Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD www.CureLan.com.

Published byMarjorie Page Modified over 8 years ago

Similar presentations

Presentation on theme: "1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD www.CureLan.com."— Presentation transcript:

1 1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD www.CureLan.com

2 Slow response time Do Hackers Attack ? 2

3 Why do Hackers Attack ? Steal private data & credit card info 3

4 The Blind Spot of the IPS Equipment Feature code scheme (pattern) High error rate on the threshold setting function False Positives 4

5 Cyber-Intrusion== Cyber-Attack Cyber-Intrusion V.S. Attack Robber Huge Traffic / Sessions Not care being discovered 5 Cyber-Intrusion Cyber-Attack Thief Small packet Not like to be discovered

6 The Blind Spot of the IPS Equipment The Amount of TrafficA Number of Sessions

7 Network Behavior Anomaly Detection (NBAD) Detect & block attacks automatically 7 NBAD Technology Flowviewer is 64 bit solution NBAD Technology Flowviewer is 64 bit solution Picture provided by : free vector graphics Version 1 Version 2 ? TRUE ? FALSE ? High Error Rate High Error Rate

8 Packets Sessions (Flows) Protocol Transport protocol port Time Duration Destination IP address Source IP address Traffic Info Collected Real-Time Data Collected From The Flowviewer FM-800A

9 Intrusion Port scan SSH RDP Worm Attack UDP Flood Attack DOS Attack DNS Attack NTP Attack Detect and Block Intrusion & Attack

10 Math Formula 10 S: session P src n : source port number P dst n : destination port number T n : some time ∵ ∵

11 IPS ( Intrusion prevention system ) of DoS Protection Profile Threshold Function UDP_SRC_Session default 5,000 session/ second UDP_DST_Session default 5,000 session/ second UDP_Flood default 2,000 packets/ second 11

12 Real Case 1 A University: Event Time, 2014 / 05 / 27 05:00-06:00 12

13 IPS Threshold : default 5,000 session / sec Hacker can avoid IPS detection 13 The maximum session of attack is 743. Hacker can avoid IPS detection.

14 Real Case 2 B University: Event Time, 2015 / 07 / 21 22:00-23:00 14

15 IPS Threshold : default 5,000 session / sec Hacker can avoid IPS detection 15 The maximum session of attack is 2327. Hacker can avoid IPS detection.

Download ppt "1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD www.CureLan.com."

Similar presentations

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.

REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.
F3 Collecting Network Based Evidence (NBE)

F3 Collecting Network Based Evidence (NBE)
OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.

OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Detectability of Traffic Anomalies in Two Adjacent Networks Augustin Soule, Haakon Ringberg, Fernando Silveira, Jennifer Rexford, Christophe Diot.

Detectability of Traffic Anomalies in Two Adjacent Networks Augustin Soule, Haakon Ringberg, Fernando Silveira, Jennifer Rexford, Christophe Diot.
Network Traffic Anomaly Detection Based on Packet Bytes Matthew V. Mahoney Florida Institute of Technology

Network Traffic Anomaly Detection Based on Packet Bytes Matthew V. Mahoney Florida Institute of Technology
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD www.CureLan.com.

1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.

Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
ANOMALY DETECTION AND CHARACTERIZATION: LEARNING AND EXPERIANCE YAN CHEN – MATT MODAFF – AARON BEACH.

ANOMALY DETECTION AND CHARACTERIZATION: LEARNING AND EXPERIANCE YAN CHEN – MATT MODAFF – AARON BEACH.
Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.

Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.
1 CCNA 2 v3.1 Module 10. 2 Intermediate TCP/IP CCNA 2 Module 10.

1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
Design and Implementation of SIP-aware DDoS Attack Detection System.

Design and Implementation of SIP-aware DDoS Attack Detection System.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)

Similar presentations

Ads by Google