]
Security 2 Q 07[1]Security 2 Q 07[1]
Security 2 Q 07[1]
 
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2
 
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
 
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas
 
Day1
Day1Day1
Day1
 
4 wifi security
4 wifi security4 wifi security
4 wifi security
 
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
 
Domain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network HackingDomain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network Hacking
 
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
 
8 Threats Your Anti-Virus Won't Stop
8 Threats Your Anti-Virus Won't Stop8 Threats Your Anti-Virus Won't Stop
8 Threats Your Anti-Virus Won't Stop
 
IronPort
IronPortIronPort
IronPort
 
Wireless security
Wireless securityWireless security
Wireless security
 
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
 
Latest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityLatest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless Security
 
Is Your Network Ready for BYOD?
Is Your Network Ready for BYOD?Is Your Network Ready for BYOD?
Is Your Network Ready for BYOD?
 
Porque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNPorque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPN
 

Andere mochten auch

NetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat DefenseNetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat DefenseCisco Canada
 
Manageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An InsightManageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An InsightSai Sundhar Padmanabhan
 
Ordering guide for cisco isr g2
Ordering guide for cisco isr g2Ordering guide for cisco isr g2
Ordering guide for cisco isr g2IT Tech
 
Network protocols
Network protocolsNetwork protocols
Network protocolsIT Tech
 
Cisco switch selector layer2 or layer3
Cisco switch selector layer2 or layer3Cisco switch selector layer2 or layer3
Cisco switch selector layer2 or layer3IT Tech
 
How to configure Nagios in Fedora ?
How to configure Nagios in Fedora ?How to configure Nagios in Fedora ?
How to configure Nagios in Fedora ?Pankaj Rane
 
BGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet WorkBGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet WorkIT Tech
 
5. mrtg in nagios1 0
5. mrtg in nagios1 05. mrtg in nagios1 0
5. mrtg in nagios1 0aqpjuan
 
How to configure flexible netflow export on cisco routers
How to configure flexible netflow export on cisco routersHow to configure flexible netflow export on cisco routers
How to configure flexible netflow export on cisco routersIT Tech
 
The feature licenses available for main cisco asa 5500 models
The feature licenses available for main cisco asa 5500 modelsThe feature licenses available for main cisco asa 5500 models
The feature licenses available for main cisco asa 5500 modelsIT Tech
 
Computer repair -_a_complete_illustrated_guide_to_pc_hardware
Computer repair -_a_complete_illustrated_guide_to_pc_hardwareComputer repair -_a_complete_illustrated_guide_to_pc_hardware
Computer repair -_a_complete_illustrated_guide_to_pc_hardwareShripal Oswal
 
GTU PHP Project Training Guidelines
GTU PHP Project Training GuidelinesGTU PHP Project Training Guidelines
GTU PHP Project Training GuidelinesTOPS Technologies
 
Licensing on Cisco 2960, 3560X and 3750X...
Licensing on Cisco 2960, 3560X and 3750X...Licensing on Cisco 2960, 3560X and 3750X...
Licensing on Cisco 2960, 3560X and 3750X...IT Tech
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowLancope, Inc.
 
How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersSolarWinds
 
Central management of network and call services
Central management of network and call servicesCentral management of network and call services
Central management of network and call servicesNazmul Hossain Rakib
 
Line cards that are available for cisco catalyst 4500 series switches
Line cards that are available for cisco catalyst 4500 series switchesLine cards that are available for cisco catalyst 4500 series switches
Line cards that are available for cisco catalyst 4500 series switchesIT Tech
 

Andere mochten auch (20)

Netflow slides
Netflow slidesNetflow slides
Netflow slides
 
NetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat DefenseNetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat Defense
 
Manageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An InsightManageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An Insight
 
Ordering guide for cisco isr g2
Ordering guide for cisco isr g2Ordering guide for cisco isr g2
Ordering guide for cisco isr g2
 
Network protocols
Network protocolsNetwork protocols
Network protocols
 
Cisco switch selector layer2 or layer3
Cisco switch selector layer2 or layer3Cisco switch selector layer2 or layer3
Cisco switch selector layer2 or layer3
 
How to configure Nagios in Fedora ?
How to configure Nagios in Fedora ?How to configure Nagios in Fedora ?
How to configure Nagios in Fedora ?
 
BGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet WorkBGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet Work
 
5. mrtg in nagios1 0
5. mrtg in nagios1 05. mrtg in nagios1 0
5. mrtg in nagios1 0
 
How to configure flexible netflow export on cisco routers
How to configure flexible netflow export on cisco routersHow to configure flexible netflow export on cisco routers
How to configure flexible netflow export on cisco routers
 
Nagios
NagiosNagios
Nagios
 
The feature licenses available for main cisco asa 5500 models
The feature licenses available for main cisco asa 5500 modelsThe feature licenses available for main cisco asa 5500 models
The feature licenses available for main cisco asa 5500 models
 
Computer repair -_a_complete_illustrated_guide_to_pc_hardware
Computer repair -_a_complete_illustrated_guide_to_pc_hardwareComputer repair -_a_complete_illustrated_guide_to_pc_hardware
Computer repair -_a_complete_illustrated_guide_to_pc_hardware
 
GTU PHP Project Training Guidelines
GTU PHP Project Training GuidelinesGTU PHP Project Training Guidelines
GTU PHP Project Training Guidelines
 
Nagios nrpe
Nagios nrpeNagios nrpe
Nagios nrpe
 
Licensing on Cisco 2960, 3560X and 3750X...
Licensing on Cisco 2960, 3560X and 3750X...Licensing on Cisco 2960, 3560X and 3750X...
Licensing on Cisco 2960, 3560X and 3750X...
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
 
How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco Routers
 
Central management of network and call services
Central management of network and call servicesCentral management of network and call services
Central management of network and call services
 
Line cards that are available for cisco catalyst 4500 series switches
Line cards that are available for cisco catalyst 4500 series switchesLine cards that are available for cisco catalyst 4500 series switches
Line cards that are available for cisco catalyst 4500 series switches
 

Ähnlich wie Plugging Network Security Holes Using NetFlow

Cisco Connect 2018 Malaysia - Secure data center and mobility solutions
Cisco Connect 2018 Malaysia - Secure data center and mobility solutionsCisco Connect 2018 Malaysia - Secure data center and mobility solutions
Cisco Connect 2018 Malaysia - Secure data center and mobility solutionsNetworkCollaborators
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Jiunn-Jer Sun
 
A rede como um sensor de segurança
A rede como um sensor de segurança A rede como um sensor de segurança
A rede como um sensor de segurança Cisco do Brasil
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Rishabh Dangwal
 
Wireless Device and Network level security
Wireless Device and Network level securityWireless Device and Network level security
Wireless Device and Network level securityChetan Kumar S
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Cisco do Brasil
 
Security and privacy issues of pervasive computing
Security and privacy issues of pervasive computingSecurity and privacy issues of pervasive computing
Security and privacy issues of pervasive computingRam kumar
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
 
Wireless security report
Wireless security reportWireless security report
Wireless security reportMarynol Cahinde
 
MT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportMT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportDell EMC World
 
Eximbank security presentation
Eximbank security presentationEximbank security presentation
Eximbank security presentationlaonap166
 

Ähnlich wie Plugging Network Security Holes Using NetFlow (20)

Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Cisco Connect 2018 Malaysia - Secure data center and mobility solutions
Cisco Connect 2018 Malaysia - Secure data center and mobility solutionsCisco Connect 2018 Malaysia - Secure data center and mobility solutions
Cisco Connect 2018 Malaysia - Secure data center and mobility solutions
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
 
A rede como um sensor de segurança
A rede como um sensor de segurança A rede como um sensor de segurança
A rede como um sensor de segurança
 
5691 computer network career
5691 computer network career5691 computer network career
5691 computer network career
 
Day4
Day4Day4
Day4
 
1Table of Contents.docx
1Table of Contents.docx1Table of Contents.docx
1Table of Contents.docx
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
 
BYOD Monitoring
BYOD MonitoringBYOD Monitoring
BYOD Monitoring
 
Euro mGov Securing Mobile Services
Euro mGov Securing Mobile ServicesEuro mGov Securing Mobile Services
Euro mGov Securing Mobile Services
 
