Presentation is loading. Please wait.

Presentation is loading. Please wait.

Practical Network Security: Experiences with ntop Luca Deri Stefano Suin.

Published byRandell McDowell Modified over 9 years ago

Similar presentations

Presentation on theme: "Practical Network Security: Experiences with ntop Luca Deri Stefano Suin."— Presentation transcript:

1 Practical Network Security: Experiences with ntop Luca Deri Stefano Suin

2 Terena 2000Practical Network Security2 Daily Network Security Problems Frequent security violations. Need to detect unauthorized services installed by users. Who is generating suspicious traffic? Identification of misconfigured and faulty hosts.

3 Terena 2000Practical Network Security3 What Do We Need ? Traffic measurement. Traffic characterisation and monitoring. Detection of network security violations. Network optimisation and planning.

4 Terena 2000Practical Network Security4 What’s available on the Internet? Tcpdump, NeTraMet and RMON should be used by experts and are really not suitable for security problems. NFR and Snort are good, but they control only what is specified (Misuse Detection IDS).

5 Terena 2000Practical Network Security5 Requirements: Security Ability to automatically (i.e. no configuration) detect common network problems. Track ongoing attacks and identify potential security holes. Rule language for advanced intrusion detection.

6 Terena 2000Practical Network Security6 Welcome to ntop

7 Terena 2000Practical Network Security7 ntop Architecture

8 Terena 2000Practical Network Security8 Ntop Security Features TCP/IP Stack Verification. Application Misuse. Intruders Detection.

9 Terena 2000Practical Network Security9 TCP/IP Stack Verification [1/2] Invalid packets (ping of death, WinNuke). Stealth Scanning. Improper TCP Three Way Handshaking (e.g. queso/nmap OS Detection). Synflood.

10 Terena 2000Practical Network Security10 TCP/IP Stack Verification [2/2] Overlapping Fragments. Peak of RST Packets. Unexpected SYN/ACK (sequence guessing) and SYN/FIN (portscan) packets. Smurfing (ICMP to broadcast address).

11 Terena 2000Practical Network Security11 Application Misuse Buffer Overflow. Unauthorised Application Usage (e.g. Napster, ICQ). Misconfigured Applications (e.g. peak of DNS, NTP requests).

12 Terena 2000Practical Network Security12 Intruders Detection Trojan Horses (e.g. BO2K). Spoofing (more MAC addresses match the same IP address). Spy Detection (neped). Network discovery (via ICMP, ARP).

13 Terena 2000Practical Network Security13 Ntop IDS Rules icmp route-advertisement ICMP_REDIRECT !gateway/any action alarm tcp root-ftp any/ftp any/any contains "230 User root logged in." action alarm udp new-port-open any/any any/!usedport action alarm

14 Terena 2000Practical Network Security14 Ntop Availability Home Page: http://www.ntop.org/ Platforms: Win32 and Unix. License: Gnu Public License (GPL).

Download ppt "Practical Network Security: Experiences with ntop Luca Deri Stefano Suin."

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.

Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
IP Network Scanning.

IP Network Scanning.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using.

Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.

Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Similar presentations

Ads by Google