SlideShare a Scribd company logo

Network Analysis Mini Project 2.pptx

Download as PPTX, PDF
T
talkaton

Mini Project

Education
1 of 30
NETWORK TRAFFIC ANALYSIS WITH CYBER SECURITY
CONTENTS • INTRODUCTION • WHAT IS CYBER SECURITY? • WHAT IS NETWORK TRAFFIC ANALYSIS? • NEED OF NETWORK ANALYSIS • HOW TO SOLVE NETWORK NETWORK TRAFFIC? • FEATURES OF NETWORK TRAFFIC ANALYSIS • NETWORK ANALYZERS • IMPORTANCE OF NETWORK TRAFFIC ANALYSIS • USE CASES FOR ANALYSING NETWORK TRAFFIC • WHAT TO LOOK FOR IN A NETWORK TRAFFIC ANALYSIS • NETWORK PROTOCOLS • ARCHITECTURE DIAGRAM • CONCLUSION
INTRODUCTION • Network traffic analysis have been the most spoken topic nowadays. • Network traffic analysis techniques allow the traffic at particular points on a network to be recorded displayed in useful form and analyzed. • Traffic can be monitored at the network boundary on specific segments at particular interfaces. • Network traffic analysis can easily be detected using various network analyzers.
WHAT IS CYBER SECURITY? •Computer technology security, cybersecurity or information security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. •Cyber security is the application of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber attacks. •It aims to reduce the risk of cyber attacks and protect against the unauthorised exploitation of systems, networks and technologies. •Cybersecurity is important because it protects all categories of data from theft and damage.
WHAT IS NETWORK TRAFFIC ANALYSIS? •Network traffic analysis (NTA) is a method of monitoring network availability and activity to identify anomalies, including security and operational issues. •Common use cases for NTA include: Collecting a real-time and historical record of what's happening on your network. Detecting malware such as ransomware activity. •Network traffic analysis is primarily done to get in-depth insight into what type of traffic/network packets or data is flowing through a network.
NEED OF NETWORK TRAFFIC ANALYSIS • Gain special knowledge about the network • Investigate and troubleshoot abnormal behaviour -Abnormal packets -Network slow performance 1. congestion 2. Retransmission -Unexpected traffic -Broken applications -Load balancer issues
• Network forensenics -Collecting evidence -Incident Handling -Tracing attacks -Linking infected hosts -Determining patient zero • Stealing Sensitive information • Pen-testing • Developing IPS/IDS signatures • Troubleshoot problems • Analyse the performance of network sections to identify bottlenecks
• Network intrusion detection • Logging network traffic for forsenic evidence • Analysing the operation of network applications • Tracing the source of DoS attack • Detecting spyware and compromised hosts possibly a botnet member • To capture clear-text usernames and passwords and those which are trivially encrypted • To passively map a network • To passively fingerprint the OS of network hosts • To capture other confidential information
HOW TO SOLVE NETWORK TRAFFIC? • Identify what applications/protocols are running on the network • Identify bandwidth hogs down to a user, application or device level • Monitor client to server network traffic • Troubleshoot network & application performance issues
FEATURES OF NETWORK TRAFFIC ANALYSIS • Broad Visibility • Whether the network communications in question are traditional TCP/IP style packets, virtual network traffic crossing from a vSwitch, traffic from and within cloud workloads, API calls to SaaS applications, or serverless computing instances, NTA tools have the ability to monitor and analyze a broad variety of communications in real-time. • Encrypted Traffic Analysis With over 70 percent of web traffic encrypted, organizations need an accessible method for decrypting their network traffic without disrupting data privacy implications. NTA solutions deliver on this challenge by enabling security professionals to uncover network threats by analyzing the full payload without actually peeking into it.
• Entity Tracking NTA products offer the ability to track and profile all entities on a network, including the devices, users, applications, destinations, and more. Machine learning and analytics then attribute the behaviors and relationships to the named entities, providing infinitely more value to organizations than a static list of IP addresses. • Detection and Response Because NTA tools attribute behaviors to entities, ample context is available for detection and response workflows. This means security professionals no longer need to sift through multiple data sources such as DHCP and DNS logs, configuration management databases and directory service infrastructure in an attempt to gain comprehensive visibility. Instead, they can quickly detect anomalies, decisively track them down, determine the root cause and react accordingly.
