1 Network Analysis Visualization (NAV) Meghan Allen and Peter McLachlan December 15, 2004.

Slides:

Advertisements

Similar presentations

Overview of network monitoring development at AMRES Slavko Gajin.

Advertisements

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Module 5: Configuring Access for Remote Clients and Networks.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.

Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.

NAV Project Update By: Meghan Allen and Peter McLachlan.

Network Analyzer Example

NetFlow Analyzer Drilldown to the root-QoS Product Overview.

Lesson 19: Configuring Windows Firewall

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

1 Enabling Secure Internet Access with ISA Server.

Lesson 1: Understanding Browsers. This unit is a set of investigations into how to protect against digital threats, and how to detect digital crimes.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Networking Components Christopher Biles LTEC Assignment 3.

4/20/2017 7:57 PM.

Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.

COEN 252 Computer Forensics

Session 10 Windows Platform Eng. Dina Alkhoudari.

By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.

1. There are different assistant software tools and methods that help in managing the network in different things such as: 1. Special management programs.

Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.

Cognos TM1 Satya Mobile:

Computer Networks Unit 1 – BTA 3O Ms. Chytra. Introduction to Networks Most people working in an office with more than a few computers will be using some.

COEN 252 Computer Forensics Collecting Network-based Evidence.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Honeypot and Intrusion Detection System

Module 7: Firewalls and Port Forwarding 1. Overview Firewall configuration for Web Application Hosting Forwarding necessary ports for Web Application.

Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

 An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network.

Module 5: Configuring Access for Remote Clients and Networks.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.

Linux Networking and Security

Firewalls  Firewall sits between the corporate network and the Internet Prevents unauthorized access from the InternetPrevents unauthorized access from.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.

1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Network Monitor By Zhenhong Zhao. What is the Network Monitor? The Network Monitor is a tool that gets information off of the host on the LAN. – Enumerating.

TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES Lesson №18 Telecommunication software design for analyzing and control packets on the networks by using.

Packet Filtering COMP 423. Packets packets datagram To understand how firewalls work, you must first understand packets. Packets are discrete blocks of.

.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.

Using Ethereal Sarah Johnson Ned Leahy May 2 nd, 2006.

Module 7: Advanced Application and Web Filtering.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.

CCDA DESCRIBE THE METHODOLOGY USED TO DESIGN A NETWORK.

Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.

Module 10: Windows Firewall and Caching Fundamentals.

Louisiana Tech Capstone Submitted by Capstone 2010 Cyber Security Situational Awareness System.

Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.

POSTECH 1/39 CSED702D: Internet Traffic Monitoring and Analysis James Won-Ki Hong Department of Computer Science and Engineering POSTECH, Korea

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

Role Of Network IDS in Network Perimeter Defense.

Chapter 4: server services. The Complete Guide to Linux System Administration2 Objectives Configure network interfaces using command- line and graphical.

Also known as hardware/physi cal address Customer Computer (Client) Internet Service Provider (ISP) MAC Address Each Computer has: Given by NIC card.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Digital Pacman: Firewall Edition

IS 4506 Server Configuration (HTTP Server)

Presentation transcript:

1 Network Analysis Visualization (NAV) Meghan Allen and Peter McLachlan December 15, 2004

2 Problem Network traffic analysis is necessary for many home and corporate users Security threats are on the rise on the internet Users are interested in their bandwidth usage Analyzing network data is a difficult challenge Traditional network analysis software only provides detailed text based output These packages do not provide an overview, or capabilities to pop-out important information No dynamic filtering, static queries only Finding specific events can be challenging

3 Ethereal

4 Objective Develop a tool for network visualization Focus on common protocols and services Focus on log files Our intention is to provide high level information at-a-glance

5 Related work Visual Information Security Utility for Administration Live (VISUAL) [1] PortVis [2] NVisionIP [3] The Spinning Cube of Potential Doom [4]

6 Solution NAV provides two overviews and a detail view IP wall view displays connections between local and remote machines colour coded by port number Services view contains a trellis structure of graphs displaying information based on the port number Users can dynamically filter on time Users can statically filter on a number of packet level details

7

8 IP wall view Displays connections between local and remote machines Ability to collapse and aggregate IP address ranges Allows connection hiding to avoid line snarls Displays total traffic per address/port pair

9 Service view Displays a graph for each pre-selected service only if data exists Graph displays traffic (bytes/s) against time Log based time axis can be toggled Service selection is user specified

10 Detail view Drag and drop from IP wall view or services view to display detailed packet information Displays packets for a single IP address or a single port number at a time

11 Evaluation Strengths Good overviews of the information Quickly shows active services that consume network resources Weaknesses Performance/Scalability Application is not feature complete

12 Future work Intrusion detection DNS recognition for IP addresses Expanded preferences Detect unexpected traffic Animation of connections on the wall view

13 References [1] R. Ball, G. A. Fink and C. North, Home-centric visualization of network traffic for security administration, VizSEC/DMSEC '04: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pages 55-64, 2004 [2] K. Lakkaraju, W. Yurcik and A. J. Lee, NisionIP: netflow visualizations of system state for security situational awareness, VizSEC/DMSEC '04: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pages 65–72, 2004 [3] S. Lau. The Spinning Cube of Potential Doom. Communications of the ACM, pages 25-26, [4] J. McPherson, K. Ma, P. Krystosk and T. Bartoletti and M. Christensen. PortVis: a tool for port-based detection of security events. Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pages 73-81, 2004.

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33