Download Network Management

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
Document related concepts

Computer network wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Deep packet inspection wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Airborne Networking wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Wireless security wikipedia , lookup

Network tap wikipedia , lookup

Computer security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Distributed firewall wikipedia , lookup

Transcript 
NetRanger
Intrusion Detection System
Marek Mąkowski
[email protected]
0600_11F8_c2
The Security Wheel: Defense In-Depth
Effective network security requires defense in-depth, multiple
capabilities - a combination of framework/process, technology, and
expertise/ongoing operations…
2)
5)
MANAGE &
IMPROVE
•Centralized Policy &
Configuration Management
•Trend Analysis
•Management Reports
•Incident Response
SECURE
•ID/Authentication
•Encryption & VPN
•Firewalls
•Security Design &
Implementation/Integration
1)
Corporate
Security
Policy
3)
•Policy Development
& Review
4) AUDIT/TEST
•Vulnerability Scanning & Analysis
•Security Posture Assessment
•Risk Assessment
MONITOR
•Real-Time Intrusion
Detection & Response
•7x24 Monitoring
Why Active Audit?
• The hacker might be an employee or ‘trusted’ partner
Up to 80% of security breaches are from insiders -- FBI
• Your defense might be ineffective
One in every thee intrusions occur where a firewall is in place -- Computer
Security Institute
• Your employees might make mistakes
Misconfigured firewalls, modems, old passwords, etc.
• Your network will Grow and Change
Each change is a security risk
Firewalls, Authorization, Encryption do not provide
Visibility into these problems
Active Audit -- Goal: Visibility
• NetRanger
Intrusion
Detection System
Monitors user behaviors while
the network
on
Similar to the guards, video
cameras and motion detectors that
help secure bank vaults
NetRanger Overview
• Real-Time Intrusion Detection
and Response
• Finds and stops unauthorized
activity occurring on the
network --- “reactive”
appliance
• Network “motion sensor,
video camera, and security
guard”
• Industry-leading technology
Scalable, distributed operation
High performance (100MB
Ethernet, FDDI, Token Ring)
“On-the-fly” re-configuration of
Cisco Router ACLs to shun
intruders
NetRanger Architecture
NetRanger Director
NetRanger Sensor
* Software *
* Appliance *
Comm
• Alarm Handling
• Configuration Control
• Signature Control
•
•
•
•
Detection
Alarm Generation
Response
Countermeasures
Sensor Appliance
Sensor Front Panel
Sensor Back Panel
Monitoring
NIC
Command
NIC
Attack Signature
Detection
• Scans Packet Header and Payload
Single and multiple packet attacks
• Three-tier Attack Detection
1. Name Attacks (Smurf, PHF)
2. General Category (IP Fragments)
3. Extraordinary (TCP Hijacking, E-mail Spam)
• Customer Defined Signatures
String matching (words)
Quickly defend against new attacks
Scan for unique misuse
Sensor—Detect Intrusions
Ping of Death
Context:
(Header)
Content:
(Data)
Port Sweep
SYN Attack
Land Attack
MS IE Attack
TCP Hijacking
Telnet Attacks
DNS Attacks
Character Mode
Attacks
“Atomic”
Single Packet
“Composite”
Multiple Packets
Sensor—Event Logging
Events are Logged for Three Different Activities
Alarms—when signature is
detected
Errors—when error is
detected
Commands—when user
executes command on
Director or Sensor
0973_03F8_c2
NW98_US_401
Ping Sweep
Lost Communications
Director
Sensor
Shun Attacking Host
Director
Sensor
30
Sensor—Attack Response
Session Termination and Shunning
Session
Termination
Kills an active
session
Attacker
Kill current
session
TCP Hijack
Sensor
Shun
Attacker
Shunning
Reconfigure router
to deny access
Network
Device
Sensor
Sensor—Session Logging
• Capture evidence (Keystrokes) of suspicious or
criminal activity
• Fish Bowl or Honeypot -- Learn and record a
hacker’s knowledge of your network
Attack
Attacker
Sensor
Session
Log
Protected
Network
NetRanger Deployment
Corporate Network
Engineering
NetRanger
Cisco Secure
Server
NetRanger
ID/Auth.
TACACS+
Finance
PIX Firewall
IOS Firewall
Cisco Router
Internet
Switch
NR/NS
NetSonar
WWW Server
NetRanger
NetRanger
Admin
DNS Server
DNS
Cisco Router
Dial-Up
Access
Cisco Router
Business
Partner
NetRanger
Director
Remote
Security
Monitoring
NetRanger Director
• Geographically Oriented GUI
Operations-friendly HP OpenView GUI
Color Icon Alarm notification
Quickly pinpoint, analyze and respond
Maintain Security operations consistency
• Network Security Database
Attack info, hotlinks, countermeasures
Customizable
• Monitor Hundreds of Sensors per NOC
Software Requirements
Operating Systems
Solaris 2.5.1 or 2.6
HP-UX 10.20
HP OpenView 4.11, 5.01, 6.0
Web browser (for NSDB)
Hardware Requirements
• Sun SPARC platform with:
