Session 2 security monitoring
This presentation is the property of its rightful owner.
Sponsored Links
1 / 71

Session 2 Security Monitoring PowerPoint PPT Presentation


  • 43 Views
  • Uploaded on
  • Presentation posted in: General

Session 2 Security Monitoring. Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification. Identifying an Attack. Identification Tools. Network Benchmark Parameter. Device Status. CPU Memory Temperature. CPU Load. Abnormal CPU Load.

Download Presentation

Session 2 Security Monitoring

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Session 2 security monitoring

Session 2Security Monitoring

  • Identify

  • Device Status

  • Traffic Analysis

  • Routing Protocol Status

  • Configuration & Log

  • Classification


Identifying an attack

Identifying an Attack


Identification tools

Identification Tools


Network benchmark parameter

Network Benchmark Parameter


Device status

Device Status

  • CPU

  • Memory

  • Temperature


Cpu load

CPU Load


Abnormal cpu load

Abnormal CPU Load


Abnormal cpu load1

Abnormal CPU Load


Identifying an attack through cpu load

Identifying an Attack through CPU Load


Identifying an attack through cpu load1

Identifying an Attack through CPU Load


Identifying an attack through cpu load2

Identifying an Attack through CPU Load


Temperature

Temperature


Traffic analysis

Traffic Analysis

  • Technology (Netflow & Sniffer)

  • Layer 3 or 4 based

  • Application based


Netflow detect affirm

Netflow Detect & Affirm


Use netflow

Use Netflow


Detect dos

Detect DoS


Example

Example


Layer 3 or 4 top n

Layer 3 or 4 TOP N

  • IP address based

  • Protocol based

  • Port based

  • Packet Size based

  • AS based


Index

Index


Overview

overview

Normalin/Normalout

Spoofin/Spoofout

Bandwidth、PPS and Packet Size


Traffic statistics picture

Traffic Statistics Picture

  • According to bandwidth

    bandwidth、packet size and PPS

  • According to direction

    normalin/normalout spoofin/spoofout

  • According to time

    4 hours,2 days,1 week,2 months

  • max,min,average,now


Traffic statistics picture overview

Traffic Statistics Picture (overview)


Traffic statistics

Traffic Statistics


Ip top 20

IP TOP 20

  • Order by source/destination address

  • Order by source  destination peer

  • Order by bandwidth and PPS


Traffic analyse top20

Traffic Analyse (TOP20)


Traffic analyse top201

Traffic Analyse (TOP20)


Packet size top20

Packet size TOP20

Order by bandwidth、 PPS


Port distribution top20

Port Distribution TOP20

  • Order by sour/dest port summary

  • Order by sour/dest port direction

  • Order by bandwidth and pps


Port distribution top201

Port distribution TOP20


Protocol statistic top20

Protocol statistic TOP20

  • According to protocol

    normalin、normalout、spoofin and spoofout

  • Order by bandwidth and pps


Protocol statistic top201

Protocol Statistic TOP20


Protocol picture

Protocol Picture

  • According to bandwidth and pps

  • According to type

    TCP UDP ICMP

  • According to time

    4hours,2day,1week,2month

  • Max, min, average, now


Protocol tcp udp icmp statistics overview

Protocol (TCP UDP ICMP) Statistics Overview


Protocol tcp udp icmp statistics

Protocol (TCP UDP ICMP) Statistics


As statistic top20

AS Statistic TOP20

  • According to directionnormalin、normalout、spoofin and spoofout

  • According to bandwidth and pps


As statistic top201

AS Statistic TOP20


Abnormal traffic query system

Abnormal Traffic Query System


Abnormal traffic query system1

Abnormal Traffic Query System


Routing protocol status

Routing Protocol Status

  • Route Entries

  • Routing Protocol Stability


Route monitoring

Route Monitoring


Routing bgp summary

Routing (BGP summary)


Routing monitoring

Routing Monitoring


Bgp statistics

BGP Statistics


Bgp monitoring tein2 north

BGP Monitoring (TEIN2-NORTH)


Bgp monitoring tein2 south

BGP Monitoring (TEIN2-SOUTH)


Bgp monitoring tein2 jp

BGP Monitoring (TEIN2-JP)


As path entries

AS Path Entries


Community entries

Community Entries


Ipv4 prefix

IPv4 Prefix


Ipv6 prefix

IPv6 Prefix


Route flapping top 20

Route Flapping Top 20


Ipv6 route flapping top 10

IPv6 Route Flapping Top 10


Aaa log audit

AAA & Log Audit

  • Account

  • SYSLOG

  • Log audit tools


Configuring syslog on a router

Configuring Syslog on a router


Configuration change notification and logging

Configuration change notification and logging


Log skill

Log skill


Snmp authentication failure via syslog

SNMP Authentication Failurevia SYSLOG


Snmp authentication failure via syslog1

SNMP Authentication Failurevia SYSLOG


Classification objectives

Classification Objectives


Classification acls

Classification ACLs


Classification and traceback acls

Classification and Traceback ACLs


Classification and traceback acls1

Classification and Traceback ACLs


Classification and traceback acls2

Classification and Traceback ACLs


Classification and traceback acls3

Classification and Traceback ACLs


Classification and traceback acls4

Classification and Traceback ACLs


Classification acls hints

Classification ACLs - Hints


Netflow classification technique

Netflow Classification Technique


Show ip cache flow

show ip cache flow


Show ip cache verbose flow

show ip cache verbose flow


Sink hole how to classify

Sink Hole – How to Classify?


  • Login