INDIANAUNIVERSITYINDIANAUNIVERSITY TransPAC2 Security John Hicks TransPAC2 Indiana University 22nd APAN Conference – Singapore 20-July-2006.

Slides:



Advertisements
Similar presentations
NETFLOW & NETWORK-BASED APPLICATION RECOGNITION
Advertisements

INDIANAUNIVERSITYINDIANAUNIVERSITY TransPAC2 Measurement John Hicks TransPAC2 Indiana University APAN Conference – Singapore 19-July-2006.
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.
Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Doug Pearson Director, REN-ISAC
1 CHEP 2000, Roberto Barbera Roberto Barbera (*) Grid monitoring with NAGIOS WP3-INFN Meeting, Naples, (*) Work in collaboration with.
Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,
Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
REN-ISAC Update Doug Pearson, REN-ISAC Technical Director DICE 12 February 2008 Athens, Greece 1.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
October 2003 Iosif Legrand Iosif Legrand California Institute of Technology.
Microsoft ® Official Course Interacting with the Search Service Microsoft SharePoint 2013 SharePoint Practice.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Arbor Multi-Layer Cloud DDoS Protection
Maintaining and Updating Windows Server 2008
Proxy servers By Akshit Y10. What is a proxy server O A proxy server is a computer that offers a computer network service to allow clients to make indirect.
Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.
Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.
Configuration Management and Server Administration Mohan Bang Endeca Server.
Connect communicate collaborate Anomaly Detection in Backbone Networks: Building A Security Service Upon An Innovative Tool Wayne Routly, Maurizio Molina.
WhatsUp Gold v15 – WhatsUp Companion 3.7 WhatsUp Companion Extended
Developing Reporting Solutions with SQL Server
Network Management Tool Amy Auburger. 2 Product Overview Made by Ipswitch Affordable alternative to expensive & complicated Network Management Systems.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
Alberto Rivai Teknologi pemantauan jaringan internet untuk pendeteksian dini terhadap ancaman dan gangguan Alberto Rivai
© Copyright 2007 Arbinet-thexchange, Inc. All Rights Reserved. Voice Peering Steve Heap Chief Technology Officer.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Ramiro Voicu December Design Considerations  Act as a true dynamic service and provide the necessary functionally to be used by any other services.
Real Time Monitors, Inc. Switch Expert™. 2 Switch Expert™ Overview Switch Expert ™ (SE) currently deployed at 80% percent of the INSIGHT-100.
Shared Darknet Project Internet2 Spring 2006 Member Meeting Doug Pearson Technical Director, REN-ISAC.
Event Management & ITIL V3
INDIANAUNIVERSITYINDIANAUNIVERSITY Spring 2001 TransPAC Measurement Update John Hicks - Chris Robb - James Williams -
Connect. Communicate. Collaborate Experiences with tools for network anomaly detection in the GÉANT2 core Maurizio Molina, DANTE COST TMA tech. Seminar.
INFN-GRID Testbed Monitoring System Roberto Barbera Paolo Lo Re Giuseppe Sava Gennaro Tortone.
The ProactiveWatch Monitoring Service. Are These Problems For You? Your business gets disrupted when your IT environment has issues Your employee and.
Introduction to the Adapter Server Rob Mace June, 2008.
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
INDIANAUNIVERSITYINDIANAUNIVERSITY Grid Monitoring from a GOC perspective John Hicks HPCC Engineer Indiana University October 27, 2002 Internet2 Fall Members.
INDIANAUNIVERSITYINDIANAUNIVERSITY 23rd APAN Meeting Manila, Philippines January REN-ISAC and Peakflow SP John Hicks Indiana University TransPAC2.
Use cases Navigation Problem notification Problem analysis.
Research and Education Networking Information Sharing and Analysis Center REN-ISAC John Hicks TransPAC2/Indiana University
1 The System Menu. 2 The System menu Dashboard Page displayed upon every login. It encompasses several boxes organised in two columns that provide a complete.
© 2004 AARNet Pty Ltd Measurement in aarnet3 4 July 2004.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
NSF Cybersecuity Summit May REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher.
Integrating and Troubleshooting Citrix Access Gateway.
GBIF Data Access and Database Interoperability 2003 Work Programme Overview Donald Hobern, GBIF Programme Officer for Data Access and Database Interoperability.
Research and Education Networking Information Sharing and Analysis Center REN-ISAC Doug Pearson Director, REN-ISAC Copyright.
Research and Education Networking Information Sharing and Analysis Center REN-ISAC Doug Pearson Director, REN-ISAC
April 2003 Iosif Legrand MONitoring Agents using a Large Integrated Services Architecture Iosif Legrand California Institute of Technology.
PPDG February 2002 Iosif Legrand Monitoring systems requirements, Prototype tools and integration with other services Iosif Legrand California Institute.
1 REN-ISAC Update Research and Education Networking Information Sharing and Analysis Center Joint Techs Madison WI July 2006.
Internet2 Abilene & REN-ISAC Arbor Networks Peakflow SP Identification and Response to DoS Joint Techs Winter 2006 Albuquerque Doug Pearson.
Copyright 2007, Information Builders. Slide 1 iWay Web Services and WebFOCUS Consumption Michael Florkowski Information Builders.
REN-ISAC Research and Education Networking Information Sharing and Analysis Center Doug Pearson REN-ISAC Director Internet2 Security WG BoF October 14,
DataGrid is a project funded by the European Commission EDG Conference, Heidelberg, Sep 26 – Oct under contract IST OGSI and GT3 Initial.
Service Charging Platform. EMS (Entity Management System) 0 Logging Agent Provides detailed activity logs and reports all raw facts as they happen to.
Maintaining and Updating Windows Server 2008 Lesson 8.
1 Netflow Collection and Aggregation in the AT&T Common Backbone Carsten Lund.
INDIANAUNIVERSITYINDIANAUNIVERSITY IRNC Measurement John Hicks HPCC Engineer Indiana University 18 th APAN Meeting – Cairns 4-July-2004.
IODE Ocean Data Portal - technological framework of new IODE system Dr. Sergey Belov, et al. Partnership Centre for the IODE Ocean Data Portal.
Flow Collection and Analytics
Requirements and Approach
ITAS Risk Reporting Integration to an ERP
Distributed System using Web Services
Requirements and Approach
Integrated Statistical Production System WITH GSBPM
Presentation transcript:

