1 / 71

Comprehensive Network Security Monitoring and Traffic Analysis

This session covers essential techniques for effective network security monitoring, device status identification, traffic analysis, and attack identification. Learn to utilize tools for monitoring CPU load, memory, and temperature, as well as analyzing network traffic using Netflow and packet sniffers. Explore traffic statistics, including bandwidth and packet per second (PPS) metrics, and understand abnormal traffic patterns. Gain insights into routing protocol status, including BGP monitoring and stability. Equip yourself with the knowledge to safeguard your network and efficiently respond to potential threats.

lel
Download Presentation

Comprehensive Network Security Monitoring and Traffic Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Session 2Security Monitoring • Identify • Device Status • Traffic Analysis • Routing Protocol Status • Configuration & Log • Classification

  2. Identifying an Attack

  3. Identification Tools

  4. Network Benchmark Parameter

  5. Device Status • CPU • Memory • Temperature

  6. CPU Load

  7. Abnormal CPU Load

  8. Abnormal CPU Load

  9. Identifying an Attack through CPU Load

  10. Identifying an Attack through CPU Load

  11. Identifying an Attack through CPU Load

  12. Temperature

  13. Traffic Analysis • Technology (Netflow & Sniffer) • Layer 3 or 4 based • Application based

  14. Netflow Detect & Affirm

  15. Use Netflow

  16. Detect DoS

  17. Example

  18. Layer 3 or 4 TOP N • IP address based • Protocol based • Port based • Packet Size based • AS based

  19. Index

  20. overview Normalin/Normalout Spoofin/Spoofout Bandwidth、PPS and Packet Size

  21. Traffic Statistics Picture • According to bandwidth bandwidth、packet size and PPS • According to direction normalin/normalout spoofin/spoofout • According to time 4 hours,2 days,1 week,2 months • max,min,average,now

  22. Traffic Statistics Picture (overview)

  23. Traffic Statistics

  24. IP TOP 20 • Order by source/destination address • Order by source  destination peer • Order by bandwidth and PPS

  25. Traffic Analyse (TOP20)

  26. Traffic Analyse (TOP20)

  27. Packet size TOP20 Order by bandwidth、 PPS

  28. Port Distribution TOP20 • Order by sour/dest port summary • Order by sour/dest port direction • Order by bandwidth and pps

  29. Port distribution TOP20

  30. Protocol statistic TOP20 • According to protocol normalin、normalout、spoofin and spoofout • Order by bandwidth and pps

  31. Protocol Statistic TOP20

  32. Protocol Picture • According to bandwidth and pps • According to type TCP UDP ICMP • According to time 4hours,2day,1week,2month • Max, min, average, now

  33. Protocol (TCP UDP ICMP) Statistics Overview

  34. Protocol (TCP UDP ICMP) Statistics

  35. AS Statistic TOP20 • According to directionnormalin、normalout、spoofin and spoofout • According to bandwidth and pps

  36. AS Statistic TOP20

  37. Abnormal Traffic Query System

  38. Abnormal Traffic Query System

  39. Routing Protocol Status • Route Entries • Routing Protocol Stability

  40. Route Monitoring

  41. Routing (BGP summary)

  42. Routing Monitoring

  43. BGP Statistics

  44. BGP Monitoring (TEIN2-NORTH)

  45. BGP Monitoring (TEIN2-SOUTH)

  46. BGP Monitoring (TEIN2-JP)

  47. AS Path Entries

  48. Community Entries

  49. IPv4 Prefix

More Related