Wireless Device and Network level security
Wireless Device and Network level securityWireless Device and Network level security
Wireless Device and Network level security
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)
 
Security and privacy issues of pervasive computing
Security and privacy issues of pervasive computingSecurity and privacy issues of pervasive computing
Security and privacy issues of pervasive computing
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
 
Wireless security report
Wireless security reportWireless security report
Wireless security report
 
MT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportMT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT Support
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
 
Network security
Network security Network security
Network security
 
Eximbank security presentation
Eximbank security presentationEximbank security presentation
Eximbank security presentation
 
Airheads vail 2011 pci 2.0 compliance
Airheads vail 2011 pci 2.0 complianceAirheads vail 2011 pci 2.0 compliance
Airheads vail 2011 pci 2.0 compliance
 

Kürzlich hochgeladen

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Kürzlich hochgeladen (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

Plugging Network Security Holes Using NetFlow

  • 1. Plugging Network Security Holes using NetFlow Loopholes in todays network security solutions and how NetFlow can help
  • 2. About ManageEngine Servers & Windows Event Log & Network Desktop ServiceDesk Security Applications Infrastructure Compliance Network Server Desktop Active Windows Vulnerability Helpdesk Monitoring Monitoring Management Directory Event Logs Analysis Application NetFlow Asset ITIL Service Syslog Patch Perf SQL Server Analysis Management Desk Management Management Monitoring Software Network End User Remote Exchange Firewall Log Password License Config Mgmt Experience Control Server Analyzer Management Tracking ManageEngine is an IT management vendor focused on bringing a complete IT management portfolio to all types of enterprises
  • 4. Network Security Concerns Increasing Network Security Violations 2010 : Major DDoS attacks and arrival of STUXNET 2011 : HB Gary Federal & Sony PSN Hacked - Emails made public and user data stolen Since then : Sony Pictures, Nintendo, Fox Networks, Eve’s online, Lockheed Martin, PBS, Honda Canada, Booz Allen Hamilton, C.I.A…The list is growing
  • 5. Network Security Concerns Malwares – More Numbers and More Sophisticated Malware 350 300 250 200 150 100 50 0 The start 1971 1990 2011
  • 6. Network Security Concerns Malwares – More Numbers and More Sophisticated More numbers and more sophisticated malwares Symantec’s 2011 Internet Security Threat Report states: “In 2010, Symantec encountered more than 286 million unique variants of malware.” Targeted, custom malwares appearing. STUXNET is just the beginning The era of the zero-day malware and attacks is here
  • 7. Network Security Concerns Telecommuting & Erosion of Perimeter Percentage of US workers Telecommuting 35 30 25 20 15 ?? 10 17% 5 7.5% 0 1994 2004 2014
  • 8. Network Security Concerns Telecommuting & Erosion of Perimeter More number of telecommuters per enterprise Increasing number of enterprise users have mobile devices like laptops & tablets Disappearing perimeter – Users connect over VPN, 3G, Public Wi-Fi, etc. from home or mobile devices Less secure transactions - Susceptible to malwares and Trojans
  • 9. Network Security Concerns Telecommuting & Erosion of Perimeter More number of telecommutersTelecommuting Percentage of US workers per enterprise 35 30 Increasing number of enterprise users have mobile 25 devices like laptops & tablets 20 15 ?? Disappearing perimeter – Users connect over VPN, 3G, 10 Public Wi-Fi, etc. from home17% mobile devices or 5 7.5% 0 Less secure transactions - Susceptible to malwares and 1994 2004 2014 Trojans
  • 10. Network Security Concerns Faster Networks – More Business Localization Increasing Network Bandwidth – The fastest Ethernet will soon move from 10 Gigabit to 100 Gigabit Ethernet Newer applications and services added everyday Business localization – Increased users and thus higher volume of network traffic More unknown applications are encountered
  • 11. Network Security Concerns Faster Networks – More Business Localization Increasing Network Bandwidth – The fastest Ethernet will soon move from 10 Gigabit to 100 Gigabit Ethernet Newer applications and services added everyday Business localization – Increased users and thus higher volume of network traffic More unknown applications are encountered
  • 12. Network Security Concerns Star Topology Complex Meshed Networks Networks are no longer based on the simple STAR topology Distributed networks in MESH topology Huge number of devices and nodes interconnected Traffic moves in multiple directions through different nodes
