session 2 security monitoring
DESCRIPTION
Session 2 Security Monitoring. Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification. Identifying an Attack. Identification Tools. Network Benchmark Parameter. Device Status. CPU Memory Temperature. CPU Load. Abnormal CPU Load. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/1.jpg)
Session 2Security Monitoring
Identify
Device Status
Traffic Analysis
Routing Protocol Status
Configuration & Log
Classification
![Page 2: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/2.jpg)
Identifying an Attack
![Page 3: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/3.jpg)
Identification Tools
![Page 4: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/4.jpg)
![Page 5: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/5.jpg)
Network Benchmark Parameter
![Page 6: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/6.jpg)
Device Status
CPU
Memory
Temperature
![Page 7: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/7.jpg)
CPU Load
![Page 8: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/8.jpg)
Abnormal CPU Load
![Page 9: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/9.jpg)
Abnormal CPU Load
![Page 10: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/10.jpg)
Identifying an Attack through CPU Load
![Page 11: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/11.jpg)
Identifying an Attack through CPU Load
![Page 12: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/12.jpg)
Identifying an Attack through CPU Load
![Page 13: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/13.jpg)
Temperature
![Page 14: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/14.jpg)
Traffic Analysis
Technology (Netflow & Sniffer)
Layer 3 or 4 based
Application based
![Page 15: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/15.jpg)
Netflow Detect & Affirm
![Page 16: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/16.jpg)
Use Netflow
![Page 17: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/17.jpg)
Detect DoS
![Page 18: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/18.jpg)
Example
![Page 19: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/19.jpg)
Layer 3 or 4 TOP N
IP address based
Protocol based
Port based
Packet Size based
AS based
![Page 20: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/20.jpg)
Index
![Page 21: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/21.jpg)
overview
Normalin/NormaloutSpoofin/SpoofoutBandwidth 、 PPS and Packet Size
![Page 22: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/22.jpg)
Traffic Statistics Picture• According to bandwidth bandwidth 、 packet size and PPS• According to direction normalin/normalout spoofin/spoofout• According to time 4 hours , 2 days , 1 week , 2 months• max , min , average , now
![Page 23: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/23.jpg)
Traffic Statistics Picture (overview)
![Page 24: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/24.jpg)
Traffic Statistics
![Page 25: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/25.jpg)
IP TOP 20
• Order by source/destination address
• Order by source destination peer
• Order by bandwidth and PPS
![Page 26: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/26.jpg)
Traffic Analyse (TOP20)
![Page 27: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/27.jpg)
Traffic Analyse (TOP20)
![Page 28: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/28.jpg)
Packet size TOP20
Order by bandwidth 、 PPS
![Page 29: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/29.jpg)
Port Distribution TOP20
• Order by sour/dest port summary
• Order by sour/dest port direction
• Order by bandwidth and pps
![Page 30: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/30.jpg)
Port distribution TOP20
![Page 31: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/31.jpg)
Protocol statistic TOP20
• According to protocol normalin 、 normalout 、 spoofin and spoofout
• Order by bandwidth and pps
![Page 32: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/32.jpg)
Protocol Statistic TOP20
![Page 33: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/33.jpg)
Protocol Picture• According to bandwidth and pps • According to type TCP UDP ICMP
• According to time 4hours , 2day , 1week , 2month
• Max, min, average, now
![Page 34: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/34.jpg)
Protocol (TCP UDP ICMP) Statistics Overview
![Page 35: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/35.jpg)
Protocol (TCP UDP ICMP) Statistics
![Page 36: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/36.jpg)
AS Statistic TOP20
• According to directionnormalin 、 normalout 、 spoofin and spoofout
• According to bandwidth and pps
![Page 37: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/37.jpg)
