Overview of MSS System Human Actors Non-Human Actors In-house developed components Third party products.

Slides:



Advertisements
Similar presentations
Steve Lewis J.D. Edwards & Company
Advertisements

ONE STOP THE TOTAL SERVICE SOLUTION FOR REMOTE DEVICE MANAGMENT.
Web Server Administration
NGOP J.Fromm K.Genser T.Levshina M.Mengel V.Podstavkov.
Network Administration Procedures Tools –Ping –SNMP –Ethereal –Graphs 10 commandments for PC security.
Maintaining and Updating Windows Server 2008
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Designed By: Technical Training Department
V v Business Process AMTV Streaming TV Streaming.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
OpStor - A multi vendor storage resource management and capacity forecasting software.
Security Guidelines and Management
Google App Engine Google APIs OAuth Facebook Graph API
IM-B201 Traditional Virtualized Private Cloud Public Cloud  Windows  Linux  UNIX  Windows  Linux  UNIX  Windows  Linux  Windows  Linux.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
Module 6: Manage and Configure Messaging. Configuring Internet Mail Using Small Business Server (SBS) 2008 Console Configuring Protection Configuring.
WhatsUp Gold v15 – WhatsUp Companion 3.7 WhatsUp Companion Extended
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
Copyright 2009 Trend Micro Inc. Classification 9/19/ Troubleshooting TMSP Marks Shen Senior Engineer – QA Evan Wang Engineer - QA.
CSI-E Computer Security Investigator – Enterprise.
Inventory:OCSNG + GLPI Monitoring: Zenoss 3
Copyright 2009 Trend Micro Inc. Classification 9/23/ Troubleshooting TMSP Marks Shen Senior Engineer – QA Evan Wang Engineer - QA.
Vantage Report 3.0 Product Sales Guide
Module 7: Fundamentals of Administering Windows Server 2008.
Network Management Tool Amy Auburger. 2 Product Overview Made by Ipswitch Affordable alternative to expensive & complicated Network Management Systems.
1 Vulnerability Analysis and Patches Management Using Secure Mobile Agents Presented by: Muhammad Awais Shibli.
Module 6 Planning and Deploying Messaging Security.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Real Time Monitors, Inc. Switch Expert™. 2 Switch Expert™ Overview Switch Expert ™ (SE) currently deployed at 80% percent of the INSIGHT-100.
Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
System Initialization 1)User starts application. 2)Client loads settings. 3)Client loads contact address book. 4)Client displays contact list. 5)Client.
1 Network Management: SNMP The roots of education are bitter, but the fruit is sweet. - Aristotle.
Network Monitor Final presentation Project in systems programming, Winter 2008 Students : Vitaly Zakharenko & Alex Tikh Supervisor : Isask'har (Zigi) Walter.
Avira Endpoint Security. Introduction of Avira Management Center (AMC)
The Switchvox Extend API
1 Quick Overview Overview Network –IPTables –Snort Intrusion Detection –Tripwire –AIDE –Samhain Monitoring & Configuration –Beltaine –Lemon –Prelude Conclusions.
Automated Scheduling and Operations for Legacy Applications.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
1 Intrusion Detection Methods “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking.
Security monitoring boxes Andrew McNab University of Manchester.
CERN IT Department CH-1211 Genève 23 Switzerland t IT Monitoring WG IT/CS Monitoring System Virginie Longo September 14th 2011.
PosView Overall Architecture – Version 2 SNMP Agent MIB DB Discovery Engine Trap HandlerRequest Handler Polling Engine Logging Event Handler Alarm Handler.
1 PUPPET AND DSC. INTRODUCTION AND USAGE IN CONTINUOUS DELIVERY PROCESS. VIKTAR VEDMICH PAVEL PESETSKIY AUGUST 1, 2015.
Chapter 2 Securing Network Server and User Workstations.
Intrusion Intrusion Detection Systems with Snort Hailun Yan 564-project.
Module 10: Preparing to Monitor Server Performance.
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration System Monitoring.
SecurityCenter & Palo Alto Configuration Guide. About this Guide This guide provides an overview of how to get the most from Palo Alto firewalls when.
Module 9 Planning and Implementing Monitoring and Maintenance.
Matthias Clausen, Jan Hatje, DESY CSS Overview – Alarm System and Management CSS Overview - GSI, 11 Februrary CSS Overview Alarm System and CSS.
IPS Infrastructure Technological Overview of Work Done.
Network Management Mechanisms Two major network management protocols: Simple Network Management Protocol (SNMP) Common Management Information Protocol.
Collaborative Work Module Gwen Kerdiles European Solution Centre SunGard Higher Education.
All images © Mat Wright GOPI Training Technical Overview
Monitoring Alfresco with Nagios/Icinga Toni de la Fuente Alfresco Senior Solutions Engineer Blog: blyx.com
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Maintaining and Updating Windows Server 2008 Lesson 8.
Overview – TI Services September-2016.
Working at a Small-to-Medium Business or ISP – Chapter 8
TrueSight Operations Management 11.0 Architecture
Users and Administrators
Security Methods and Practice CET4884
SAMMS Secure Authorized Monitored Messaging System
Chapter 27: System Security
POP: Building Automation Around Secure Server Deployment
Users and Administrators
Presentation transcript:

