《计算机网络管理》
This presentation is the property of its rightful owner.
Sponsored Links
1 / 103

《计算机网络管理》 主讲教师:王继龙 清华大学信息网络工程研究中心 [email protected] PowerPoint PPT Presentation


  • 165 Views
  • Uploaded on
  • Presentation posted in: General

《计算机网络管理》 主讲教师:王继龙 清华大学信息网络工程研究中心 [email protected] 第四章 网络测量和监控. 第一节 网络测量技术综述 第二节 网络测量技术专题 第三节 网络测量系统举例. 第二节网络测量技术专题. 拓扑和路由测量 故障测量 性能测量 安全测量. ISN’T THIS GREAT?. 业主监视网络状况 学生监视老师行踪 我能看到你在做什么 …. 专题一、拓扑和路由测量. 拓扑测量 —— 搜索网络中的互连设备,并确定连接关系. 主动式测量——基本原理. Temporary Set. Heuristic.

Download Presentation

《计算机网络管理》 主讲教师:王继龙 清华大学信息网络工程研究中心 [email protected]

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Wjl cernet

《计算机网络管理》

主讲教师:王继龙

清华大学信息网络工程研究中心

[email protected]


Wjl cernet

第四章网络测量和监控

  • 第一节 网络测量技术综述

  • 第二节 网络测量技术专题

  • 第三节 网络测量系统举例

[email protected]


Wjl cernet

第二节网络测量技术专题

  • 拓扑和路由测量

  • 故障测量

  • 性能测量

  • 安全测量

[email protected]


Isn t this great

ISN’T THIS GREAT?

  • 业主监视网络状况

  • 学生监视老师行踪

  • 我能看到你在做什么…

[email protected]


Wjl cernet

专题一、拓扑和路由测量


Wjl cernet

拓扑测量——搜索网络中的互连设备,并确定连接关系


Wjl cernet

主动式测量——基本原理

Temporary Set

Heuristic

Permanent Set

[email protected]


Wjl cernet

DNS ls、netstat、tracert

获得线索

Permanent Set


Wjl cernet

Measure

Temporary Set

Ping、B_Ping、snmp、tracert、telnet

Permanent Set

[email protected]


Wjl cernet

启发新线索

Permanent Set

Random Probe、TraceRT、B_ping、routeTable 、ARP_Table

[email protected]


Wjl cernet

一些说明

  • 很多网络不支持Ping的广播

  • 很多网络限制对SNMP的访问

  • 物理拓扑/逻辑拓扑


Wjl cernet

被动式测量

  • 路由协议监听

    • OSPF

    • BGP

[email protected]


Wjl cernet

路由测量

  • 加州大学berkeley分校用traceroute收集和分析分布在全球37个测量点之间链路的路由行为信息

  • Oregon大学通过在特定路由器上运行的BGP协议收集某些自治域间的路由行为信息

  • 目前,研究仅限于路由行为数据的收集、聚合和简化,对收集到的数据只作定性分析

[email protected]


Wjl cernet

网络距离

  • 问题:我想访问离我最近的服务器

  • 应用

    • WEB Server镜像站点的选择

    • Peer-to-Peer端节点的选择

[email protected]


Wjl cernet

专题二、故障测量和监控


Wjl cernet

  • ISP connection down

  • LAN segment overloaded

Network

Failure 18.2%

  • CPU overloaded

  • NIC failure

  • Process hung

  • Slowed database performance

Systems

Applications

Server Failure 20%

OS Failure 24.6%

Failure 28.5%

Source: IDC

Administration 8.7%

故障分布

Chris Morino, Resonate

[email protected]


Wjl cernet

故障诊断的基本步骤

  • 收集可供使用的信息,分析故障症状

  • 将问题隔离在单一网段、单一独立功能或模块、或单一用户内

  • 将问题隔离在本单元中特定硬件或软件内,或者用户帐号

  • 问题定位与修复

  • 验证问题是否已经得到解决

  • 绝不要轻易相信用户,他们可能被假象迷惑,要亲自验证一切。

[email protected]