INDIANAUNIVERSITYINDIANAUNIVERSITY TransPAC2 Security John Hicks TransPAC2 Indiana University 22nd APAN Conference – Singapore 20-July-2006

INDIANAUNIVERSITYINDIANAUNIVERSITY TransPAC2 Security and the REN-ISAC Is an integral part of U.S. higher education’s strategy to improve network security through information collection, analysis, dissemination, early warning, and response; is specifically designed to support the unique environment and needs of organizations connected to served higher education and research networks; and supports efforts to protect the national cyber infrastructure by participating in the formal U.S. ISAC structure.

INDIANAUNIVERSITYINDIANAUNIVERSITY TransPAC2 Security Efforts Information products –Daily Weather Report –Daily Darknet Reports –Alerts –Notifications –Monitoring views Incident response 24x7 Watch Desk Cybersecurity Contact Registry Tool development Security infrastructures work in specific communities, e.g. grids Participation in other higher education efforts

INDIANAUNIVERSITYINDIANAUNIVERSITY Infrastructure security, traffic analysis, managed DoS protection via intelligent netflow analysis –Network Anomaly Detection: DDoS, worms, network and bandwidth abuse –Integrated Mitigation seamless operation with a variety of DoS mitigation tools; filtering, rate-limiting, BGP blackholing, off-ramping/sinkholing, etc. –Analytics: peering evaluation, BGP routing –Reporting real-time and customized anomaly and traffic reports

INDIANAUNIVERSITYINDIANAUNIVERSITY –Customer-facing DoS Portal Gives customers a first-hand view of their traffic inside the service provider’s network; customers set their own thresholds and alerts –Fingerprint Sharing Share anomaly fingerprints with peers, customers, etc. for upstream DoS mitigation

INDIANAUNIVERSITYINDIANAUNIVERSITY The Arbor systems Peakflow SP system is a traffic analysis engine the works on a collection of routers. By default, the collection of routers is aggregated into a one network. General queries (no filters) return summaries of the entire network. Query filters provide one means of narrowing return data. Other scoping mechanisms are available.