• Comprehensive Baseline To keep up with ever-changing modern IT environments, NTA solutions track behaviors that are unique to an entity or a small number of entities in comparison to the bulk of entities in an environment. The underlying data is available immediately and NTA machine learning baselines evolve in real-time as behaviors change. Also, with entity tracking capabilities, NTA baselines are even more comprehensive as they can understand the source and destination entities, in addition to traffic patterns. For instance, what might be normal for a workstation is not normal for a server or IP phone or camera.
NETWORK ANALYZERS • Wireshark • NMAP cli and gui • Network Associates Sniffer • TCP Dump based basic command line utility (UNIX) • Windows Network Monitor included with windows server Oss • Snort • Dsniff • Ettercap
IMPORTANCE OF NETWORK TRAFFIC ANALYSIS • Keeping a close eye on your network perimeter is always good practice. Even with strong firewalls in place, mistakes can happen and rogue traffic could get through. • Users could also leverage methods such as tunneling, external anonymizers, and VPNs to get around firewall rules. • A network monitoring solution should be able to detect activity indicative of ransomware attacks via insecure protocols. Take WannaCry, for example, where attackers actively scanned for networks with TCP port 445 open, and then used a vulnerability in SMBv1 to access network file shares.
• Remote Desktop Protocol (RDP) is another commonly targeted application. Make sure you block any inbound connection attempts on your firewall. • Monitoring traffic inside your firewalls allows you to validate rules, gain valuable insight, and can also be used as a source of network traffic-based alerts. • Monitoring traffic inside your firewalls allows you to validate rules, gain valuable insight, and can also be used as a source of network traffic-based alerts.
• CLI strings may reveal login procedures, presentation of user credentials, commands to display boot or running configuration, copying files, and more. • Be sure to check your network data for any devices running unencrypted management protocols, such as: • Telnet • Hypertext Transport Protocol (HTTP, port 80) • Simple Network Management Protocol (SNMP, ports 161/162) • Cisco Smart Install (SMI port 4786)
USECASES FOR ANALYZING NETWORK TRAFFIC • Detection of ransomware activity • Monitoring data exfiltration/internet activity • Monitor access to files on file servers or MSSQL databases • Track a user’s activity on the network, though User Forensics reporting • Provide an inventory of what devices, servers and services are running on the network • Highlight and identity root cause of bandwidth peaks on the network • Provide real-time dashboards focusing on network and user activity • Generate network activity reports for management and auditors for any time period
WHAT TO LOOK FOR IN A NETWORK TRAFFIC ANALYSIS • Not all tools for monitoring network traffic are the same. Generally, they can be broken down into two types: flow-based tools and deep packet inspection (DPI) tools. • Within these tools you’ll have options for software agents, storing historical data, and intrusion detection systems. • When evaluating which solution is right for your organization, consider these five things:
1. Availability of flow-enabled devices 2. The data source 3. The points on the network 4. Real-time data vs. historical data 5. Full packet capture, cost and complexity
NETWORK PROTOCOLS • There are totally 7 layers of protocols for analyzing network traffic
ARCHITECTURE DIAGRAM
CONCLUSION • Network traffic analysis is an essential way to monitor network availability and activity to identify anomalies, maximize performance, and keep an eye out for attacks. • Alongside log aggregation, UEBA, and endpoint data, network traffic is a core piece of the comprehensive visibility and security analysis to discover threats early and extinguish them fast. • When choosing a NTA solution, consider the current blind spots on your network, the data sources you need information from, and the critical points on the network where they converge for efficient monitoring. With NTA added as a layer to your security information and event management (SIEM) solution, you’ll gain visibility into even more of your environment and your users.
FUTURE SCOPE • This can be further enhanced to • Fault management • Alerts and Threshold • Windows event log monitoring • Traffic management • Network Security • Network scheduling
Network Analysis Mini Project 2.pptx

Recommended

Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolIssar Kapadia
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensicsAnpumathews
 
Dist sniffing & scanning project
Dist sniffing & scanning projectDist sniffing & scanning project
Dist sniffing & scanning projectRishu Seth
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01EduclentMegasoftel
 
Minimizing Information Transparency
Minimizing Information TransparencyMinimizing Information Transparency
Minimizing Information TransparencyUsman Arshad
 
infoAssurance (1).pptx
infoAssurance (1).pptxinfoAssurance (1).pptx
infoAssurance (1).pptxStevenJoeBiago
 
Network Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxNetwork Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxArifinChowdhury2
 
1. Network monitoring and measurement-2.ppt
1. Network monitoring and measurement-2.ppt1. Network monitoring and measurement-2.ppt
1. Network monitoring and measurement-2.pptFarid Er
 

Recommended

Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolIssar Kapadia
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensicsAnpumathews
 
Dist sniffing & scanning project
Dist sniffing & scanning projectDist sniffing & scanning project
Dist sniffing & scanning projectRishu Seth
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01EduclentMegasoftel
 
Minimizing Information Transparency
Minimizing Information TransparencyMinimizing Information Transparency
Minimizing Information TransparencyUsman Arshad
 
infoAssurance (1).pptx
infoAssurance (1).pptxinfoAssurance (1).pptx
infoAssurance (1).pptxStevenJoeBiago
 
Network Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxNetwork Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxArifinChowdhury2
 
1. Network monitoring and measurement-2.ppt
1. Network monitoring and measurement-2.ppt1. Network monitoring and measurement-2.ppt
1. Network monitoring and measurement-2.pptFarid Er
 
Deep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotDeep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotServicePilot
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewallsDivya Jyoti
 
Barsamian alexander-identifying-network-users
Barsamian alexander-identifying-network-usersBarsamian alexander-identifying-network-users
Barsamian alexander-identifying-network-usersProQSys
 
HSB15 - Pavel Minarik - INVEATECH
HSB15 - Pavel Minarik - INVEATECHHSB15 - Pavel Minarik - INVEATECH
HSB15 - Pavel Minarik - INVEATECHSplend
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewChristine MacDonald
 
Chapter09
Chapter09Chapter09
Chapter09Muhammad Ahad
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention SystemVishwanath Badiger
 
Network Bandwidth management - Mumbai Seminar
Network Bandwidth management - Mumbai SeminarNetwork Bandwidth management - Mumbai Seminar
Network Bandwidth management - Mumbai SeminarManageEngine, Zoho Corporation
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.pptAssadLeo1
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Mouaz Alnouri
 
MVA slides lesson 8
MVA slides lesson 8MVA slides lesson 8
MVA slides lesson 8Fabio Almeida- Oficina Eletrônica
 
98 366 mva slides lesson 8
98 366 mva slides lesson 898 366 mva slides lesson 8
98 366 mva slides lesson 8suddenven
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system securityGary Mendonca
 
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERSVTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERSvtunotesbysree
 
1. Network Security Monitoring Rationale
1. Network Security Monitoring Rationale1. Network Security Monitoring Rationale
1. Network Security Monitoring RationaleSam Bowne
 
Identify and Resolve Ntwork Problems.pdf
Identify and Resolve Ntwork Problems.pdfIdentify and Resolve Ntwork Problems.pdf
Identify and Resolve Ntwork Problems.pdfMeresa Hiluf`
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cyclepenetration Tester
 
Network forensics1
Network forensics1Network forensics1
Network forensics1Santosh Khadsare
 
Presentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraPresentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraRogerChaucaZea
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 

More Related Content

Similar to Network Analysis Mini Project 2.pptx

Deep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotDeep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotServicePilot
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewallsDivya Jyoti
 
Barsamian alexander-identifying-network-users
Barsamian alexander-identifying-network-usersBarsamian alexander-identifying-network-users
Barsamian alexander-identifying-network-usersProQSys
 
HSB15 - Pavel Minarik - INVEATECH
HSB15 - Pavel Minarik - INVEATECHHSB15 - Pavel Minarik - INVEATECH
HSB15 - Pavel Minarik - INVEATECHSplend
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewChristine MacDonald
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.pptAssadLeo1
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Mouaz Alnouri
 
98 366 mva slides lesson 8
98 366 mva slides lesson 898 366 mva slides lesson 8
98 366 mva slides lesson 8suddenven
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system securityGary Mendonca
 
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERSVTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERSvtunotesbysree
 
1. Network Security Monitoring Rationale
1. Network Security Monitoring Rationale1. Network Security Monitoring Rationale
1. Network Security Monitoring RationaleSam Bowne
 
Identify and Resolve Ntwork Problems.pdf
Identify and Resolve Ntwork Problems.pdfIdentify and Resolve Ntwork Problems.pdf
Identify and Resolve Ntwork Problems.pdfMeresa Hiluf`
 
Presentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraPresentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraRogerChaucaZea
 

Similar to Network Analysis Mini Project 2.pptx (20)

Deep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotDeep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilot
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewalls
 
Barsamian alexander-identifying-network-users
Barsamian alexander-identifying-network-usersBarsamian alexander-identifying-network-users
Barsamian alexander-identifying-network-users
 
HSB15 - Pavel Minarik - INVEATECH
HSB15 - Pavel Minarik - INVEATECHHSB15 - Pavel Minarik - INVEATECH
HSB15 - Pavel Minarik - INVEATECH
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration Review
 
Chapter09
Chapter09Chapter09
Chapter09
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
 
Network Bandwidth management - Mumbai Seminar
Network Bandwidth management - Mumbai SeminarNetwork Bandwidth management - Mumbai Seminar
Network Bandwidth management - Mumbai Seminar
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.ppt
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021
 
