Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of MSS System Human Actors Non-Human Actors In-house developed components Third party products.

Published bySilvester Sharp Modified over 9 years ago

Similar presentations

Presentation on theme: "Overview of MSS System Human Actors Non-Human Actors In-house developed components Third party products."— Presentation transcript:

1 Overview of MSS System Human Actors Non-Human Actors In-house developed components Third party products

2

3 Human Actors MSSP Admin MSSP User (Operator) MSSC User

4 Non-Human Actors Firewall device (at client site) Firewall device deployed at client network. Access deny log are collected and analysis IDS/IDP device (at client site) IDS/IDP device deployed at client network. SNMP Trap of detected intrusion are collected and analysis Device / Workstation (at client site) SNMP Polling target

5 In-house Developed Components Alarm Console (Web application) UI for MSSP, who can perform the following task Monitoring alarm and create Event Configure data collection and alarm detection Managing client profile Client Portal (Web application) UI for MSSC Read and update Events Read Vulnerability/Virus News, Daily/Monthly Report

6 In-house Developed Components (Cont) Client Agent Daemon (LOC: client network) Collecting Firewall / IDS log Performing SNMP Poll (performance monitor) Core Agent Daemon (LOC: MSSP network) RBL checking, initiate vulnerability scan, etc Core Engine (LOC: MSSP network) Headless, JavaEE components (MDB) Collect records from agent, Perform alarm detection

7 Third Party Products RHEL 4.0 OS for all server (including agent server) MySQL Database Store configuration, record, alarm, and event RRD file storage NFS file share RRD for trend based performance data Apache ActiveMQ Provide messaging network (MOM) Sun Java System Application Server 9 SJSAS or App Server in short Alarm Console and Client Portal are deployed Core Engine is deployed

8 Third Party Product (cont) Email gateway (SMTP relay) Notification mail are sent via this gateway SMS message gateway Notification SMS are sent via this gateway Nessus Provide vulnerability scanning Vulnerability Scan require this service to function RBL checking service Provide RBL checking service RBL Monitor require this service to function

9 Third Party Product (Impl Level) Hibernate (JPA Provider) Facelets, Ajax4jsf SpringFramework (Integration and AOP) Quartz scheduler AcegiSecurity CAS (Central Authentication System) Swiff chart generator (Flash graph generator) iReasoning SNMP library Maven (Build system)

10 Third Party Product (SCM) Subversion (Source version control) Trac (Wiki, notes and docs for devs)

11

12 Data Flow Interaction between components 1. MSSP admin update monitoring config 2. Alarm Console send updates to Agent Daemon 3. Agent Daemon update monitoring config 4. Agent Daemon resume collecting and submitting records to Core Engine 5. Core Engine collect record and save to DB 6. Core Engine perform alarm detection 1. Update existing alarm, OR 2. Create new alarm, OR 3. Do nothing 7. User access console 8. Alarm Console display active Alarms

13 Firewall / IDS Log Analysis Admin define log collection config and alarm policy Firewall forward log via syslog to Agent Server Syslog daemon will forward to named pipe Agent Daemon collecting log from named pipe Agent Daemon select parser, parse the log, submit the log to Core Engine Core Engine collect the log, post-process Timer wake up per 3 minutes (configurable) To perform alarm detection (by alarm policy)

14 Performance Monitoring Admin define monitor configuration and alarm policy Like OID, DeviceIP, SNMP parameter Threshold, etc Agent Daemon periodically issue SNMP poll and do Ping Agent Daemon submit performance data Core Engine collect performance data Data are saved in RRD (trend based) or Database (state based, ping result) Core Engine try to detect alarm

15 Vulnerability Scanning Admin issue initial scan request Agent Daemon perform vulnerability scan (via Nessus) Agent Daemon submit the scan result to Core Engine Core Engine save the scan result Admin check initial scan result, define baseline Admin make regular scanning schedule Agent Daemon perform scheduled scanning and submit result to Core Engine Core Engine collect result and match against baseline If result not matching Baseline, create Alarm