  • 13. Network Security Concerns Complex Meshed Networks Networks are no longer based on the simple STAR topology Distributed networks in MESH topology Huge number of devices and nodes interconnected Traffic moves in multiple directions through different nodes
  • 14. Network Security Concerns Meshed Networks Complex Meshed Networks Networks are no longer based on the simple STAR topology Distributed networks in MESH topology Huge number of devices and nodes interconnected Traffic moves in multiple directions through different nodes
  • 15. Loopholes in current network security systems
  • 16. The Loopholes Internet IDS Internal Network M A L W A R E Signature Anomaly Blocked R E A L W A M Non Signature Anomaly Undetected
  • 17. The Loopholes More targeted, custom made, STUXNET like malwares IDS and IPS is based on “signatures”, a known characteristic of some particular attack Increasing number of zero day attacks whose signatures has not yet been documented Firewalls are ineffective against zero-day malwares as they block only traffic defined by the user
  • 18. The Loopholes Telecommuters – Access the Internet from public Wi-Fi spots & unknown networks Personal computers are easier to attack and infect Users carry infected devices into the network or connect via VPN - Malware spreads across the LAN Packet inspection technologies are impractical for use in LAN due to the number of nodes to be monitored IDS not feasible for internal network monitoring
  • 19. The Loopholes Telecommuters – Access the Internet from public Wi-Fi spots & unknown networks Personal computers are easier to attack and infect Users carry infected devices into the network or connect via VPN - Malware spreads across the LAN Packet inspection technologies are impractical for use in LAN due to the number of nodes to be monitored IDS not feasible for internal network monitoring
  • 20. The Loopholes With malwares in your LAN, your network could be the one hosting an attack or sending spam STUXNET spread across 100,000 computers and never used Internet as the stream Each time STUXNET infected a system, it connected to 2 public domains to report about the infected machines Egress traffic accounting can help with early detection IDS and IPS does only ingress traffic accounting
  • 21. The Loopholes 10 Gigabit network is now standard & 100 Gigabit network is around the corner Organizations now have more traffic and applications Packet Inspection is rendered ineffective due to the volume of traffic involved High performance and scalable packet inspection tools are highly expensive
  • 22. The Loopholes 10 Gigabit network is now standard & 100 Gigabit network is around the corner Organizations now have more traffic and applications Packet Inspection is rendered ineffective due to the volume of traffic involved High performance and scalable packet inspection tools are highly expensive
  • 23. The Loopholes Localization and branching of enterprises means more users and many services Firewall rules are used to block any undesired traffic but web service traffic (port 80) is allowed in most networks Sophisticated attacks use port 80 with the ACK bit set so that traffic appears to be legitimate web transactions Such traffic surpasses the firewalls and enters your network
  • 24. The Loopholes Localization and branching of enterprises means more users and many services Firewall rules are used to block any undesired traffic but web service traffic (port 80) is allowed in most networks Sophisticated attacks use port 80 with the ACK bit set so that traffic appears to be legitimate web transactions Such traffic surpasses the firewalls and enters your network
  • 25. The Loopholes Meshed networks include more nodes than the STAR topologies of the old times Traffic between sites choose the best path and do not always traverse through a center node Packet analysis / inspection technology not be feasible at all nodes Multiple locations and hence data collection for packet inspection at each point is difficult
  • 26. The Loopholes Meshed networks include more nodes than the STAR topologies of the old times Traffic between sites choose the best path and do not always traverse through a center node Packet analysis / inspection technology not be feasible at all nodes Multiple locations and hence data collection for packet inspection at each point is difficult
  • 28. The Solution Enter NetFlow Technology developed by Cisco Systems - initially used as a switching path Primary network IP traffic accounting technology All major vendors now support flow export : NetFlow - Cisco, Adtran, 3COM sFlow - Alcatel, HP, Brocade, Enterasys, Dell IPFIX - Nortel / J-Flow - Juniper
