SlideShare a Scribd company logo

Optimize Network Security with Traffic Analysis & Cyber Protection

T
talkaton

Design

Design
1 of 30
Download to read offline
NETWORK TRAFFIC ANALYSIS WITH CYBER SECURITY
CONTENTS • INTRODUCTION • WHAT IS CYBER SECURITY? • WHAT IS NETWORK TRAFFIC ANALYSIS? • NEED OF NETWORK ANALYSIS • HOW TO SOLVE NETWORK NETWORK TRAFFIC? • FEATURES OF NETWORK TRAFFIC ANALYSIS • NETWORK ANALYZERS • IMPORTANCE OF NETWORK TRAFFIC ANALYSIS • USE CASES FOR ANALYSING NETWORK TRAFFIC • WHAT TO LOOK FOR IN A NETWORK TRAFFIC ANALYSIS • NETWORK PROTOCOLS • ARCHITECTURE DIAGRAM • CONCLUSION
INTRODUCTION • Network traffic analysis have been the most spoken topic nowadays. • Network traffic analysis techniques allow the traffic at particular points on a network to be recorded displayed in useful form and analyzed. • Traffic can be monitored at the network boundary on specific segments at particular interfaces. • Network traffic analysis can easily be detected using various network analyzers.
WHAT IS CYBER SECURITY? •Computer technology security, cybersecurity or information security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. •Cyber security is the application of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber attacks. •It aims to reduce the risk of cyber attacks and protect against the unauthorised exploitation of systems, networks and technologies. •Cybersecurity is important because it protects all categories of data from theft and damage.
WHAT IS NETWORK TRAFFIC ANALYSIS? •Network traffic analysis (NTA) is a method of monitoring network availability and activity to identify anomalies, including security and operational issues. •Common use cases for NTA include: Collecting a real-time and historical record of what's happening on your network. Detecting malware such as ransomware activity. •Network traffic analysis is primarily done to get in-depth insight into what type of traffic/network packets or data is flowing through a network.
NEED OF NETWORK TRAFFIC ANALYSIS • Gain special knowledge about the network • Investigate and troubleshoot abnormal behaviour -Abnormal packets -Network slow performance 1. congestion 2. Retransmission -Unexpected traffic -Broken applications -Load balancer issues
• Network forensenics -Collecting evidence -Incident Handling -Tracing attacks -Linking infected hosts -Determining patient zero • Stealing Sensitive information • Pen-testing • Developing IPS/IDS signatures • Troubleshoot problems • Analyse the performance of network sections to identify bottlenecks
• Network intrusion detection • Logging network traffic for forsenic evidence • Analysing the operation of network applications • Tracing the source of DoS attack • Detecting spyware and compromised hosts possibly a botnet member • To capture clear-text usernames and passwords and those which are trivially encrypted • To passively map a network • To passively fingerprint the OS of network hosts • To capture other confidential information
HOW TO SOLVE NETWORK TRAFFIC? • Identify what applications/protocols are running on the network • Identify bandwidth hogs down to a user, application or device level • Monitor client to server network traffic • Troubleshoot network & application performance issues
FEATURES OF NETWORK TRAFFIC ANALYSIS • Broad Visibility • Whether the network communications in question are traditional TCP/IP style packets, virtual network traffic crossing from a vSwitch, traffic from and within cloud workloads, API calls to SaaS applications, or serverless computing instances, NTA tools have the ability to monitor and analyze a broad variety of communications in real-time. • Encrypted Traffic Analysis With over 70 percent of web traffic encrypted, organizations need an accessible method for decrypting their network traffic without disrupting data privacy implications. NTA solutions deliver on this challenge by enabling security professionals to uncover network threats by analyzing the full payload without actually peeking into it.
• Entity Tracking NTA products offer the ability to track and profile all entities on a network, including the devices, users, applications, destinations, and more. Machine learning and analytics then attribute the behaviors and relationships to the named entities, providing infinitely more value to organizations than a static list of IP addresses. • Detection and Response Because NTA tools attribute behaviors to entities, ample context is available for detection and response workflows. This means security professionals no longer need to sift through multiple data sources such as DHCP and DNS logs, configuration management databases and directory service infrastructure in an attempt to gain comprehensive visibility. Instead, they can quickly detect anomalies, decisively track them down, determine the root cause and react accordingly.