MVA slides lesson 8
MVA slides lesson 8MVA slides lesson 8
MVA slides lesson 8
 
98 366 mva slides lesson 8
98 366 mva slides lesson 898 366 mva slides lesson 8
98 366 mva slides lesson 8
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
 
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERSVTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
 
1. Network Security Monitoring Rationale
1. Network Security Monitoring Rationale1. Network Security Monitoring Rationale
1. Network Security Monitoring Rationale
 
Identify and Resolve Ntwork Problems.pdf
Identify and Resolve Ntwork Problems.pdfIdentify and Resolve Ntwork Problems.pdf
Identify and Resolve Ntwork Problems.pdf
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Network forensics1
Network forensics1Network forensics1
Network forensics1
 
Presentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraPresentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion segura
 

Recently uploaded

Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 

Recently uploaded (20)

Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 

Network Analysis Mini Project 2.pptx

  • 1. NETWORK TRAFFIC ANALYSIS WITH CYBER SECURITY
  • 2. CONTENTS • INTRODUCTION • WHAT IS CYBER SECURITY? • WHAT IS NETWORK TRAFFIC ANALYSIS? • NEED OF NETWORK ANALYSIS • HOW TO SOLVE NETWORK NETWORK TRAFFIC? • FEATURES OF NETWORK TRAFFIC ANALYSIS • NETWORK ANALYZERS • IMPORTANCE OF NETWORK TRAFFIC ANALYSIS • USE CASES FOR ANALYSING NETWORK TRAFFIC • WHAT TO LOOK FOR IN A NETWORK TRAFFIC ANALYSIS • NETWORK PROTOCOLS • ARCHITECTURE DIAGRAM • CONCLUSION
  • 3. INTRODUCTION • Network traffic analysis have been the most spoken topic nowadays. • Network traffic analysis techniques allow the traffic at particular points on a network to be recorded displayed in useful form and analyzed. • Traffic can be monitored at the network boundary on specific segments at particular interfaces. • Network traffic analysis can easily be detected using various network analyzers.
  • 4. WHAT IS CYBER SECURITY? •Computer technology security, cybersecurity or information security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. •Cyber security is the application of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber attacks. •It aims to reduce the risk of cyber attacks and protect against the unauthorised exploitation of systems, networks and technologies. •Cybersecurity is important because it protects all categories of data from theft and damage.
  • 5. WHAT IS NETWORK TRAFFIC ANALYSIS? •Network traffic analysis (NTA) is a method of monitoring network availability and activity to identify anomalies, including security and operational issues. •Common use cases for NTA include: Collecting a real-time and historical record of what's happening on your network. Detecting malware such as ransomware activity. •Network traffic analysis is primarily done to get in-depth insight into what type of traffic/network packets or data is flowing through a network.
  • 6.
  • 7. NEED OF NETWORK TRAFFIC ANALYSIS • Gain special knowledge about the network • Investigate and troubleshoot abnormal behaviour -Abnormal packets -Network slow performance 1. congestion 2. Retransmission -Unexpected traffic -Broken applications -Load balancer issues
  • 8. • Network forensenics -Collecting evidence -Incident Handling -Tracing attacks -Linking infected hosts -Determining patient zero • Stealing Sensitive information • Pen-testing • Developing IPS/IDS signatures • Troubleshoot problems • Analyse the performance of network sections to identify bottlenecks
  • 9. • Network intrusion detection • Logging network traffic for forsenic evidence • Analysing the operation of network applications • Tracing the source of DoS attack • Detecting spyware and compromised hosts possibly a botnet member • To capture clear-text usernames and passwords and those which are trivially encrypted • To passively map a network • To passively fingerprint the OS of network hosts • To capture other confidential information
  • 10. HOW TO SOLVE NETWORK TRAFFIC? • Identify what applications/protocols are running on the network • Identify bandwidth hogs down to a user, application or device level • Monitor client to server network traffic • Troubleshoot network & application performance issues
  • 11. FEATURES OF NETWORK TRAFFIC ANALYSIS • Broad Visibility • Whether the network communications in question are traditional TCP/IP style packets, virtual network traffic crossing from a vSwitch, traffic from and within cloud workloads, API calls to SaaS applications, or serverless computing instances, NTA tools have the ability to monitor and analyze a broad variety of communications in real-time. • Encrypted Traffic Analysis With over 70 percent of web traffic encrypted, organizations need an accessible method for decrypting their network traffic without disrupting data privacy implications. NTA solutions deliver on this challenge by enabling security professionals to uncover network threats by analyzing the full payload without actually peeking into it.