NetRanger install partition: /usr/nr (50 MB)
NetRanger log partition: /usr/nr/var (2 GB)
HP OpenView install partition: /opt (110 MB)
Java run-time environment: /opt (12 MB)
System RAM: 96 MB
Hardware Requirements (cont.)
• HP-UX platform with:
NetRanger install partition: /usr/nr (50 MB)
NetRanger log partition: /usr/nr/var (2 GB)
HP OpenView install partition: /opt (65 MB)
Java run-time environment: /opt (10 MB)
System RAM: 96 MB
Director - Distributed Management
• Enterprise
Strategic
Management
Director
Tier 1
• Regional
Operational
Management
Director
Tier 2
Director
Tier 3
N e t R a n g e r
TM
N e t R a n g e r
TM
• Local Network
Security
Management
Director
Tier 3
N e t R a n g e r
TM
N e t R a n g e r
TM
N e t R a n g e r
TM
N e t R a n g e r
TM
N e t R a n g e r
TM
N e t R a n g e r
TM
Alarm Display and Management
Context
intrusion
alarm
Sensor
icon
Director
icon
Content
intrusion
alarm
Configuration Management
Network Security Database
• On-line reference tool
• Contains:
Descriptions
Recommendations and
fixes
Severity ratings
Hyperlinks to external
information/patches
E-mail and Script Execution
E-mail
Notification
Sends notification
to
e-mail recipient
or pager.
Custom Script
Execution
Starts any userdefined script.
The Security Wheel: Defense In-Depth
Effective network security requires defense in-depth, multiple
capabilities - a combination of framework/process, technology, and
expertise/ongoing operations…
2)
5)
MANAGE &
IMPROVE
•Centralized Policy &
Configuration Management
•Trend Analysis
•Management Reports
•Incident Response
SECURE
•ID/Authentication
•Encryption & VPN
•Firewalls
•Security Design &
Implementation/Integration
1)
Corporate
Security
Policy
3)
•Policy Development
& Review
4) AUDIT/TEST
•Vulnerability Scanning & Analysis
•Security Posture Assessment
•Risk Assessment
MONITOR
•Real-Time Intrusion
Detection & Response
•7x24 Monitoring
What comprises Active Audit?
NetRanger
NetSonar
• Real-time analysis
• Vulnerability
scanning
• Intrusion detection
• Dynamic response
• Assurance
• Network mapping
• Measure exposure
• Security expertise
Reactive
Proactive
NetSonar™
Security Scanner
“Proactive Security”
0305_10F8_c2
Active Audit—Network
Vulnerability Assessment
• Assess and report on
the security status of
network components
Scanning (active, passive),
vulnerability database
NetSonar
NetSonar Overview
• Vulnerability scanning and
network mapping system
• Identifies and analyzes security
vulnerabilities in ever-changing
networks -- “proactive” software
• Industry-leading technology
Network mapping
Host and device identification
Flexible reporting
Scheduled scanning
Network Discovery Process
Network Mapping
• Identify live hosts
• Identify services on hosts
Vulnerability Scanning
• Analyze discovery data for
potential vulnerabilities
• Confirm vulnerabilities on
targeted hosts
Target
Target
Target
Target
Network Mapping Tool
• Uses multiple techniques
Ping sweeps - Electronic Map
Port sweeps - Service discovery
• Unique discovery features
Detects workstations, routers, firewalls, servers,
switches, printers, and modem banks
Detects Operating Systems and version numbers
Does not require SNMP
Vulnerability Assessment Engine
• Potential Vulnerability Engine -- Passive
Compares network discovery data to rules to reveal
potential vulnerabilities
• Confirmed Vulnerability Engine -- Active
Uses well-known exploitation techniques to fully
confirm each suspected vulnerability and to identify
vulnerabilities not detected during passive mapping
How NetSonar Works
FTP Bounce Exploit
Network Discovery
Ping Sweep - ID Hosts
Port Sweeps - ID Svcs
Router
Passive Vulnerability
Analysis
Discovery data analyzed
by rules
Active
Email
Svr
Web
Svr
Firewall
• SMTP
• FTP
Active Vulnerability
Analysis
Presentation &
Reporting
Exploits executed against
target hosts
Inactive
Workstation
Communicate
results
• HTTP
• FTP
• Telnet
Workstation:
Windows NT v4.0
•SMB Redbutton
•Anonymous FTP
Related documents
AMC6821 E2E Question
AMC6821 E2E Question
teacher clues - ITGS Textbook
teacher clues - ITGS Textbook
Bosch Graphene Magnetic Sensor
Bosch Graphene Magnetic Sensor
LDR LDR (or Light Dependant Resistor, or Photoresistor) is a
LDR LDR (or Light Dependant Resistor, or Photoresistor) is a
SET-332. Hall Effect sensor based non-contact
SET-332. Hall Effect sensor based non-contact
An Ultra-Low Power Asynchronous-Logic In-Situ Self
An Ultra-Low Power Asynchronous-Logic In-Situ Self
Big data in the Philippine context
Big data in the Philippine context
Smart PV Panel Project Handoff Sensors Dear Future Smart PV
Smart PV Panel Project Handoff Sensors Dear Future Smart PV
wind speed and direction sensors – wsd1
wind speed and direction sensors – wsd1
Solar Panel Current Meter Instructions for MAE255 Homework 2:
Solar Panel Current Meter Instructions for MAE255 Homework 2: