Se også præsentation


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Se også præsentation

  1. 1. Go Back in Time On Your Network Get Faster Problem Resolution
  2. 2. A typical network day…
  3. 3. Traditional Troubleshooting Methodology <ul><li>Ignore it, hope the problem goes away </li></ul><ul><li>Check a few network statistics, and then “pull cables” until it seems like the issue has been resolved </li></ul><ul><li>Reallocate analyzer resources to monitor the problem, and hope that the problem happens again so you can investigate. </li></ul><ul><li>(If the problem does not reappear, see option a) </li></ul>
  4. 4. New Methodology – Network Forensics <ul><li>Forensics is the ability to go back in time and investigate network problems </li></ul><ul><li>Retrospective Network Analysis – The technology that allows forensics to happen </li></ul><ul><li>RNA eliminates the time-consuming task of having to recreate the issue </li></ul><ul><li>Allows IT professionals to go immediately to problem resolution mode </li></ul>
  5. 5. What is RNA advantage? Before RNA After RNA
  6. 6. Implementing Network Forensics <ul><li>Network Troubleshooting </li></ul><ul><ul><li>Performs root-cause analysis </li></ul></ul><ul><ul><li>Allows for historical problem identification </li></ul></ul><ul><li>Internal and governmentally mandated compliance </li></ul><ul><ul><li>Provides enforcement of acceptable use policies </li></ul></ul><ul><ul><li>Helps fight industrial espionage </li></ul></ul><ul><ul><li>Assists with Sarbanes Oxley compliance </li></ul></ul><ul><li>Security </li></ul><ul><ul><li>Provides pre-intrusion tracking and identification </li></ul></ul><ul><ul><li>Helps deliver a post-intrusion “paper-trail” </li></ul></ul>
  7. 7. Network Troubleshooting
  8. 8. Troubleshooting – Why poor call quality? <ul><li>Helpdesk receives notice of poor call quality from a VoIP user </li></ul><ul><li>This issue is sporadic </li></ul><ul><li>Aggregate statistics show that overall VoIP quality is high </li></ul><ul><li>A quick check shows that while some links have had high utilization, overall network usage appears within the norm </li></ul>
  9. 9. Troubleshooting – Why poor call quality? <ul><li>Timeline </li></ul><ul><ul><li>8:45 a.m. – Helpdesk receives call of poor voice quality </li></ul></ul><ul><ul><li>9:10 a.m. – After troubleshooting, helpdesk escalates the call to Tier-3 support </li></ul></ul><ul><ul><li>9:50 a.m. – Tier-3 investigates the issue, only to find that the problem has disappeared </li></ul></ul>
  10. 10. Troubleshooting - Why poor call quality? Isolate the time surrounding the issue
  11. 11. Troubleshooting - Why poor call quality? Isolate the user and the specific time frame
  12. 12. Troubleshooting - Why poor call quality? Let the Expert do the work
  13. 13. Why poor call quality? <ul><li>RNA demonstrated that VoIP Call Manager’s precedence bit was not configured correctly for that user </li></ul><ul><li>RNA tracks not only key applications but VoIP communication </li></ul>
  14. 14. Compliance
  15. 15. Compliance – Dealing with a policy violation <ul><li>John has been accused of visiting inappropriate websites during work </li></ul><ul><li>With Forensics, we can prove if John is guilty or not </li></ul><ul><ul><li>But providing only domain names or URLs is not acceptable according to the HR policy </li></ul></ul><ul><ul><li>Offenses must be documented </li></ul></ul>
  16. 16. Compliance – Dealing with a policy violation <ul><li>The Challenge </li></ul><ul><ul><li>Traditional methods of tracking web activity only provides domain names and URL </li></ul></ul><ul><li>The Solution </li></ul><ul><ul><li>RNA and its Stream Reconstruction capability </li></ul></ul>
  17. 17. Compliance - Dealing with a policy violation Isolate the time of activity
  18. 18. Compliance - Dealing with a policy violation Select the user station(s)
  19. 19. Compliance – Use Stream Reconstruction Select the HTML file Display the page the user visited as it appeared
  20. 20. Dealing with a policy violation <ul><li>RNA evidence proves that John has visited prohibited web sites during business hours </li></ul><ul><li>IT department can provide HR the evidence they need to make their decision </li></ul><ul><li>RNA delivers the evidence and proof you need to assist with forensics investigations and to maintain internal and external compliance </li></ul>
  21. 21. Security
  22. 22. Security Attack Identified <ul><li>DMZ attacked </li></ul><ul><li>IPS detected and repelled these attacks </li></ul><ul><li>Unbeknown to the IPS/IDS at the same time a brute force attack got past the VPN </li></ul><ul><li>Trojan applications such as remote control utilities and keystroke loggers were installed </li></ul><ul><li>Resulted in malicious activity against our internal systems </li></ul>
  23. 23. Security – What happened during the attack? Isolate the time frame
  24. 24. Security - What happened during the attack? Utilize Snort rules to diagnose the attack
  25. 25. Security - What happened during the attack? Identify data accessed during intrusion
  26. 26. Security – What happened during the attack? Use MultiHop Analysis to identify every system that was compromised
  27. 27. What happened during the attack? <ul><li>RNA provides the following detail on security attacks </li></ul><ul><ul><li>What attacks took place </li></ul></ul><ul><ul><li>Which systems were compromised </li></ul></ul><ul><ul><li>What data was uploaded or downloaded during the attack </li></ul></ul><ul><ul><li>What path the attack took across the network </li></ul></ul><ul><li>RNA shows security problems in context of all network </li></ul><ul><li>behavior and activity so you can </li></ul><ul><li>not only track but resolve the problem </li></ul>
  28. 28. Thank you