• Comprehensive Baseline To keep up with ever-changing modern IT environments, NTA solutions track behaviors that are unique to an entity or a small number of entities in comparison to the bulk of entities in an environment. The underlying data is available immediately and NTA machine learning baselines evolve in real-time as behaviors change. Also, with entity tracking capabilities, NTA baselines are even more comprehensive as they can understand the source and destination entities, in addition to traffic patterns. For instance, what might be normal for a workstation is not normal for a server or IP phone or camera.
NETWORK ANALYZERS • Wireshark • NMAP cli and gui • Network Associates Sniffer • TCP Dump based basic command line utility (UNIX) • Windows Network Monitor included with windows server Oss • Snort • Dsniff • Ettercap
IMPORTANCE OF NETWORK TRAFFIC ANALYSIS • Keeping a close eye on your network perimeter is always good practice. Even with strong firewalls in place, mistakes can happen and rogue traffic could get through. • Users could also leverage methods such as tunneling, external anonymizers, and VPNs to get around firewall rules. • A network monitoring solution should be able to detect activity indicative of ransomware attacks via insecure protocols. Take WannaCry, for example, where attackers actively scanned for networks with TCP port 445 open, and then used a vulnerability in SMBv1 to access network file shares.
• Remote Desktop Protocol (RDP) is another commonly targeted application. Make sure you block any inbound connection attempts on your firewall. • Monitoring traffic inside your firewalls allows you to validate rules, gain valuable insight, and can also be used as a source of network traffic-based alerts. • Monitoring traffic inside your firewalls allows you to validate rules, gain valuable insight, and can also be used as a source of network traffic-based alerts.
• CLI strings may reveal login procedures, presentation of user credentials, commands to display boot or running configuration, copying files, and more. • Be sure to check your network data for any devices running unencrypted management protocols, such as: • Telnet • Hypertext Transport Protocol (HTTP, port 80) • Simple Network Management Protocol (SNMP, ports 161/162) • Cisco Smart Install (SMI port 4786)
USECASES FOR ANALYZING NETWORK TRAFFIC • Detection of ransomware activity • Monitoring data exfiltration/internet activity • Monitor access to files on file servers or MSSQL databases • Track a user’s activity on the network, though User Forensics reporting • Provide an inventory of what devices, servers and services are running on the network • Highlight and identity root cause of bandwidth peaks on the network • Provide real-time dashboards focusing on network and user activity • Generate network activity reports for management and auditors for any time period
WHAT TO LOOK FOR IN A NETWORK TRAFFIC ANALYSIS • Not all tools for monitoring network traffic are the same. Generally, they can be broken down into two types: flow-based tools and deep packet inspection (DPI) tools. • Within these tools you’ll have options for software agents, storing historical data, and intrusion detection systems. • When evaluating which solution is right for your organization, consider these five things:
1. Availability of flow-enabled devices 2. The data source 3. The points on the network 4. Real-time data vs. historical data 5. Full packet capture, cost and complexity
NETWORK PROTOCOLS • There are totally 7 layers of protocols for analyzing network traffic
ARCHITECTURE DIAGRAM
CONCLUSION • Network traffic analysis is an essential way to monitor network availability and activity to identify anomalies, maximize performance, and keep an eye out for attacks. • Alongside log aggregation, UEBA, and endpoint data, network traffic is a core piece of the comprehensive visibility and security analysis to discover threats early and extinguish them fast. • When choosing a NTA solution, consider the current blind spots on your network, the data sources you need information from, and the critical points on the network where they converge for efficient monitoring. With NTA added as a layer to your security information and event management (SIEM) solution, you’ll gain visibility into even more of your environment and your users.
FUTURE SCOPE • This can be further enhanced to • Fault management • Alerts and Threshold • Windows event log monitoring • Traffic management • Network Security • Network scheduling
Optimize Network Security with Traffic Analysis & Cyber Protection

