Se også præsentation
Upcoming SlideShare
Loading in...5

Se også præsentation






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Se også præsentation Se også præsentation Presentation Transcript

  • Go Back in Time On Your Network Get Faster Problem Resolution
  • A typical network day…
  • Traditional Troubleshooting Methodology
    • Ignore it, hope the problem goes away
    • Check a few network statistics, and then “pull cables” until it seems like the issue has been resolved
    • Reallocate analyzer resources to monitor the problem, and hope that the problem happens again so you can investigate.
    • (If the problem does not reappear, see option a)
  • New Methodology – Network Forensics
    • Forensics is the ability to go back in time and investigate network problems
    • Retrospective Network Analysis – The technology that allows forensics to happen
    • RNA eliminates the time-consuming task of having to recreate the issue
    • Allows IT professionals to go immediately to problem resolution mode
  • What is RNA advantage? Before RNA After RNA
  • Implementing Network Forensics
    • Network Troubleshooting
      • Performs root-cause analysis
      • Allows for historical problem identification
    • Internal and governmentally mandated compliance
      • Provides enforcement of acceptable use policies
      • Helps fight industrial espionage
      • Assists with Sarbanes Oxley compliance
    • Security
      • Provides pre-intrusion tracking and identification
      • Helps deliver a post-intrusion “paper-trail”
  • Network Troubleshooting
  • Troubleshooting – Why poor call quality?
    • Helpdesk receives notice of poor call quality from a VoIP user
    • This issue is sporadic
    • Aggregate statistics show that overall VoIP quality is high
    • A quick check shows that while some links have had high utilization, overall network usage appears within the norm
  • Troubleshooting – Why poor call quality?
    • Timeline
      • 8:45 a.m. – Helpdesk receives call of poor voice quality
      • 9:10 a.m. – After troubleshooting, helpdesk escalates the call to Tier-3 support
      • 9:50 a.m. – Tier-3 investigates the issue, only to find that the problem has disappeared
  • Troubleshooting - Why poor call quality? Isolate the time surrounding the issue
  • Troubleshooting - Why poor call quality? Isolate the user and the specific time frame
  • Troubleshooting - Why poor call quality? Let the Expert do the work
  • Why poor call quality?
    • RNA demonstrated that VoIP Call Manager’s precedence bit was not configured correctly for that user
    • RNA tracks not only key applications but VoIP communication
  • Compliance
  • Compliance – Dealing with a policy violation
    • John has been accused of visiting inappropriate websites during work
    • With Forensics, we can prove if John is guilty or not
      • But providing only domain names or URLs is not acceptable according to the HR policy
      • Offenses must be documented
  • Compliance – Dealing with a policy violation
    • The Challenge
      • Traditional methods of tracking web activity only provides domain names and URL
    • The Solution
      • RNA and its Stream Reconstruction capability
  • Compliance - Dealing with a policy violation Isolate the time of activity
  • Compliance - Dealing with a policy violation Select the user station(s)
  • Compliance – Use Stream Reconstruction Select the HTML file Display the page the user visited as it appeared
  • Dealing with a policy violation
    • RNA evidence proves that John has visited prohibited web sites during business hours
    • IT department can provide HR the evidence they need to make their decision
    • RNA delivers the evidence and proof you need to assist with forensics investigations and to maintain internal and external compliance
  • Security
  • Security Attack Identified
    • DMZ attacked
    • IPS detected and repelled these attacks
    • Unbeknown to the IPS/IDS at the same time a brute force attack got past the VPN
    • Trojan applications such as remote control utilities and keystroke loggers were installed
    • Resulted in malicious activity against our internal systems
  • Security – What happened during the attack? Isolate the time frame
  • Security - What happened during the attack? Utilize Snort rules to diagnose the attack
  • Security - What happened during the attack? Identify data accessed during intrusion
  • Security – What happened during the attack? Use MultiHop Analysis to identify every system that was compromised
  • What happened during the attack?
    • RNA provides the following detail on security attacks
      • What attacks took place
      • Which systems were compromised
      • What data was uploaded or downloaded during the attack
      • What path the attack took across the network
    • RNA shows security problems in context of all network
    • behavior and activity so you can
    • not only track but resolve the problem
  • Thank you