PLNOG 9: Pavel Minarik - Network Traffic & Security Monitoring in Examples
0 likes19 views
FlowMon is a network traffic monitoring and security solution that uses IP flows to provide visibility into network activity. It analyzes NetFlow and IPFIX data from probes and routers to detect security threats like DDoS attacks and malware as well as optimize network performance. The solution includes probes to collect data, collectors to store and analyze flows, and a monitoring center to provide visualizations, reports, and alerts. It can help network operators understand top users and applications, identify unwanted traffic and anomalies, fulfill data retention laws, and optimize infrastructure usage and peering relationships.
PLNOG 9: Pavel Minarik - Network Traffic & Security Monitoring in Examples
- 1. Pavel Minařík FlowMon Network Traffic & Security Monitoring in Examples
- 2. 2/18 Key Points • Network monitoring based on IP flows Do you know what's really happening in your network? Do you have such information real-time and historically? • Security – NBA (Network Behavior Analysis) Do you easily detect DOS, DDOS and attacks against services? Are you able to reveal viruses/malware in your network? Do you have a tool for suspicious behavior detection? • Network infrastructure optimization Are you paying too much for peering? Would you like to account & bill based on traffic amount? • Data Retention law fulfillment Do you fulfill law requirements? 23.10.2012 FlowMon © INVEA-TECH 2012
- 3. 3/18 FlowMon – Network Under Control • Innovative network traffic monitoring & security solution using IP flows • Based on NetFlow v5/v9 and IPFIX technology • Provides information about who communicates with whom, how long, what protocol, traffic volume and more • Best price/performance ratio in the industry • Solution for networks of all dimensions • Exceptional customer benefits • Your network under control! 23.10.2012 FlowMon © INVEA-TECH 2012
- 4. 4/18 FlowMon Architecture • FlowMon Probes passive standalone source of network statistics (NetFlow / IPFIX data) • FlowMon Collectors visualization and evaluation of network statistics • FlowMon ADS automatic traffic analysis for reveal operational & security issues 23.10.2012 FlowMon © INVEA-TECH 2012
- 5. 5/18 FlowMon Probe • High-performance standalone probe - source of IP flow records in NetFlow v5,9 and IPFIX format • L2/L3 invisible - transparent for monitored network • Standard and hardware accelerated models • Remote configuration via a user-friendly web GUI • 10/100/1000 Ethernet, 10 GbE, IPv4, IPv6, MPLS, VLAN • Maintenance-free appliance with simple configuration • Built-in collector (data storage redundancy) 23.10.2012 FlowMon © INVEA-TECH 2012
- 6. 6/18 FlowMon Collector • Standalone appliance for long term storage of flow statistics from multiple sources (probes, routers, switches) • Support for NetFlow/IPFIX/sFlow data storage & analysis • Professional solution for mid-size and large networks RAID, redundant power, remote management storage capacity from 1TB up to hundreds TBs unique performance – more than 200k flows/s processing 23.10.2012 FlowMon © INVEA-TECH 2012
- 7. 7/18 FlowMon Monitoring Center • Graphs, tables and form for further data processing • Top N statistics (users, sites, services) • Predefined set of profiles/views for standard protocols • User defined profiles (based on IP address or ports) • Intelligent reporting (online/offline email/pdf/csv reports) • Profile support and automatic alerts (e-mail, syslog, SNMP etc.) 23.10.2012 FlowMon © INVEA-TECH 2012
- 8. 8/18 FlowMon ADS • Undesirable behavior detection Attacks Undesirable services Operational and configuration problems • Behavior profiles computing Communication partners Anomaly detection Traffic volume and structure • Intuitive user interface Immediate network problems indication Interactive event visualization Integration with information from DNS, WHOIS, geolocation services • Complex filtering, alerting, reporting 23.10.2012 FlowMon © INVEA-TECH 2012
- 9. 9/18 FlowMon ADS • Detection of undesirable patterns in communication Attacks (port scanning, dictionary attacks, DOS/DDOS, telnet protocol) Data traffic anomalies (DNS, multicast, non-standard communications) Device behavior anomalies (changes in long-term device behavior profile) Undesirable applications (P2P networks, anonymizer) Internal security problems (viruses, spyware, botnets) Mail traffic (outgoing spam) Operational problem (delays, high traffic, reverse DNS records) 23.10.2012 FlowMon © INVEA-TECH 2012
- 10. Network Traffic & Security Monitoring - Use Cases 23.10.2012FlowMon © INVEA-TECH
- 11. 11/18 Use Cases • “Eyes” into the network traffic and an overview of what is going on in the network and the infrastructure • „Drill-down“ to the level of individual communications, a record of everything that has happened 9.10.2012 FlowMon © INVEA-TECH 2012
- 12. 12/18 Use Cases • 10% of users typically generate 90% of the traffic – who are they? • How are individual services utilized and when are peaks? 9.10.2012 FlowMon © INVEA-TECH 2012
- 13. 13/18 Use Cases • Maleware activities 84% of PCs has an antivirus 31% of PCs is infected by malware • Rogue DNS servers 9.10.2012 FlowMon © INVEA-TECH 2012
- 14. 14/18 Use Cases • Data Theft • Undesired applications and user activities 9.10.2012 FlowMon © INVEA-TECH 2012
- 15. Online demo 23.10.2012FlowMon © INVEA-TECH
- 16. 16/18 Benefits for ISP • Long-term statistics storage about traffic • Network capacity planning • Connectivity optimization • Peering agreements optimization • Attacks, anomalies and suspicious behavior detection • Data retention law fulfillment • Accounting and billing based on traffic amount • Possibility to graphs and tables integration to your IS 23.10.2012 FlowMon © INVEA-TECH 2012
- 17. 17/18 FlowMon Solution Advantages • Complete product portfolio for monitoring of all dimension networks • Flexible and scalable as you grow • Best price/performance ratio low price of standard models high performance of hardware-accelerated models • Unique customer benefits 23.10.2012 FlowMon © INVEA-TECH 2012
- 18. 18/18 INVEA-TECH a.s. U Vodárny 2965/2 616 00 Brno Czech Republic www.invea-tech.com High-Speed Networking Technology Partner 23.10.2012 FlowMon © INVEA-TECH 2012 INVEA-TECH info@invea-tech.com +420 511 205 250 Thank you for your attention