16 RBL Monitoring Admin define monitoring host (IP/hostname) Admin define filter Agent Daemon perform RBL query Agent Daemon submit result to Core Engine Core Engine filter the result Core Engine create Alarm

17 Vulnerability News Watching (CVE Watching) MSSC users define subscription Agent Daemon download and parse CVE entries per day news Agent Daemon submit updated entries to Core Engine Core Engine save the entries Core Engine check entries against users subscription MSSP Admin check the news entry MSSP Admin MAY update OR ignore the news entry MSSP Admin notify client about new CVE MSSC user read the CVE

18 Virus News Watching Similar to Vulnerability News Watching However, there are no external source for download Human input only

19 Service Monitoring Monitor security device are properly functioning Not yet implemented

20 Watch Dog Monitor internal components Not yet implemented. Initial ideas JMX (Java based components) and ICMP Notification + Alarm creation …

21 Record, Alarm and Event Agent Daemon support record Core Engine detect alarm Alarm Console create Event (on behalf of MSSP users) Each module defined the Record type and Alarm type

22 Other functions Notification System Event change trigger notification message Reminder messages Reporting Daily / Monthly

Download ppt "Overview of MSS System Human Actors Non-Human Actors In-house developed components Third party products."

Similar presentations

Steve Lewis J.D. Edwards & Company

Steve Lewis J.D. Edwards & Company
ONE STOP THE TOTAL SERVICE SOLUTION FOR REMOTE DEVICE MANAGMENT.

ONE STOP THE TOTAL SERVICE SOLUTION FOR REMOTE DEVICE MANAGMENT.
Web Server Administration

Web Server Administration
NGOP J.Fromm K.Genser T.Levshina M.Mengel V.Podstavkov.

NGOP J.Fromm K.Genser T.Levshina M.Mengel V.Podstavkov.
Network Administration Procedures Tools –Ping –SNMP –Ethereal –Graphs 10 commandments for PC security.

Network Administration Procedures Tools –Ping –SNMP –Ethereal –Graphs 10 commandments for PC security.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Designed By: Technical Training Department

Designed By: Technical Training Department
V v Business Process AMTV Streaming TV Streaming.

V v Business Process AMTV Streaming TV Streaming.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
OpStor - A multi vendor storage resource management and capacity forecasting software.

OpStor - A multi vendor storage resource management and capacity forecasting software.
Security Guidelines and Management

Security Guidelines and Management
Google App Engine Google APIs OAuth Facebook Graph API

Google App Engine Google APIs OAuth Facebook Graph API
IM-B201 Traditional Virtualized Private Cloud Public Cloud  Windows  Linux  UNIX  Windows  Linux  UNIX  Windows  Linux  Windows  Linux.

IM-B201 Traditional Virtualized Private Cloud Public Cloud  Windows  Linux  UNIX  Windows  Linux  UNIX  Windows  Linux  Windows  Linux.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
Module 6: Manage and Configure Messaging. Configuring Internet Mail Using Small Business Server (SBS) 2008 Console Configuring E-mail Protection Configuring.

Module 6: Manage and Configure Messaging. Configuring Internet Mail Using Small Business Server (SBS) 2008 Console Configuring Protection Configuring.
WhatsUp Gold v15 – WhatsUp Companion 3.7 WhatsUp Companion Extended

WhatsUp Gold v15 – WhatsUp Companion 3.7 WhatsUp Companion Extended
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+

CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
Copyright 2009 Trend Micro Inc. Classification 9/19/2015 1 Troubleshooting TMSP Marks Shen Senior Engineer – QA Evan Wang Engineer - QA.

Copyright 2009 Trend Micro Inc. Classification 9/19/ Troubleshooting TMSP Marks Shen Senior Engineer – QA Evan Wang Engineer - QA.

Similar presentations

Ads by Google