NAV Project Update By: Meghan Allen and Peter McLachlan.

Slides:

Advertisements

Similar presentations

Network Performance Measurement

Advertisements

Network Instruments Troubleshooting Techniques. What to look for in network monitoring solutions… Key Elements Real Time Statistics Visual Network Traffic.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Web Server Administration

Network Traffic Measurement and Modeling CSCI 780, Fall 2005.

1 Network Analysis Visualization (NAV) Meghan Allen and Peter McLachlan December 15, 2004.

Visualizing Real-Time Network Resource Usage Ryan Blue, Cody Dunne, Adam Fuchs, Kyle King, and Aaron Schulman University of Maryland, Dept. of Computer.

Network Analyzer Example

Security administrators The experts need better tools too!

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Visualizing Real-Time Network Resource Usage Ryan Blue, Cody Dunne, Adam Fuchs, Kyle King, and Aaron Schulman University of Maryland, Dept. of Computer.

Internet Traffic Analysis for Threat Detection Joshua Thomas, CISSP Thomas Conley, CISSP Ohio University Communication Network Services Joshua Thomas,

COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

1 Enabling Secure Internet Access with ISA Server.

Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass.

HiVision SNMP Software.

Defeating Large Scale Attacks: Technology and Strategies for Global Network Monitoring The NetViewer Experiment PAVG in collaboration with Networking Systems.

HTML 1 Introduction to HTML. 2 Objectives Describe the Internet and its associated key terms Describe the World Wide Web and its associated key terms.

A global, public network of computer networks. The largest computer network in the world. Computer Network A collection of computing devices connected.

1 Introduction to Web Development. Web Basics The Web consists of computers on the Internet connected to each other in a specific way Used in all levels.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Business Computing 550 Lesson 4. Fundamentals of Information Systems, Fifth Edition Chapter 4 Telecommunications, the Internet, Intranets, and Extranets.

Web Page Design Vocabulary #4.

Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.

Using Windows Firewall and Windows Defender

Remote OMNeT++ v2.0 Introduction What is Remote OMNeT++? Remote environment for OMNeT++ Remote simulation execution Remote data storage.

1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.

Network Management Tool Amy Auburger. 2 Product Overview Made by Ipswitch Affordable alternative to expensive & complicated Network Management Systems.

Visualizing Information in Global Networks in Real Time Design, Implementation, Usability Study.

Chapter 4 Networking and the Internet. © 2005 Pearson Addison-Wesley. All rights reserved 4-2 Chapter 4: Networking and the Internet 4.1 Network Fundamentals.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

Module 4: Fundamentals of Communication Technologies.

DISTRIBUTED tcpdump CAPABILITY FOR LINUX Research Paper EJAZ AHMED SYED Dr. JIM MARTIN Internet Research Group. Department Of Computer Science – Clemson.

Computer Emergency Notification System (CENS)

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Linux Networking and Security

Module 5: Configuring Internet Explorer and Supporting Applications.

Visualizing Peer-to-Peer Networks Final Presentation By Team SPEW.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Cisco 3 - Switch Perrine. J Page 111/6/2015 Chapter 5 At which layer of the 3-layer design component would users with common interests be grouped? 1.Access.

.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.

Using Ethereal Sarah Johnson Ned Leahy May 2 nd, 2006.

Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.

Interpreting Network Traffic Flows Bill Jensen, Paul Nazario and Perry Brunelli.

Network Sniffer Anuj Shah Advisor: Dr. Chung-E Wang Department of Computer Science.

Cristian Estan, Garret Magin University of Wisconsin-Madison USENIX LISA, 17 December 2015 Interactive traffic analysis and visualization with Wisconsin.

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.

High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.

Visualization Four groups Design pattern for information visualization

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Department of Computer Science & Engineering 5. Acknowledgments 4. Conclusions 3. Evaluation2. Contribution 1. Introduction REU 2008-Packet Sniffer Jose.

COMP2322 Lab 1 Introduction to Wireshark Weichao Li Jan. 22, 2016.