  • 12. • Entity Tracking NTA products offer the ability to track and profile all entities on a network, including the devices, users, applications, destinations, and more. Machine learning and analytics then attribute the behaviors and relationships to the named entities, providing infinitely more value to organizations than a static list of IP addresses. • Detection and Response Because NTA tools attribute behaviors to entities, ample context is available for detection and response workflows. This means security professionals no longer need to sift through multiple data sources such as DHCP and DNS logs, configuration management databases and directory service infrastructure in an attempt to gain comprehensive visibility. Instead, they can quickly detect anomalies, decisively track them down, determine the root cause and react accordingly.
  • 13. • Comprehensive Baseline To keep up with ever-changing modern IT environments, NTA solutions track behaviors that are unique to an entity or a small number of entities in comparison to the bulk of entities in an environment. The underlying data is available immediately and NTA machine learning baselines evolve in real-time as behaviors change. Also, with entity tracking capabilities, NTA baselines are even more comprehensive as they can understand the source and destination entities, in addition to traffic patterns. For instance, what might be normal for a workstation is not normal for a server or IP phone or camera.
  • 14. NETWORK ANALYZERS • Wireshark • NMAP cli and gui • Network Associates Sniffer • TCP Dump based basic command line utility (UNIX) • Windows Network Monitor included with windows server Oss • Snort • Dsniff • Ettercap
  • 15. IMPORTANCE OF NETWORK TRAFFIC ANALYSIS • Keeping a close eye on your network perimeter is always good practice. Even with strong firewalls in place, mistakes can happen and rogue traffic could get through. • Users could also leverage methods such as tunneling, external anonymizers, and VPNs to get around firewall rules. • A network monitoring solution should be able to detect activity indicative of ransomware attacks via insecure protocols. Take WannaCry, for example, where attackers actively scanned for networks with TCP port 445 open, and then used a vulnerability in SMBv1 to access network file shares.
  • 16. • Remote Desktop Protocol (RDP) is another commonly targeted application. Make sure you block any inbound connection attempts on your firewall. • Monitoring traffic inside your firewalls allows you to validate rules, gain valuable insight, and can also be used as a source of network traffic-based alerts. • Monitoring traffic inside your firewalls allows you to validate rules, gain valuable insight, and can also be used as a source of network traffic-based alerts.
  • 17. • CLI strings may reveal login procedures, presentation of user credentials, commands to display boot or running configuration, copying files, and more. • Be sure to check your network data for any devices running unencrypted management protocols, such as: • Telnet • Hypertext Transport Protocol (HTTP, port 80) • Simple Network Management Protocol (SNMP, ports 161/162) • Cisco Smart Install (SMI port 4786)
  • 18.
  • 19.
  • 20. USECASES FOR ANALYZING NETWORK TRAFFIC • Detection of ransomware activity • Monitoring data exfiltration/internet activity • Monitor access to files on file servers or MSSQL databases • Track a user’s activity on the network, though User Forensics reporting • Provide an inventory of what devices, servers and services are running on the network • Highlight and identity root cause of bandwidth peaks on the network • Provide real-time dashboards focusing on network and user activity • Generate network activity reports for management and auditors for any time period
  • 21. WHAT TO LOOK FOR IN A NETWORK TRAFFIC ANALYSIS • Not all tools for monitoring network traffic are the same. Generally, they can be broken down into two types: flow-based tools and deep packet inspection (DPI) tools. • Within these tools you’ll have options for software agents, storing historical data, and intrusion detection systems. • When evaluating which solution is right for your organization, consider these five things:
  • 22. 1. Availability of flow-enabled devices 2. The data source 3. The points on the network 4. Real-time data vs. historical data 5. Full packet capture, cost and complexity
  • 23. NETWORK PROTOCOLS • There are totally 7 layers of protocols for analyzing network traffic
  • 25.
  • 26.
  • 27.
  • 28. CONCLUSION • Network traffic analysis is an essential way to monitor network availability and activity to identify anomalies, maximize performance, and keep an eye out for attacks. • Alongside log aggregation, UEBA, and endpoint data, network traffic is a core piece of the comprehensive visibility and security analysis to discover threats early and extinguish them fast. • When choosing a NTA solution, consider the current blind spots on your network, the data sources you need information from, and the critical points on the network where they converge for efficient monitoring. With NTA added as a layer to your security information and event management (SIEM) solution, you’ll gain visibility into even more of your environment and your users.
  • 29. FUTURE SCOPE • This can be further enhanced to • Fault management • Alerts and Threshold • Windows event log monitoring • Traffic management • Network Security • Network scheduling