Overview of MSS System Human Actors Non-Human Actors In-house developed components Third party products

Human Actors MSSP Admin MSSP User (Operator) MSSC User

Non-Human Actors Firewall device (at client site) Firewall device deployed at client network. Access deny log are collected and analysis IDS/IDP device (at client site) IDS/IDP device deployed at client network. SNMP Trap of detected intrusion are collected and analysis Device / Workstation (at client site) SNMP Polling target

In-house Developed Components Alarm Console (Web application) UI for MSSP, who can perform the following task Monitoring alarm and create Event Configure data collection and alarm detection Managing client profile Client Portal (Web application) UI for MSSC Read and update Events Read Vulnerability/Virus News, Daily/Monthly Report

In-house Developed Components (Cont) Client Agent Daemon (LOC: client network) Collecting Firewall / IDS log Performing SNMP Poll (performance monitor) Core Agent Daemon (LOC: MSSP network) RBL checking, initiate vulnerability scan, etc Core Engine (LOC: MSSP network) Headless, JavaEE components (MDB) Collect records from agent, Perform alarm detection

Third Party Products RHEL 4.0 OS for all server (including agent server) MySQL Database Store configuration, record, alarm, and event RRD file storage NFS file share RRD for trend based performance data Apache ActiveMQ Provide messaging network (MOM) Sun Java System Application Server 9 SJSAS or App Server in short Alarm Console and Client Portal are deployed Core Engine is deployed

Third Party Product (cont) gateway (SMTP relay) Notification mail are sent via this gateway SMS message gateway Notification SMS are sent via this gateway Nessus Provide vulnerability scanning Vulnerability Scan require this service to function RBL checking service Provide RBL checking service RBL Monitor require this service to function

Third Party Product (Impl Level) Hibernate (JPA Provider) Facelets, Ajax4jsf SpringFramework (Integration and AOP) Quartz scheduler AcegiSecurity CAS (Central Authentication System) Swiff chart generator (Flash graph generator) iReasoning SNMP library Maven (Build system)

Third Party Product (SCM) Subversion (Source version control) Trac (Wiki, notes and docs for devs)

Data Flow Interaction between components 1. MSSP admin update monitoring config 2. Alarm Console send updates to Agent Daemon 3. Agent Daemon update monitoring config 4. Agent Daemon resume collecting and submitting records to Core Engine 5. Core Engine collect record and save to DB 6. Core Engine perform alarm detection 1. Update existing alarm, OR 2. Create new alarm, OR 3. Do nothing 7. User access console 8. Alarm Console display active Alarms

Firewall / IDS Log Analysis Admin define log collection config and alarm policy Firewall forward log via syslog to Agent Server Syslog daemon will forward to named pipe Agent Daemon collecting log from named pipe Agent Daemon select parser, parse the log, submit the log to Core Engine Core Engine collect the log, post-process Timer wake up per 3 minutes (configurable) To perform alarm detection (by alarm policy)

Performance Monitoring Admin define monitor configuration and alarm policy Like OID, DeviceIP, SNMP parameter Threshold, etc Agent Daemon periodically issue SNMP poll and do Ping Agent Daemon submit performance data Core Engine collect performance data Data are saved in RRD (trend based) or Database (state based, ping result) Core Engine try to detect alarm

Vulnerability Scanning Admin issue initial scan request Agent Daemon perform vulnerability scan (via Nessus) Agent Daemon submit the scan result to Core Engine Core Engine save the scan result Admin check initial scan result, define baseline Admin make regular scanning schedule Agent Daemon perform scheduled scanning and submit result to Core Engine Core Engine collect result and match against baseline If result not matching Baseline, create Alarm

RBL Monitoring Admin define monitoring host (IP/hostname) Admin define filter Agent Daemon perform RBL query Agent Daemon submit result to Core Engine Core Engine filter the result Core Engine create Alarm

Vulnerability News Watching (CVE Watching) MSSC users define subscription Agent Daemon download and parse CVE entries per day news Agent Daemon submit updated entries to Core Engine Core Engine save the entries Core Engine check entries against users subscription MSSP Admin check the news entry MSSP Admin MAY update OR ignore the news entry MSSP Admin notify client about new CVE MSSC user read the CVE

Virus News Watching Similar to Vulnerability News Watching However, there are no external source for download Human input only

Service Monitoring Monitor security device are properly functioning Not yet implemented

Watch Dog Monitor internal components Not yet implemented. Initial ideas JMX (Java based components) and ICMP Notification + Alarm creation …

Record, Alarm and Event Agent Daemon support record Core Engine detect alarm Alarm Console create Event (on behalf of MSSP users) Each module defined the Record type and Alarm type

Other functions Notification System Event change trigger notification message Reminder messages Reporting Daily / Monthly

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.