1 Internet Traffic Measurement and Modeling Carey Williamson Department of Computer Science University of Calgary.

Introduction. Internet Worldwide collection of computers and computer networks that link people to businesses, governmental agencies, educational institutions,

SystemCheck Tool and Preparing for Wireless Testing.

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

© 2001, Cisco Systems, Inc. CSPFA 2.0—16-1 Chapter 16 Cisco PIX Device Manager.

VIRTUAL NETWORK COMPUTING SUBMITTED BY:- Ankur Yadav Ashish Solanki Charu Swaroop Harsha Jain.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Interaction and Animation on Geolocalization Based Network Topology by Engin Arslan.

Proventia Network Intrusion Prevention System

Chapter 6 Network Performance Measurement

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Communication Networks NETW 501 Tutorial 3

Chapter 12: Automated data collection methods

Presentation transcript:

NAV Project Update By: Meghan Allen and Peter McLachlan

2 NAV Objectives Develop a tool for network visualization Focus on common protocols: TCP/IP UDP/IP ICMP Within these protocols focus on common services Focus on log files for now Intention is not to re-implement functionality in existing packet sniffers and protocol analyzers but to provide higher level information at-a-glance

3 Scenario 1 – Enterprise Usage Security professionals need tools to help them manage the large volumes of traffic accessing their site They may be interested in seeing traffic access patterns, getting feedback on how heavily their site is being utilized, or doing post-mortem analysis The tool must allow for extensive filtering to display reduced data sets as well as provide means to ‘pop out’ important information

4 Scenario 2 – Home use Many home users now have high speed access, often this access is shared Viewing internet access and bandwidth usage is a good way of detecting virus or spy-ware activity Users may also wonder “where is all my bandwidth going?” – our user interview demonstrated this need as the user was concerned when their bandwidth was being consumed by P2P applications run by their children ISP’s are increasingly implementing bandwidth caps – it is useful for users to visually see how much bandwidth they are using, when they are using it, and what services are consuming the most bandwidth

5 NAV Solution

6 Implementation Currently the services view is implemented using the JFreeChart [1] toolkit, the InfoVis [2] toolkit may be used instead Network packet capture and basic log file parsing is performed using the jpcap [3] native library interface to the pcap [4] packet capture library Wall view is implemented in Java 2D

7 Scalability Both views Dynamic filtering using sliders Real-time analysis of data using capture interface Wall view Bar graphs indicating total traffic transfer per host Implement algorithm to minimize edge crossing Ability to ‘collapse’ hierarchies of address and port ranges Services view Logarithmic scaling of time axis ‘Stretchable’ axis distortions

8 Interaction & Usability User preference dialogs, selecting services to be displayed, specify local IP ranges, display all local traffic User selectable color encoding for wall view Animation patterns in the wall view to show traffic flow VCR like ‘playback’ of the log files Allowing users to specify lists of hosts to which inbound connections are not expected Brushing and linking between the views Conceptual rudiments of intrusion detection

9 Screenshot 2

10 Screenshot 3

11 Challenges Poor documentation of the Infovis Toolkit; the Prefuse [5] package appears to have even less documentation jPCAP packet filtering does not have all the functionality we require Dynamic filtering may not be able to use the native filtering interface Filtering based on time is currently impossible Java does not support unsigned bytes and has poor support for bit level operations making filtering more challenging Neither implementer has extensive experience with graphics in Java Native library interfaces pose difficulties on diverse computing platforms (such as Sun workstations)

12 Related work: PortVis PortVis [6] visualization of network ports published last month discusses displaying abstract security data PortVis

13 Related work: Spinning Cube of Potential Doom Spinning cube of potential doom [7] provides an overview of the entire internet address space and aims to show malicious traffic by displaying incomplete connections (syn/fin scans) Spinning Cube of Potential Doom

14 Bibliography [1] jFreeChart. [2] InfoVis Toolkit [3] jPCAP. [4] PCAP. [5] Prefuse. [6] J. McPherson, K. Ma, P. Krystosk and T. Bartoletti and M. Christensen. PortVis: a tool for port-based detection of security events. Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pages 73-81, [7] S. Lau. The Spinning Cube of Potential Doom. Communications of the ACM, pages 25-26, 2004.