Wjl cernet

应急处理

冷启动PC

验证PC是否硬件错误

验证网络电缆连接

验证所有网络驱动程序正确装载

验证PC机、服务器近期没有引起问题的更改。

专业处理

验证故障点是否有可成功访问的网络

检查局域网性能

HUB 状态

电缆连接

网络统计

跟踪碰撞

验证网桥或路由器

问题一:不能访问服务

[email protected]


Wjl cernet

应急处理

冷启动PC

验证PC是否硬件错误以及网络连接

验证网络驱动程序正确装载

验证PC机引起问题的更改

排除PC机内存中其他驻留程序问题

专业处理

网络统计检查是否有高利用率和高碰撞率

测试HUB端口

测试网卡驱动

测试级联的HUB

测试路由

测试大小数据包丢包

问题二:连接中断

[email protected]


Wjl cernet

确定问题性质

网络媒介问题

特定站点、服务器问题

媒介问题

利用率和碰撞率

检查FCS错误帧

碰撞突发性

端接不正确

阻抗不连续

损坏的网卡

软件问题

确定流量大的站点

故障点使用的应用和服务

混合协议测试占用带宽的无关协议

测试广播流量

测试VLAN、路由设备的隔离情况

硬件问题

了解出问题的MAC

Ping测试丢包

互联设备满负荷

线缆串绕

问题三:速度缓慢

[email protected]


Wjl cernet

外部干扰

电扇

空调

加热器

复印机

荧光灯

电梯

电机

电源问题

损坏的电缆或接头

电缆过长

接地问题

网络噪声

[email protected]


Tcp ip

IP地址管理

决不能有重复地址

建立完善的分配和回收制度

杜绝非法使用

建议使用DHCP、MAC认证和VLAN

主机设置文档备份

控制变更过程

TCP/IP网络问题预防

[email protected]


Tcp ip1

应急处理

冷启动

确认无硬件故障

确认电缆连接

确认网卡驱动正确安装

确认近期对该主机调整

确认MAC无误

专业测试

IP设置问题

协议封装问题

是否普遍问题

是否物理问题

ARP响应

路由器与下一级的连接

DNS问题

路由问题

服务器设置问题

TCP/IP不能连接的故障

[email protected]


Tcp ip2

TCP/IP间歇连接中断

  • 应急处理同前

  • 专业处理

    • 数据包丢失

      • Ping测试

      • 同网段主机扫描

    • 路由漂移

[email protected]


Wjl cernet

性能指标

流量

延时

路由协议的选择

RIP、IGRP、OSPF

路由跟踪

网络瓶颈

网络拓扑

拥塞链路

低速路由器

兼职路由器过载

拥挤路由

低速主机

主机处理能力

接口卡和驱动性能

服务器过载

网络应用方式

速度缓慢或者性能不良

[email protected]


Wjl cernet

健康以太网络的指标

  • 平均网络利用率不超过40%

  • 平均碰撞率不超过5%

  • 错误(过长帧、过短帧、帧校验错误、延时碰撞)不应该出现

  • 广播流量小于5%

[email protected]


Wjl cernet

ping

  • ping IP/name [-t] [-a] [-n count] [-l size]

    • t:不停地向目标主机发送数据

    • a:显示目标主机的域名

    • n count:指定要Ping多少次,具体次数由count来指定

    • l size:指定发送到目标主机的数据包的大小

    • f:IP包中设置DF标志(强制无分段)

    • i ttl:设置ttl

    • v TOS:设置Type of Service

    • r count:记录路由

    • s count:记录时间戳

    • J host-list:非强制源路由

    • k host-list:强制源路由

    • W timeout:最大等待时间

[email protected]


Tracert

TraceRT

  • tracert IP/域名 [-d][-h maximumhops][-j host_list] [-w timeout]

    • d:不解析目标主机的名字

    • h maximum_hops :指定搜索到目标地址的最大跳数

    • j host_list:源路由

[email protected]


Netstat

netstat

  • netstat [-r] [-s] [-n] [-a]

    • r 显示本机路由表的内容;

    • s 显示每个协议的使用状态(包括TCP协议、UDP协议、IP协议);

    • n 以数字表格形式显示地址和端口;

    • a 显示所有主机的端口号

[email protected]


Winipcfg ipconfig

Winipcfg/ipconfig

  • ipconfig

    • /all

    • /release [adaptor]

    • /renew [adaptor]

