Session 2 security monitoring
Download
1 / 71

Session 2 Security Monitoring - PowerPoint PPT Presentation


  • 57 Views
  • Uploaded on
  • Presentation posted in: General

Session 2 Security Monitoring. Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification. Identifying an Attack. Identification Tools. Network Benchmark Parameter. Device Status. CPU Memory Temperature. CPU Load. Abnormal CPU Load.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha

Download Presentation

Session 2 Security Monitoring

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Session 2Security Monitoring

  • Identify

  • Device Status

  • Traffic Analysis

  • Routing Protocol Status

  • Configuration & Log

  • Classification


Identifying an Attack


Identification Tools


Network Benchmark Parameter


Device Status

  • CPU

  • Memory

  • Temperature


CPU Load


Abnormal CPU Load


Abnormal CPU Load


Identifying an Attack through CPU Load


Identifying an Attack through CPU Load


Identifying an Attack through CPU Load


Temperature


Traffic Analysis

  • Technology (Netflow & Sniffer)

  • Layer 3 or 4 based

  • Application based


Netflow Detect & Affirm


Use Netflow


Detect DoS


Example


Layer 3 or 4 TOP N

  • IP address based

  • Protocol based

  • Port based

  • Packet Size based

  • AS based


Index


overview

Normalin/Normalout

Spoofin/Spoofout

Bandwidth、PPS and Packet Size


Traffic Statistics Picture

  • According to bandwidth

    bandwidth、packet size and PPS

  • According to direction

    normalin/normalout spoofin/spoofout

  • According to time

    4 hours,2 days,1 week,2 months

  • max,min,average,now


Traffic Statistics Picture (overview)


Traffic Statistics


IP TOP 20

  • Order by source/destination address

  • Order by source  destination peer

  • Order by bandwidth and PPS


Traffic Analyse (TOP20)


Traffic Analyse (TOP20)


Packet size TOP20

Order by bandwidth、 PPS


Port Distribution TOP20

  • Order by sour/dest port summary

  • Order by sour/dest port direction

  • Order by bandwidth and pps


Port distribution TOP20


Protocol statistic TOP20

  • According to protocol

    normalin、normalout、spoofin and spoofout

  • Order by bandwidth and pps


Protocol Statistic TOP20


Protocol Picture

  • According to bandwidth and pps

  • According to type

    TCP UDP ICMP

  • According to time

    4hours,2day,1week,2month

  • Max, min, average, now


Protocol (TCP UDP ICMP) Statistics Overview


Protocol (TCP UDP ICMP) Statistics


AS Statistic TOP20

  • According to directionnormalin、normalout、spoofin and spoofout

  • According to bandwidth and pps


AS Statistic TOP20


Abnormal Traffic Query System


Abnormal Traffic Query System


Routing Protocol Status

  • Route Entries

  • Routing Protocol Stability


Route Monitoring


Routing (BGP summary)


Routing Monitoring


BGP Statistics


BGP Monitoring (TEIN2-NORTH)


BGP Monitoring (TEIN2-SOUTH)


BGP Monitoring (TEIN2-JP)


AS Path Entries


Community Entries


IPv4 Prefix


IPv6 Prefix


Route Flapping Top 20


IPv6 Route Flapping Top 10


AAA & Log Audit

  • Account

  • SYSLOG

  • Log audit tools


Configuring Syslog on a router


Configuration change notification and logging


Log skill


SNMP Authentication Failurevia SYSLOG


SNMP Authentication Failurevia SYSLOG


Classification Objectives


Classification ACLs


Classification and Traceback ACLs


Classification and Traceback ACLs


Classification and Traceback ACLs


Classification and Traceback ACLs


Classification and Traceback ACLs


Classification ACLs - Hints


Netflow Classification Technique


show ip cache flow


show ip cache verbose flow


Sink Hole – How to Classify?


ad
  • Login