  • 29. The Solution About NetFlow Captures specific information from network IP Traffic and stores to the device’s NetFlow cache Traffic information exported as UDP packets to the configured destination 7 Key fields defines a flow as one unique conversation in NetFlow
  • 30. The Solution About NetFlow Source Interface (ifindex) Protocol Source IP Address Destination IP Address Source Port Destination Port ToS
  • 31. The Solution Core Network Edge Router NetFlow enabled interface UDP NetFlow NetFlow Collector
  • 32. The Solution Core Network Edge Router NetFlow enabled interface UDP NetFlow NetFlow Collector
  • 33. The Solution ManageEngine NetFlow Analyzer Without NetFlow Analysis Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic Traffic With NetFlow Analysis TCP ESP Kazaa HTTP Src IP Cnvrstn IPv4 DSCP Octets 80 UDP GRE Torrent Telnet Dst IP Host IPv6 ToS Time 23
  • 34. The Solution ManageEngine NetFlow Analyzer Leverages on the flow data exported from your network devices Reports on traffic, applications, hosts, conversations, QoS, etc. Easy to use GUI and extensive graph options for quick understanding and fast problem drill down
  • 35. The Solution Source Port Source IP Address Who ? Destination Port What ? Destination IP Address Protocol When ? Packet Count Usage ? Flow Start and End time Octet count ToS QoS ? TCP Flags QoS ? Protocol NextHop Input and Output Interface Path ? Source AS Information Route ? (ifindex) Destination AS Information
  • 36. The Solution Advanced Security Analytics Module Flow based network behavior analysis tool Add-On to ManageEngine NetFlow Analyzer and leverages on its agentless data collection capabilities Uses the NetFlow or sFlow data received by NetFlow Analyzer for internal and external threat detection Continuous Stream Mining Engine TM detects network anomalies in real-time
  • 37. The Solution Advanced Security Analytics Module Flow based network behavior analysis tool Add-On to ManageEngine NetFlow Analyzer and leverages on its agentless data collection capabilities Uses the NetFlow or sFlow data received by NetFlow Analyzer for internal and external threat detection Continuous Stream Mining Engine TM detects network anomalies in real-time
  • 38. The Solution NetFlow Data Advanced Security Analytics Module NetFlow Analyzer Flow based network behavior analysis tool Add-On to ManageEngine NetFlow Analyzer and Continuous Stream Mining Engine leverages on its agentless data collection capabilities Advanced Security Analytics Uses the NetFlow or sFlow data received by NetFlow Analyzer for internal and external threat detection Events Continuous Stream Mining Engine TM detects network anomalies in real-time User
  • 40. Detect Hacking Attempts Network Hacking Reconnaissance Methods Port Scans DNS Lookup Ping Sweeps Traceroute Except port scan, all the traffic is detectable as it is using NetFlow data ASAM analyzes NetFlow data and detect scans – TCP Scans like SYN scan, reverse scan, Xmas-Tree scan
  • 41. Detect Hacking Attempts Network Hacking Reconnaissance Methods Port Scans DNS Lookup Ping Sweeps Traceroute Except port scan, all the traffic is detectable as it is using NetFlow data ASAM analyzes NetFlow data and detect scans – TCP Scans like SYN scan, reverse scan, Xmas-Tree scan
  • 42. Stopping Zero-Day Malwares Identify the Top N and baseline your network behavior Change in traffic patterns can be identified using NetFlow data Sudden increase in traffic, spike in UDP traffic, etc. Get alerted when such changes occur
  • 43. Stopping Zero-Day Malwares Identify the Top N and baseline your network behavior Change in traffic patterns can be identified using NetFlow data Sudden increase in traffic, spike in UDP traffic, etc. Get alerted when such changes occur
  • 44. Stopping Zero-Day Malwares Session based identification helps track malware Abnormal traffic to many hosts from single host on a single port can be a worm Traffic from IANA reserved addresses or over reserved protocols is malicious traffic ASAM identifies such traffic and creates alerts
  • 45. Stopping Zero-Day Malwares Session based identification helps track malware Identify the Top N and baseline your network behavior Abnormal traffic to many hosts from single host on a Change in traffic patterns can be identified using single port can be a worm NetFlow data Traffic from IANA reserved addresses or over Sudden increase in traffic, spike in UDP traffic, etc. reserved protocols is malicious traffic Get alerted when such changes occur ASAM identifies such traffic and creates alerts
  • 46. Internal Network Threat Detection Telecommuting brings malwares into the network An IDS deployment for internal traffic is not feasible NetFlow is light on the bandwidth and device resources Most of your devices come with support for NetFlow or similar flow format Enable flow export and get visibility on both ingress and egress traffic flow