    • /flushdns

    • /registerdns

    • /displaydns

    • /showclassid

    • /setclassid

[email protected]


Wjl cernet

版本 V

头长HL

服务类型 TOS

总长度 TLEN

标识符 Identification

标志Flag

分片偏移量 Offset

生存时间 TTL

协议 Protocol

分组头校验和 Checksum

源 IP 地址 Source

目的 IP 地址 Destination

IP 选项 Option

填充 Pad

数据

IP 分组的结构

0 4 8 16 19 24 31

[email protected]


Wjl cernet

0 1 2 3 4 5 6 7

优先权

D

T

R

未用

  • 用户希望的传输类型:

    • D:低时延

    • T:高吞吐率

    • R:高可靠性

  • 分组的优先权(Precedence):

    • 体现本分组的重要程度(0~7)

    • 0:一般优先权

    • 7:网络控制优先权

IP 分组头

  • 服务类型(TOS – Type Of Service)

[email protected]


Wjl cernet

IP 选项

  • 分组头中 IP 选项字段是任选的

  • IP 选项主要用于网络控制和测试

    • 源选路(source route)选项

    • 路由记录(record route)选项

    • 时间戳(time stamp)选项

    • ……

  • IP 选项需要由通路上的每一个路由器来处理

  • 实际应用中, IP 选项很少使用

[email protected]


Wjl cernet

专题三、性能测量和监控


Overview

Overview

  • 确定测量项目和指标

  • 确定测量点和参考点

  • 选定工具/收集数据

  • 分析

[email protected]


Wjl cernet

性能测量?

  • TRAFFIC FOR DESTINATIONS:INSIDE &OUTSIDE

  • TOP-TALKERS:INSIDE&OUTSIDE

  • Application oriented workload

  • SLAs

    • Responsiveness

    • Availability

    • Reliability

    • Throughput

  • CPU and Memory utilization

  • End-to-end Response Time for frequently used transactions

  • Number of concurrent users

  • Network collisions, error rates

  • Queue depths

[email protected]


Wjl cernet

参照点选择

  • 参照点:性能测量不可能针对所有的网络实体,而只能针对其中“有代表性”的一部分,我们称这一部分实体为参考点。测量过程通常是在监控点和参考点之间“制造”一个通信过程,通过记录这一过程来或取计算行为指标所需要的数据

  • 可靠性 :参照点出现故障或被关机或因为其它原因暂停工作,将导致在一段时间内没有任何数据(除了service unavailable),这会对整体测量结果产生极其恶劣的影响

  • 有效性:参考点的有效性也即从参考点获取的数据的真实性

  • 代表性 :通过参照点获取的数据不应仅仅反映参照点自身的性能变化,而且要反映出一个相关实体集合的共性特点

[email protected]


Wjl cernet

测量工具的影响

  • 同一网络环境和同一测量方式下,可以采用不同的测量工具,所得到的行为指标会存在差异

  • 两种不同测量工具( ping 和 xchkaccess )对 1760 个web服务器的响应延迟的测量结果比较

  • 结果分析:xchkaccess通信要建立tcp连结,通信开销大于icmp通信

[email protected]


Tools

Tools

  • Clients

    • Application Response Monitor (ARM)

    • Workstation Performance Monitors

  • Networks

    • Sniffers, Network Monitoring software

      • Openview, Tivoli, CiscoWorks

    • Active measurement tools

  • Servers, Proxies

    • OS monitoring tools

[email protected]


End to end available bandwidth measurement

C1

C2

C3

C4

End-to-end Available Bandwidth Measurement

  • Capacity: Maximum throughput without cross-traffic

  • Available bandwidth: Maximum throughput given cross-traffic

A1

A2

A3

A4

Source

Destination

[email protected]


Applications

Applications

  • Efficiency of application

  • Choose the “best” server

  • Congestion control

  • Multicast routing

  • Etc…

[email protected]


Pathchar

q2

q1

q3

q4

n-1

n

Pathchar

  • Lots of UDP probes with different sizes and TTLs

  • Estimates latency and bandwidth

    rtt from (n-1)th to n-th 2*lat + ip_size / bw

  • Dynamic behavior hard as queues neglected and various other assumptions

  • Link-by-link measurement

[email protected]


Wjl cernet

[email protected]