AS Statistic TOP20
![Page 38: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/38.jpg)
Abnormal Traffic Query System
![Page 39: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/39.jpg)
Abnormal Traffic Query System
![Page 40: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/40.jpg)
Routing Protocol Status
Route Entries
Routing Protocol Stability
![Page 41: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/41.jpg)
Route Monitoring
![Page 42: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/42.jpg)
Routing (BGP summary)
![Page 43: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/43.jpg)
Routing Monitoring
![Page 44: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/44.jpg)
BGP Statistics
![Page 45: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/45.jpg)
BGP Monitoring (TEIN2-NORTH)
![Page 46: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/46.jpg)
BGP Monitoring (TEIN2-SOUTH)
![Page 47: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/47.jpg)
BGP Monitoring (TEIN2-JP)
![Page 48: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/48.jpg)
AS Path Entries
![Page 49: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/49.jpg)
Community Entries
![Page 50: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/50.jpg)
IPv4 Prefix
![Page 51: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/51.jpg)
IPv6 Prefix
![Page 52: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/52.jpg)
Route Flapping Top 20No. PREFIX AS Oscillation
1 195.251.96.0/24 5408 3400
2 156.148.0.0/16 137 2829
3 195.251.98.0/23 5408 2714
4 195.251.0.0/23 5408 2301
5 193.194.64.0/19 3208 1952
6 195.251.104.0/24 5408 1895
7 194.177.196.0/24 3323 1528
8 84.205.64.0/24 12654 1417
9 84.205.65.0/24 12654 1266
10 84.205.77.0/24 12654 1250
11 84.205.67.0/24 12654 1147
12 84.205.76.0/24 12654 1134
13 84.205.78.0/24 12654 1074
14 84.205.75.0/24 12654 1025
15 84.205.69.0/24 12654 1008
16 84.205.74.0/24 12654 998
17 195.60.236.0/22 39154 941
18 84.205.71.0/24 12654 940
19 193.124.160.0/21 5402 922
20 193.124.208.0/20 3335 874
No. AS Oscillation
1 680 46486
2 786 38707
3 5408 36036
4 2018 31828
5 137 21231
6 4621 17600
7 1103 17268
8 559 17071
9 12654 13666
10 2200 13621
11 5387 12209
12 2614 10461
13 1659 10013
14 766 9504
15 237 7633
16 668 7213
17 5501 6840
18 553 6190
19 2561 6062
20 2422 6026
![Page 53: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/53.jpg)
IPv6 Route Flapping Top 10
No. PREFIX ASOscillat
ion
1 2001:4c00::/32 34695 673
2 2001:1a70::/32 12046 529
3 2001:1410::/32 25538 508
4 2001:4b58::/32 6802 443
5 2001:1b20::/32 8665 441
6 2001:a98::/32 8517 439
7 2001:720::/32 766 431
8 2001:4170::/32 13092 407
9 2001:778::/32 2847 392
10 2001:1a18::/32 3268 391
No. AS Oscillation
1 195 716
2 34695 673
3 559 610
4 12046 529
5 25538 508
6 6802 443
7 8665 441
8 8517 439
9 766 431
10 13092 407
![Page 54: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/54.jpg)
AAA & Log Audit
Account
SYSLOG
Log audit tools
![Page 55: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/55.jpg)
Configuring Syslog on a router
![Page 56: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/56.jpg)
Configuration change notification and logging
![Page 57: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/57.jpg)
Log skill
![Page 58: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/58.jpg)
SNMP Authentication Failurevia SYSLOG
![Page 59: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/59.jpg)
SNMP Authentication Failurevia SYSLOG
![Page 60: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/60.jpg)
Classification Objectives
![Page 61: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/61.jpg)
Classification ACLs
![Page 62: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/62.jpg)
Classification and Traceback ACLs
![Page 63: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/63.jpg)
Classification and Traceback ACLs
![Page 64: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/64.jpg)
Classification and Traceback ACLs
![Page 65: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/65.jpg)
Classification and Traceback ACLs
![Page 66: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/66.jpg)
Classification and Traceback ACLs
![Page 67: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/67.jpg)
Classification ACLs - Hints
![Page 68: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/68.jpg)
Netflow Classification Technique
![Page 69: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/69.jpg)
show ip cache flow
![Page 70: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/70.jpg)
show ip cache verbose flow
![Page 71: Session 2 Security Monitoring](https://reader035.vdocument.in/reader035/viewer/2022062517/568139c5550346895da16f74/html5/thumbnails/71.jpg)
Sink Hole – How to Classify?