INDIANAUNIVERSITYINDIANAUNIVERSITY Peakflow SP queries The Peakflow system collects flow, BGP, and SNMP data and provides a facility to query and filter desired data for a particular time slice. Peakflow SP is designed around XML queries. There is currently a limit of two filters for each query. Desired data can be further scoped by different query types. Example: filter on entity 1 (entity 1 could be an alert id) data, then on router interfaces (so-0/ so- 0/2.0.0, …)

INDIANAUNIVERSITYINDIANAUNIVERSITY Peakflow SP query filter types

INDIANAUNIVERSITYINDIANAUNIVERSITY Peakflow SP router query types Router query types include the following:

INDIANAUNIVERSITYINDIANAUNIVERSITY Peakflow SP Raw Flow queries Raw flow query types include the following:

INDIANAUNIVERSITYINDIANAUNIVERSITY Peakflow SP BGP queries BGP queries include: Diff - Reports a list of BGP change reports Raw - Reports a list of raw routes Summary - Reports the summary of BGP changes matching a filter

INDIANAUNIVERSITYINDIANAUNIVERSITY Peakflow SP The Peakflow SP system can return graphs and raw data for each type of query. Security reports can be automatically run at schedules times (like cron). Security reports can be to individuals or groups (including graphs and data).

INDIANAUNIVERSITYINDIANAUNIVERSITY Peakflow SP offers a customer facing portal that provides access to some of the SP data. Portal data views are scoped to a subset of the systems data. Portals are a good way to provide private access to costumer data. One problem with portals is that scoping data is very course. For example: If a costumer sees an anomaly (large traffic from /24) in the data from a query and determines that it is coming from an interface not in the costumers scope. Further investigation is prohibited. If the system provides access to this interface then all interfaces are available. Peakflow SP portals

INDIANAUNIVERSITYINDIANAUNIVERSITY To solve this problem, we are using the Peakflow wsdl to provide more refined scoping of data. The Peakflow SP wsdl provide the following: getAlertGraph - For a given alert id, returns a graph of the total alert traffic per customer interface over the life of the alert. sqlQuery - Returns an SQL query in XML format. getTrafficData - Returns detailed sample data for items matching the query. Data is returned XML format. getTrafficGraph - Returns a graph of the data items matching the supplied query parameters. Peakflow SP WSDL/SOAP

INDIANAUNIVERSITYINDIANAUNIVERSITY getAlertSummaries - Returns summary information about the most recent count alerts, starting at offset alerts from the most recent alert. The optional filter can specify the name of a customer managed object. Peakflow SP WSDL/SOAP

INDIANAUNIVERSITYINDIANAUNIVERSITY getAlertInterfaces - Returns a detailed listing of all routers interfaces involved in the specified alert. Peakflow SP WSDL/SOAP

INDIANAUNIVERSITYINDIANAUNIVERSITY getAlertInterfaceDetails - Returns detailed information about router interfaces involved in the specified alert. getAlertInterfacesXML - Same as getAlertInterfaces but in XML format. getAlertRouterInterfacesXML - Same as getAlertRouterInterfaces but in XML format. getReport - Returns multiple graphs in one tar.gz file. getAlertStatisticsRaw - Returns raw statistics about requested alert. Peakflow SP WSDL/SOAP

INDIANAUNIVERSITYINDIANAUNIVERSITY usage: soap_client.py -c command [-z zone_secret] [-o key1=value1 -o key2=value2...] [-w key1:file1 -w key2:file2...] example: soap_client.py -h 'sp.arbor.net' -z ’zonesecret' \ -c 'getAlertSummaries' -o count=5 -o offset=3 soap_client.py -h 'sp.arbor.net' -z ’zonesecret' \ -c 'getAlertGraph' -o alertId= w graph:alert_23456.png Python SOAP client

INDIANAUNIVERSITYINDIANAUNIVERSITY Peakflow SP currently provides a single “Zonesecret” to access the system remotely via SOAP. Scoping of data is done on the “proxy” server. Web presentation is currently done with PHP but other technologies such as AJAX are being explored. DB backend also under investigation. Proxy server code will be made available once private zonesecret can be secured. Costume interfaces are easily rolled out for private data. Customer “Peakflow Proxy”

INDIANAUNIVERSITYINDIANAUNIVERSITY Client side

INDIANAUNIVERSITYINDIANAUNIVERSITY

INDIANAUNIVERSITYINDIANAUNIVERSITY

INDIANAUNIVERSITYINDIANAUNIVERSITY

INDIANAUNIVERSITYINDIANAUNIVERSITY Questions or Comments John Hicks Indiana University

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.