Packet pair nettimer

Packet-pair(Nettimer)

  • Send packets back-to-back and estimate the narrow link capacity from the packet dispersion

  • Only measures end-to-end capacity while neglecting cross-traffic

Tn+1 - Tn = max(S/BW, T1 – T0)

Size/BW

T1 T0

Tn+1 Tn

[email protected]


Wjl cernet

MRTG

  • Highly portable SNMP based tool

  • Provides only 5 min averages of link utilization

  • Used by the network operators only as router SNMP community string information required

  • Link-by-link measurement

  • http://people.ee.ethz.ch/~oetiker/webtools/mrtg/

[email protected]


Wjl cernet

通过端口的流量推测端到端的流量,发现流量分布特征。

[email protected]


Pathload

Pathload

  • Sends Self-Loading Periodic Streams at increasing rates till the rate is larger than the tight link available bandwidth and the relative one way delays of packets show an increasing trend.

  • This scheme is highly intrusive even though the scheme measures the available bandwidth of the tight link

  • End-to-end available bandwidth measurement

[email protected]


Measurement tool pinger

Measurement tool: PingER

  • PingER( Ping End-to-end Reporting )monitor end-to-end performance of Internet links

  • http://www-iepm.slac.stanford.edu/pinger/tools/tools.html

[email protected]


Wjl cernet

路由器流量监测

  • 缘由

    • 线速增长速度远远高于内存访问速度

    • 不可能对每个数据包进行记录

    • 必须对流量进行抽样

  • 问题的关键

    • 如何抽样?

    • 如何将少数的大流和大量的小流区分开

    • 对于网管和计费意义重大

[email protected]


Router based passive measurement

Router-based Passive Measurement

[email protected]


Netramet

NETRAMET

analysisapplication

NeTraMet

METER-MIB

packets

(pcap

NetFlow

LFAP)

meter reader(s)

flowdata

PME

manager

rulesets

[email protected]


Example of a ruleset

EXAMPLE OF A RULESET

if SourcePeerType == IPv4

{

if DestPeerAddress == ( 130.89/16 )

{

count;

}

}

[email protected]


Measuring limits

MEASURING LIMITS

  • WHAT ARE THE LIMITS OF THESE MEASUREMENT TOOLS? CAN, FOR EXAMPLE, SNIFFERS HANDLE MEGABITS OF TRAFFIC?

  • Tsinghua CAMPUS-NET

    • 20000 USERS

    • 500 Mbps PEAK

[email protected]


Measuring limits conclusions

MEASURING LIMITS - CONCLUSIONS

  • CURRENT PCs CAN EASILY HANDLE 0.5 GIGABITS

  • WITH SOPHISTICATED NETWORK CARDS SPEEDS OF SEVERAL GIGABITS SEEM POSSIBLE

[email protected]


Unix command

UNIX Command

  • SAR - System Activity Report, a sampling tool

  • ps

  • vmstat

  • iostat

  • netstat

  • logfiles

[email protected]


Commercial tools

Commercial Tools

  • Netflow(CISCO)

  • ENTERASYS (CABLETRON)

  • NetMetrics(HP OpenView)

  • Performance Monitor(Windows NT)

[email protected]


Measuring tools conclusions

MEASURING TOOLS - CONCLUSIONS

  • MANY TOOLS EXIST

  • SOME ARE COMMERCIAL

  • MANY ARE OPEN SOURCE

[email protected]


Measurement results

MEASUREMENT RESULTS

  • BANDWIDTH CONSUMPTION FOR TOP USERS

  • BANDWIDTH CONSUMPTION FOR AVERAGE USERS

  • POPULAR PROTOCOLSS / APPLICATIONS(Campus)

  • POPULAR PROTOCOLS / APPLICATIONS(Backbone)

[email protected]


Top users

TOP USERS

[email protected]


Average users

AVERAGE USERS

[email protected]


What students do

WHAT STUDENTS DO

[email protected]


Popular applications backbone

POPULAR APPLICATIONS(Backbone)

Data collected: 04-03-2002 / 10-03-2002

http://netflow.internet2.edu/weekly/20020304/

[email protected]


Wjl cernet

专题4:网络安全测量


How much security

convenience

security

How much security?

