Se også præsentation
Upcoming SlideShare
Loading in...5
×
 

Se også præsentation

on

  • 186 views

 

Statistics

Views

Total Views
186
Views on SlideShare
186
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Se også præsentation Se også præsentation Presentation Transcript

  • Go Back in Time On Your Network Get Faster Problem Resolution
  • A typical network day…
  • Traditional Troubleshooting Methodology
    • Ignore it, hope the problem goes away
    • Check a few network statistics, and then “pull cables” until it seems like the issue has been resolved
    • Reallocate analyzer resources to monitor the problem, and hope that the problem happens again so you can investigate.
    • (If the problem does not reappear, see option a)
  • New Methodology – Network Forensics
    • Forensics is the ability to go back in time and investigate network problems
    • Retrospective Network Analysis – The technology that allows forensics to happen
    • RNA eliminates the time-consuming task of having to recreate the issue
    • Allows IT professionals to go immediately to problem resolution mode
  • What is RNA advantage? Before RNA After RNA
  • Implementing Network Forensics
    • Network Troubleshooting
      • Performs root-cause analysis
      • Allows for historical problem identification
    • Internal and governmentally mandated compliance
      • Provides enforcement of acceptable use policies
      • Helps fight industrial espionage
      • Assists with Sarbanes Oxley compliance
    • Security
      • Provides pre-intrusion tracking and identification
      • Helps deliver a post-intrusion “paper-trail”
  • Network Troubleshooting
  • Troubleshooting – Why poor call quality?
    • Helpdesk receives notice of poor call quality from a VoIP user
    • This issue is sporadic
    • Aggregate statistics show that overall VoIP quality is high
    • A quick check shows that while some links have had high utilization, overall network usage appears within the norm
  • Troubleshooting – Why poor call quality?
    • Timeline
      • 8:45 a.m. – Helpdesk receives call of poor voice quality
      • 9:10 a.m. – After troubleshooting, helpdesk escalates the call to Tier-3 support
      • 9:50 a.m. – Tier-3 investigates the issue, only to find that the problem has disappeared
  • Troubleshooting - Why poor call quality? Isolate the time surrounding the issue
  • Troubleshooting - Why poor call quality? Isolate the user and the specific time frame
  • Troubleshooting - Why poor call quality? Let the Expert do the work
  • Why poor call quality?
    • RNA demonstrated that VoIP Call Manager’s precedence bit was not configured correctly for that user
    • RNA tracks not only key applications but VoIP communication
  • Compliance
  • Compliance – Dealing with a policy violation
    • John has been accused of visiting inappropriate websites during work
    • With Forensics, we can prove if John is guilty or not
      • But providing only domain names or URLs is not acceptable according to the HR policy
      • Offenses must be documented
  • Compliance – Dealing with a policy violation
    • The Challenge
      • Traditional methods of tracking web activity only provides domain names and URL
    • The Solution
      • RNA and its Stream Reconstruction capability
  • Compliance - Dealing with a policy violation Isolate the time of activity
  • Compliance - Dealing with a policy violation Select the user station(s)
  • Compliance – Use Stream Reconstruction Select the HTML file Display the page the user visited as it appeared
  • Dealing with a policy violation
    • RNA evidence proves that John has visited prohibited web sites during business hours
    • IT department can provide HR the evidence they need to make their decision
    • RNA delivers the evidence and proof you need to assist with forensics investigations and to maintain internal and external compliance
  • Security
  • Security Attack Identified
    • DMZ attacked
    • IPS detected and repelled these attacks
    • Unbeknown to the IPS/IDS at the same time a brute force attack got past the VPN
    • Trojan applications such as remote control utilities and keystroke loggers were installed
    • Resulted in malicious activity against our internal systems
  • Security – What happened during the attack? Isolate the time frame
  • Security - What happened during the attack? Utilize Snort rules to diagnose the attack
  • Security - What happened during the attack? Identify data accessed during intrusion
  • Security – What happened during the attack? Use MultiHop Analysis to identify every system that was compromised
  • What happened during the attack?
    • RNA provides the following detail on security attacks
      • What attacks took place
      • Which systems were compromised
      • What data was uploaded or downloaded during the attack
      • What path the attack took across the network
    • RNA shows security problems in context of all network
    • behavior and activity so you can
    • not only track but resolve the problem
  • Thank you