Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anomaly Detection and Internal Network Security Jose Nazario, Ph.D. Arbor Networks.

Published byLizbeth McLaughlin Modified over 9 years ago

Similar presentations

Presentation on theme: "Anomaly Detection and Internal Network Security Jose Nazario, Ph.D. Arbor Networks."— Presentation transcript:

1 Anomaly Detection and Internal Network Security Jose Nazario, Ph.D. Arbor Networks

2 Proprietary and Company Confidential Information Your role is to protect the network

3 Proprietary and Company Confidential Information External barriers aren’t enough

4 Proprietary and Company Confidential Information Your perimeter is porous to threats

5 Proprietary and Company Confidential Information Discover the wolf in sheep’s clothing

6 Proprietary and Company Confidential Information Anomaly Detection helps you find the things that don’t belong

7 Proprietary and Company Confidential Information GOOD BAD

8 Proprietary and Company Confidential Information Characterize the offending source

9 Proprietary and Company Confidential Information Statistical Protocol Relational

10 Proprietary and Company Confidential Information Statistical Anomaly Detection  Based on traffic rates  Endpoints are network blocks  Traffic by time and service  Useful for DDoS attack detection  Statistical expectations and confidence

11 Proprietary and Company Confidential Information Expected = Recent past + Average distant past  Statistical variance Allows for smooth changes Disallows abrupt changes

12 Proprietary and Company Confidential Information BPS Time

13 Proprietary and Company Confidential Information An example of “abrupt change”

14 Proprietary and Company Confidential Information Another “abrupt change”

15 Proprietary and Company Confidential Information Protocol-Based Detection  Based on protocol behaviors  Very generic, requires a well understood protocol  Compare protocol observations with expectations  Useful for very well controlled protocols  Works for various layers: network, applications, etc

16 Proprietary and Company Confidential Information From To Subject Length-based overflow against client Email header attack

17 Proprietary and Company Confidential Information Relational-Based Detection  Uses inter-host relationships  Roles (server, client, services) are usually static  Examine network traffic and peers  Changes in roles indicate odd events

18 Proprietary and Company Confidential Information Catalog Relationships Record every packet, flow, connection, and transaction between every host on the network. Group Automatically By observing incoming and outgoing links, similar protocols spoken, and proximity to other hosts, generate groupings. Generalize Behavior Discover which behaviors are common to the entire group, and apply to every member of the group.

19 Proprietary and Company Confidential Information FTP SMTP HTTP LDAP Service based relationships

20 Proprietary and Company Confidential Information Mail-based viruses Rogue AP Unauthorized connections

21 Proprietary and Company Confidential Information Inside, they don’t use exploits

22 Proprietary and Company Confidential Information Health Care Student Records Web Gateway Not all traffic is authorized

23 Proprietary and Company Confidential Information Catalog service usage over time

24 Proprietary and Company Confidential Information

25 Detect the threat inside the chaos

26 Proprietary and Company Confidential Information HTTP MS SQL Selectively isolate the threat

27 Proprietary and Company Confidential Information  Anomaly detection helps you identify real threats  You can quickly react to specific threats  Minimize the disruption and response time  Protect core assets while offering service

28 Proprietary and Company Confidential Information Thank you

Download ppt "Anomaly Detection and Internal Network Security Jose Nazario, Ph.D. Arbor Networks."

Similar presentations

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.
Bro: A System for Detecting Network Intruders in Real-Time Vern Paxson Lawrence Berkeley National Laboratory,Berkeley, CA A stand-alone system for detecting.

Bro: A System for Detecting Network Intruders in Real-Time Vern Paxson Lawrence Berkeley National Laboratory,Berkeley, CA A stand-alone system for detecting.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using.

Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Chapter 12 Network Security.

Chapter 12 Network Security.
Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies www.coresecurity.com.

Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : 97077200 7 August 1999 The Chinese University.

Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : August 1999 The Chinese University.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Similar presentations

Ads by Google