Recommended

Physical and Logical Clocks
Physical and Logical ClocksPhysical and Logical Clocks
Physical and Logical ClocksDilum Bandara
 
Distributed Systems Real Life Applications
Distributed Systems Real Life ApplicationsDistributed Systems Real Life Applications
Distributed Systems Real Life ApplicationsAman Srivastava
 
Introduction to Distributed System
Introduction to Distributed SystemIntroduction to Distributed System
Introduction to Distributed SystemSunita Sahu
 
Traditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeTraditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeDhrumil Panchal
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemMohit Belwal
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Clock Synchronization (Distributed computing)
Clock Synchronization (Distributed computing)Clock Synchronization (Distributed computing)
Clock Synchronization (Distributed computing)Sri Prasanna
 

Recommended

Physical and Logical Clocks
Physical and Logical ClocksPhysical and Logical Clocks
Physical and Logical ClocksDilum Bandara
 
Distributed Systems Real Life Applications
Distributed Systems Real Life ApplicationsDistributed Systems Real Life Applications
Distributed Systems Real Life ApplicationsAman Srivastava
 
Introduction to Distributed System
Introduction to Distributed SystemIntroduction to Distributed System
Introduction to Distributed SystemSunita Sahu
 
Traditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeTraditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeDhrumil Panchal
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemMohit Belwal
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Clock Synchronization (Distributed computing)
Clock Synchronization (Distributed computing)Clock Synchronization (Distributed computing)
Clock Synchronization (Distributed computing)Sri Prasanna
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Lecture6 introduction to data streams
Lecture6 introduction to data streamsLecture6 introduction to data streams
Lecture6 introduction to data streamshktripathy
 
Intruders
IntrudersIntruders
IntrudersDr.Florence Dayana
 
Congestion control
Congestion controlCongestion control
Congestion controlAman Jaiswal
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
Google File System
Google File SystemGoogle File System
Google File Systemguest2cb4689
 
Database security
Database securityDatabase security
Database securitySoftware Engineering
 
Global state recording in Distributed Systems
Global state recording in Distributed SystemsGlobal state recording in Distributed Systems
Global state recording in Distributed SystemsArsnet
 
udp , tcp ,sctp
udp , tcp ,sctpudp , tcp ,sctp
udp , tcp ,sctpAKSHIT KOHLI
 
Artificial Intelligence in Computer Networks
Artificial Intelligence in Computer NetworksArtificial Intelligence in Computer Networks
Artificial Intelligence in Computer NetworksAbdullah Khosa
 
Introduction to Parallel and Distributed Computing
Introduction to Parallel and Distributed ComputingIntroduction to Parallel and Distributed Computing
Introduction to Parallel and Distributed ComputingSayed Chhattan Shah
 
WSN IN IOT
WSN IN IOTWSN IN IOT
WSN IN IOTskumartarget
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysisBikrant Gautam
 
Design issues of dos
Design issues of dosDesign issues of dos
Design issues of dosvanamali_vanu
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
Basics of Network Traffic Management
Basics of Network Traffic ManagementBasics of Network Traffic Management
Basics of Network Traffic ManagementPuneet Bawa
 
Hybrid wireless protocols
Hybrid wireless protocolsHybrid wireless protocols
Hybrid wireless protocolsMuhammad Mustafa
 
Data Streaming For Big Data
Data Streaming For Big DataData Streaming For Big Data
Data Streaming For Big DataSeval Çapraz
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolIssar Kapadia
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensicsAnpumathews
 

More Related Content

What's hot

Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Lecture6 introduction to data streams
Lecture6 introduction to data streamsLecture6 introduction to data streams
Lecture6 introduction to data streamshktripathy
 