[email protected]


Common methods of attack

Common methods of attack

  • password guessing/cracking

  • denial of service

  • spoofing/masquerading

  • buffer overruns

  • eavesdropping (sniffing)

  • viruses, worm, trojan horses

[email protected]


Common scenario of the attack

find a scanner for latest OS/server vulnerabilities and scan a wide range of address space

use available exploits to gain access

http://www.securityfocus.com/

Bugtraq mailing list

hide yourself on attacked host

prepare the system for future use

install sniffers to collect passwords

install DDoS tools

Common scenario of the attack

[email protected]


Password attacks

dictionary attacks (UNIX Crack, L0pht Crack for Windows NT)

s6gbs84hNd6gY

…hndz7HndUndp8s6gbs84hNd6gY7/Vbjsopdf9.K…

hash function

Password attacks

original password

[email protected]


Distributed dos

Distributed DoS

  • Trin00, Tribal Flood Network, Stacheldraht, ...

agents

handlers

[email protected]


Buffer overrun

internal function variables (buffers)

savedframe p.

ret.addr.

function arguments

Buffer overrun

void function(char *str) {

char buffer[16];

... code ...

strcpy(buffer,str);

... code ...

}

void main() {

... code ...

function(1,2,3);

... code ...

}

stack

[email protected]


Buffer overrun1

Buffer overrun

  • input string isn’t checked for length

  • the most popular break-in technique

  • UNIX shell code takes only 45 bytes of instructions

  • Code Red exploit code:/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a

instructions

ret.addr.

function arguments

buffer overrun

[email protected]


Securityfocus com

securityfocus.com

[email protected]


Some tools

Some Tools

  • SATAN、Portscan :漏洞检查

    • ftp.cs.unm.edu

  • SNORT:入侵检测

  • COPS:后门检查

    • ftp.cert.org

  • John、password++、Crack、 Npasswd:口令分析

  • Keymon:防口令突破

  • Winnuke.exe:测试NT bug

  • Protocol Analyzer、sniffer

  • TCPWire:监控关键文件和目录

  • TCPWrapper:监控inetd服务

  • Sudo:限制超级用户的访问

  • 可用于防卫,可用于进攻,取决于使用者

[email protected]


Wjl cernet

[email protected]


Wjl cernet

攘外必先安内!!!


Wjl cernet

[email protected]


Wjl cernet

[email protected]


Wjl cernet

[email protected]


Proactive measures

install latest versions of software and apply recommended patches

strip down default services

restrict access to hosts

stay current with new security issues

apply OS and server patches immediately

do regular backups

monitor system activity and integrity

implement a firewall

Proactive measures

connect thesystem to yournetwork

[email protected]


Strip down default services

Strip down default services

port

type

name

port

type

name

7

TCP/UDP

echo

513

UDP

who

9

TCP/UDP

discard

514

UDP

syslog

13

TCP/UDP

daytime

517

UDP

talk

19

TCP/UDP

chargen

2049

TCP/UDP

NFS

21

TCP

ftp

512

TCP

exec

23

TCP

telnet

513

TCP

login

37

TCP/UDP

time

514

TCP

shell

53

TCP/UDP

domain

check /etc/inetd.conf and

comment out unwanted

services!

69

UDP

tftp

110

TCP

pop3

113

TCP/UDP

auth

161

UDP

snmp

[email protected]


Disabling unwanted services

Disabling unwanted services

  • find all services on your system

    • use scanners (nmap) and sys. tools (ps, netstat, lsof)

  • find out whether you need a service

    • is it a public or an internal service?

  • disable unwanted services and test

  • scan your system from an external network

[email protected]


Restrict access to hosts

restrict physical access to servers

restrict network access with filtering software

IP chains, IP tables or IP filter

restrict access to services

TCP Wrapper (/etc/hosts.allow, /etc/hosts.deny, works only from services started by inetd)

apply filters to routers (ACLs)

combine host-based protection with strong authentication (e.g. S/Key one-time passwords)

Restrict access to hosts

[email protected]


Acl syntax simplified

ACL syntax (simplified)

access-list number action protocol source destination flagsnumber100-199 (extended ACLs)actionpermit or denyprotocolip or icmp or udp or tcp or ospf etc.sourcehost and port specificationdestinationhost and port specificationflagsestablished or log etc.