  • 47. Internal Network Threat Detection Telecommuting brings malwares into the network An IDS deployment for internal traffic is not feasible NetFlow is light on the bandwidth and device resources Most of your devices come with support for NetFlow or similar flow format Enable flow export and get visibility on both ingress and egress traffic flow
  • 48. Monitoring High Speed Networks Packet inspection software capable of handling 10G network traffic are few and expensive NetFlow data captures just the important information from actual traffic Do traffic analytics using NetFlow information Use packet capture only where absolutely necessary Brings down cost and helps in faster troubleshooting
  • 49. Monitoring High Speed Networks Packet inspection software capable of handling 10G network traffic are few and expensive NetFlow data captures just the important information from actual traffic Do traffic analytics using NetFlow information Use packet capture only where absolutely necessary Brings down cost and helps in faster troubleshooting
  • 50. Solution for Meshed Networks The star (hub and spoke) networks are a thing of past Meshed networks today allow traffic to pass through all nodes depending on best path An IDS or packet inspection at each node is not feasible Utilize the already available NetFlow from your network devices in locations like branches
  • 51. Solution for Meshed Networks The star (hub and spoke) networks are a thing of past Meshed networks today allow traffic to pass through all nodes depending on best path An IDS or packet inspection at each node is not feasible Utilize the already available NetFlow from your network devices in locations like branches
  • 53. ManageEngine NetFlow Analyzer An all software solution for bandwidth monitoring, traffic analytics and anomaly detection Supports all flow formats as well as most of Cisco’s performance monitoring technologies Cisco NBAR, CBQoS, IPSLA and WAAS reports Additional features includes AS reporting, capacity planning, support for Cisco ASA NSEL, usage alerts, etc.
  • 54. What else is NetFlow Analyzer Highly granular traffic reports based on speed, volume, utilization and packets updated in real-time Conversations details for each minute thus helping with the quick troubleshooting of network incidents
  • 55. What else is NetFlow Analyzer Highly granular traffic reports based on speed, volume, Details on protocol distribution, in real-time usage & custom utilization and packets updated application application monitoring Conversations details for each minute thus helping with the Future ready with IPv6of network incidents quick troubleshooting conversation reports
  • 56. What else is NetFlow Analyzer Highly granular traffic reports based on speed, volume, Details on protocol distribution, in real-time usage & custom utilization and packets updated application application monitoring Conversations details for each minute thus helping with the Future ready with IPv6of network incidents quick troubleshooting conversation reports
  • 57. What else is NetFlow Analyzer Highly granular traffic reports based on speed, volume, Details on protocol distribution, in real-time usage & custom utilization and packets updated application application monitoring Conversations details for each minute thus helping with the Future ready with IPv6of network incidents quick troubleshooting conversation reports
  • 58. What else is NetFlow Analyzer Highly granular traffic reports based on speed, volume, Details on protocol distribution, in real-time usage & custom utilization and packets updated application application monitoring Conversations details for each minute thus helping with the Future ready with IPv6of network incidents quick troubleshooting conversation reports
  • 60. ASAM – An Overview Security Posture page to list all detected anomalies grouped under problem classes Drill down on each problem for problem analysis or resource analysis In-depth details on each event, source, destination and route Helps you take quick decisions to block IP’s or take action on the device level
  • 61. ASAM – An Overview Security Posture page to list all detected anomalies grouped under problem classes Drill down on each problem for problem analysis or resource analysis In-depth details on each event, source, destination and route Helps you take quick decisions to block IP’s or take action on the device level
  • 62. ASAM – An Overview
  • 63. Conclusion An IDS and firewall only system is a thing of the past New age networks face more sophisticated problems A combination of well set firewall rules, an effective IDS/IPS system and NetFlow analysis is the answer
  • 65. Questions? ManageEngine NetFlow Analyzer is used by over 4000 customers worldwide. Visit our website for details: www.manageengine.com www.netflowanalyzer.com sales@manageengine.com nfs@manageengine.com