SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick.

Slides:

Advertisements

Similar presentations

Visibility Fabrics for Measurement, Management and Security.

Advertisements

Network Systems Sales LLC

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Deployment of MPLS VPN in Large ISP Networks

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Shared Data Access Network (SDAN)

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

When Technology Falters: The CareGroup Network Outage John D. Halamka MD CIO, CareGroup CIO, Harvard Medical School.

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Increase Wireshark’s Effectiveness by Tapping your Network Data Wednesday, April 2, 2008 Chris.

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical SHARKFEST.

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The Shark Distributed Monitoring System: Distributing Wireshark Deep Packet Analysis to LAN/WAN.

Towards Virtual Routers as a Service 6th GI/ITG KuVS Workshop on “Future Internet” November 22, 2010 Hannover Zdravko Bozakov.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.

Networks and Distributed Systems: Project Ideas

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Net Optics Virtualization Solutions Deployment Case Study Intelligent Access and Monitoring Architecture Solutions.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.

Understanding Network Failures in Data Centers: Measurement, Analysis and Implications Phillipa Gill University of Toronto Navendu Jain & Nachiappan Nagappan.

It’s What You Can’t See That Will Sink You

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Networking Components

Chapter 1: Hierarchical Network Design

Word Wide Cache Distributed Caching for the Distributed Enterprise.

Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.

COEN 252 Computer Forensics

Network Components: Assignment Three

1. There are different assistant software tools and methods that help in managing the network in different things such as: 1. Special management programs.

CS3502: Data and Computer Networks Local Area Networks - 4 Bridges / LAN internetworks.

World Wide Web Caching: Trends and Technologys Gerg Barish & Katia Obraczka USC Information Sciences Institute, USA,2000.

Quintum Confidential and Proprietary 1 Quintum Technologies, Inc. Session Border Controller and VoIP Devices Behind Firewalls Tim Thornton, CTO.

Introduction to Wireshark Making Sense of the Matrix

Firewall Network Processor™: Technical Concept and Business Solutions FNP™ – is a trademark of Fractel Inc. December 2008 Columbus.

High-speed IDS The search for the Holy Grail….. Agenda The Problem Types of IDS’ The Problem Drawbacks Testing Assumptions Conclusions.

© 1999, Cisco Systems, Inc. Module 9: Understanding Virtual LANs.

LAN Switching and Wireless – Chapter 1 Vilina Hutter, Instructor

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.

Clustering In A SAN For High Availability Steve Dalton, President and CEO Gadzoox Networks September 2002.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Net Optics Confidential and Proprietary 1 Bypass Switches Intelligent Access and Monitoring Architecture Solutions.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.

Sven Ubik, Aleš Friedl CESNET TNC 2009, Malaga, Spain, 11 June 2009 Experience with passive monitoring deployment in GEANT2 network.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Hierarchical Network Design Connecting Networks.

Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.

1 Netflow Collection and Aggregation in the AT&T Common Backbone Carsten Lund.

MPLS Introduction How MPLS Works ?? MPLS - The Motivation MPLS Application MPLS Advantages Conclusion.

1 Copyright © 2013 Tap DANZing with Arista Networks Redefining the Cost of the Access Layer.

© 2003, Cisco Systems, Inc. All rights reserved. 2-1 Campus Network Design.

Cisco Study Guide

IXIA + FIREEYE SECURITY BATTLECARD

Barracuda NG Firewall ™

Chapter 1: Explore the Network

CompTIA Security+ Study Guide (SY0-401)

Mitä sovelluksia verkossasi liikkuu? Ja miten sovellukset toimivat?

Instructor Materials Chapter 8: Network Troubleshooting

ETHANE: TAKING CONTROL OF THE ENTERPRISE

Computer Data Security & Privacy

Chapter 5: Inter-VLAN Routing

Proprietary & Confidential

IS3120 Network Communications Infrastructure

CompTIA Security+ Study Guide (SY0-401)

IS4680 Security Auditing for Compliance

Cisco Prime NAM for WAN Optimization Deployment

Presentation transcript:

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick P. Leong CTO | Gigamon Systems LLC SHARKFEST '08 Foothill College March 31 - April 2, 2008

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Agenda Recent changes in the network monitoring Issues with traditional network tapping Data Access Network (DAN) Functions of a Data-Access Switch Example applications Summary Q & A

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Recent Changes in Network Monitoring 9/11 spawned new security and lawful intercept requirements Enron spawned new auditing and monitoring laws New tools optimize E-commerce and internet applications VoIP and media convergence make the network more strategic Network is more valuable; Downtime is unacceptable

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Result: Proliferation of Tools New SOX compliance transaction monitors --- Keep your boss out of jail! IDS Sensors detect external hacker attacks NAC Appliance protects networks from inside --- From your own people! Forensic recorders capture events and how the network being used! Configuration monitoring tools watch over network resources Application and Network troubleshooting

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Proliferation Causes Contention for Span Ports Security and IT Engineers seen here “Negotiating” Over a SPAN Port

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Other Issues Packets belonging to the same flow may go through multiple parallel links e.g. Etherchannel Difficulty in monitoring asynchronously routed mesh topologies The tool cannot keep up with the incoming bandwidth --- many tools are software based e.g. Wireshark

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Solution? Data-Access Network (DAN)

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 What’s a DAN? It’s a out-of-band monitoring network! Includes Passive Tools like: Sensors, Probes, Monitors, Recorders, Analyzers, and Access Switching

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Example of a DAN

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 What’s new? A new “Best Practice” Part of the network infrastructure Facilitates instrumentation of a network Enterprise or Telco What’s new is how data is fed to the tools By a Data-Access Switch Unobtrusive to the primary network

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 What problems do DANs solve? Too Many Power Tools? Not Enough Sockets? ? ? ? ?

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 For Power Tools, use a Power Strip

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Too Many Monitoring Tools? Not Enough Span Ports? ? ? ? ?

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 For Sensors/Monitors/Analyzers, Use a Data Access Switch One Span port serves Many tools

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Monitoring a Mesh Network?

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 If we deploy one tool per span port --- Lots of Hardware and Expensive !!!

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Better to Distribute Connections with a DAN Aggregate and filter flows to consolidated tools

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 DAN is out-of-band “Data Socket” Part of the Reliable Network Infrastructure Plug-in multiple out-of-band tools – any tool to any data Unobtrusive tool changes – never touch the network Do moves, adds, changes at any convenient time Eliminates RSPAN Performance Monitor Security IDS Transaction Auditor Forensic Recorder Protocol Analyzer Switch Storage Area Network Switch Server Farm Consolidated Tool Farm Config Monitor “Data Socket”

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 DAN Solves Access Problems By Aggregating many links to any tool Multicasting any link to many tools Filtering data to map packets to tools Saving $$ Cap Ex and Op Ex budget$ Any to Any Any to Many Many to Any Bit-Mask Filtering

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Example application: Telco Core

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Example application: Telco Edge

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Example Application: 10G Monitoring

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Summary A Data-Access Switch forms a Data-Access Network that: Provides non-intrusive, out-of-band network monitoring Resolves the insufficient span ports issue Reduces the number of tools deployed Can intelligently spread the network traffic to various tools Reduces the load of a particular tool via intelligent hardware-based filtering Provides a “Big Pipe” view of the mesh network