Example:

access-list 101 deny tcp host 192.168.200.13 192.168.100.64 0.0.0.31 eq www

access-list 101 deny udp any 192.168.100.64 0.0.0.31 eq snmp

access-list 101 permit tcp any 192.168.100.64 0.0.0.31 eq telnet

access-list 101 permit tcp any 192.168.100.64 0.0.0.31 eq smtp

access-list 101 deny tcp host 192.168.0.1 gt 1024 192.168.100.64 0.0.0.31 log

access-list 101 permit ospf any any

access-list 101 deny any any this is an implicit rule and is not shown!

[email protected]


Basic router filtering prevent spoofing

drop packets that have source address different from the assigned range

Internet

Basic router filteringPrevent spoofing

192.168.2.0/24

access-list 150 permit 192.168.2.0 0.0.0.255 any

[email protected]


Basic router filtering guard against ip address trust exploits

drop packets with your network’s source address coming from internet

Internet

Basic router filteringGuard against IP address trust exploits

192.168.2.0/24

access-list 160 deny 192.168.2.0 0.0.0.255 any

[email protected]


Basic router filtering don t help flooders

prevent your network being used as a DoS amplifier

Internet

Basic router filteringDon’t help flooders

192.168.2.0/24

no ip directed broadcast

[email protected]


Filtering traffic 1

Filtering traffic (1)

public

private

web serveremail server

DNS server

internal web serveremail serverNetBIOS shared disks and printers

[email protected]


Filtering traffic 2

Filtering traffic (2)

permit tcp/80

permit tcp/25

permit udp/53

public

private

web serveremail server

DNS server

internal web serveremail serverNetBIOS shared disks and printers

[email protected]


Filtering traffic 3

Filtering traffic (3)

permit tcp established

public

private

web serveremail server

DNS server

internal web serveremail serverNetBIOS shared disks and printers

[email protected]


Filtering traffic 4

Filtering traffic (4)

permit any

public

private

web serveremail server

DNS server

internal web serveremail serverNetBIOS shared disks and printers

[email protected]


Filtering traffic 5

Filtering traffic (5)

permit tcp/25

permit udp/53

permit tcp established

public

private

web serveremail server

DNS server

internal web serveremail serverNetBIOS shared disks and printers

[email protected]


Implement a firewall

Internet

Implement a firewall

your network

firewall

public

private

still allows transmission of informationfrom private area into the Internet!

[email protected]


Stay informed

subscribe to mailing lists (CERT/CC advisories, BugTraq, NTBugTraq, Microsoft security advisories, …)

check for new exploits

Stay informed

[email protected]


Apply patches

advisories often offer links to vendor patches

if those are absent, consider a temporary service restriction

Apply patches

sites still report various well-known attacks, although patches have been available for several years

[email protected]


Monitor system activity and integrity

store logs in a safe place

check logs for suspicious entries

compare checksums on essential binaries and configuration files (Tripwire)

monitor incoming connections (Argus, ip filters)

test systems with scanners (nmap, nessus)

Monitor system activity and integrity

[email protected]


Wjl cernet

[email protected]


Use encryption

encrypt your remote sessions (SSH - Secure Shell)

encourage use of email encryption (PGP - Pretty Good Privacy)

encrypt sensitive data on servers

Use encryption

[email protected]


Prevention traps

there is no perfect protection, not even with firewalls

out-of-the-box solutions and“zero administration” don’t exist

Prevention traps

[email protected]


Reactive measures

Reactive measures

  • collect the evidence; if necessary, do a full backup of compromised hosts

  • decide on follow-up actions

    • block further attempts from intruders and sanitise compromised hosts

    • monitor intruder’s activities; preferably setup a restricted fake environment

  • report the incident

[email protected]


Wjl cernet

[email protected]


Wjl cernet

[email protected]


Wjl cernet

[email protected]


Wjl cernet

[email protected]


Wjl cernet

期末考试

  • 网络拓扑设计

  • 传输方案设计

  • IP网络设计

  • 设备选型

  • 路由设计

  • IP分配和网络划分

  • 配置管理方案

  • 故障监控方案

  • 性能监控方案

  • 安全监控方案

  • 计费方案

  • 组织和管理流程设计

[email protected]


  • Login