Congestion control
Congestion controlCongestion control
Congestion controlAman Jaiswal
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
Google File System
Google File SystemGoogle File System
Google File Systemguest2cb4689
 
Global state recording in Distributed Systems
Global state recording in Distributed SystemsGlobal state recording in Distributed Systems
Global state recording in Distributed SystemsArsnet
 
Artificial Intelligence in Computer Networks
Artificial Intelligence in Computer NetworksArtificial Intelligence in Computer Networks
Artificial Intelligence in Computer NetworksAbdullah Khosa
 
Introduction to Parallel and Distributed Computing
Introduction to Parallel and Distributed ComputingIntroduction to Parallel and Distributed Computing
Introduction to Parallel and Distributed ComputingSayed Chhattan Shah
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysisBikrant Gautam
 
Design issues of dos
Design issues of dosDesign issues of dos
Design issues of dosvanamali_vanu
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
Basics of Network Traffic Management
Basics of Network Traffic ManagementBasics of Network Traffic Management
Basics of Network Traffic ManagementPuneet Bawa
 
Data Streaming For Big Data
Data Streaming For Big DataData Streaming For Big Data
Data Streaming For Big DataSeval Çapraz
 

What's hot (20)

Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
Lecture6 introduction to data streams
Lecture6 introduction to data streamsLecture6 introduction to data streams
Lecture6 introduction to data streams
 
Intruders
IntrudersIntruders
Intruders
 
Congestion control
Congestion controlCongestion control
Congestion control
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networks
 
Google File System
Google File SystemGoogle File System
Google File System
 
Database security
Database securityDatabase security
Database security
 
Global state recording in Distributed Systems
Global state recording in Distributed SystemsGlobal state recording in Distributed Systems
Global state recording in Distributed Systems
 
udp , tcp ,sctp
udp , tcp ,sctpudp , tcp ,sctp
udp , tcp ,sctp
 
Artificial Intelligence in Computer Networks
Artificial Intelligence in Computer NetworksArtificial Intelligence in Computer Networks
Artificial Intelligence in Computer Networks
 
Introduction to Parallel and Distributed Computing
Introduction to Parallel and Distributed ComputingIntroduction to Parallel and Distributed Computing
Introduction to Parallel and Distributed Computing
 
WSN IN IOT
WSN IN IOTWSN IN IOT
WSN IN IOT
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysis
 
Design issues of dos
Design issues of dosDesign issues of dos
Design issues of dos
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Basics of Network Traffic Management
Basics of Network Traffic ManagementBasics of Network Traffic Management
Basics of Network Traffic Management
 
Hybrid wireless protocols
Hybrid wireless protocolsHybrid wireless protocols
Hybrid wireless protocols
 
Data Streaming For Big Data
Data Streaming For Big DataData Streaming For Big Data
Data Streaming For Big Data
 

Similar to Optimize Network Security with Traffic Analysis & Cyber Protection

Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolIssar Kapadia
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensicsAnpumathews
 
Dist sniffing & scanning project
Dist sniffing & scanning projectDist sniffing & scanning project
Dist sniffing & scanning projectRishu Seth
 
Minimizing Information Transparency
Minimizing Information TransparencyMinimizing Information Transparency
Minimizing Information TransparencyUsman Arshad
 
infoAssurance (1).pptx
infoAssurance (1).pptxinfoAssurance (1).pptx
infoAssurance (1).pptxStevenJoeBiago
 
Network Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxNetwork Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxArifinChowdhury2
 
1. Network monitoring and measurement-2.ppt
1. Network monitoring and measurement-2.ppt1. Network monitoring and measurement-2.ppt
1. Network monitoring and measurement-2.pptFarid Er
 
Deep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotDeep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotServicePilot
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewallsDivya Jyoti
 
Barsamian alexander-identifying-network-users
Barsamian alexander-identifying-network-usersBarsamian alexander-identifying-network-users
Barsamian alexander-identifying-network-usersProQSys
 
HSB15 - Pavel Minarik - INVEATECH
HSB15 - Pavel Minarik - INVEATECHHSB15 - Pavel Minarik - INVEATECH
HSB15 - Pavel Minarik - INVEATECHSplend
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewChristine MacDonald
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.pptAssadLeo1
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Mouaz Alnouri
 
98 366 mva slides lesson 8
98 366 mva slides lesson 898 366 mva slides lesson 8
98 366 mva slides lesson 8suddenven
 

Similar to Optimize Network Security with Traffic Analysis & Cyber Protection (20)

Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection tool
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensics
 
Dist sniffing & scanning project
Dist sniffing & scanning projectDist sniffing & scanning project
Dist sniffing & scanning project
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
 
Minimizing Information Transparency
Minimizing Information TransparencyMinimizing Information Transparency
Minimizing Information Transparency
 
infoAssurance (1).pptx
infoAssurance (1).pptxinfoAssurance (1).pptx
infoAssurance (1).pptx
 
Network Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxNetwork Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptx
 
1. Network monitoring and measurement-2.ppt
1. Network monitoring and measurement-2.ppt1. Network monitoring and measurement-2.ppt
1. Network monitoring and measurement-2.ppt
 
Deep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotDeep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilot
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewalls
 
Barsamian alexander-identifying-network-users
Barsamian alexander-identifying-network-usersBarsamian alexander-identifying-network-users
Barsamian alexander-identifying-network-users
 
HSB15 - Pavel Minarik - INVEATECH
HSB15 - Pavel Minarik - INVEATECHHSB15 - Pavel Minarik - INVEATECH
HSB15 - Pavel Minarik - INVEATECH
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration Review
 
Chapter09
Chapter09Chapter09
Chapter09
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
 
Network Bandwidth management - Mumbai Seminar
Network Bandwidth management - Mumbai SeminarNetwork Bandwidth management - Mumbai Seminar
Network Bandwidth management - Mumbai Seminar
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.ppt
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021
 
98 366 mva slides lesson 8
98 366 mva slides lesson 898 366 mva slides lesson 8
98 366 mva slides lesson 8
 

Recently uploaded

DAKSHIN BIHAR GRAMIN BANK: REDEFINING THE DIGITAL BANKING EXPERIENCE WITH A U...
DAKSHIN BIHAR GRAMIN BANK: REDEFINING THE DIGITAL BANKING EXPERIENCE WITH A U...DAKSHIN BIHAR GRAMIN BANK: REDEFINING THE DIGITAL BANKING EXPERIENCE WITH A U...
DAKSHIN BIHAR GRAMIN BANK: REDEFINING THE DIGITAL BANKING EXPERIENCE WITH A U...Rishabh Aryan
 
Design principles on typography in design
Design principles on typography in designDesign principles on typography in design
Design principles on typography in designnooreen17
 
Call Girls in Ashok Nagar Delhi ✡️9711147426✡️ Escorts Service
Call Girls in Ashok Nagar Delhi ✡️9711147426✡️ Escorts ServiceCall Girls in Ashok Nagar Delhi ✡️9711147426✡️ Escorts Service
Call Girls in Ashok Nagar Delhi ✡️9711147426✡️ Escorts Servicejennyeacort
 
CREATING A POSITIVE SCHOOL CULTURE CHAPTER 10
CREATING A POSITIVE SCHOOL CULTURE CHAPTER 10CREATING A POSITIVE SCHOOL CULTURE CHAPTER 10
CREATING A POSITIVE SCHOOL CULTURE CHAPTER 10uasjlagroup
 
Unveiling the Future: Columbus, Ohio Condominiums Through the Lens of 3D Arch...
Unveiling the Future: Columbus, Ohio Condominiums Through the Lens of 3D Arch...Unveiling the Future: Columbus, Ohio Condominiums Through the Lens of 3D Arch...
Unveiling the Future: Columbus, Ohio Condominiums Through the Lens of 3D Arch...Yantram Animation Studio Corporation
 
Top 10 Modern Web Design Trends for 2025
Top 10 Modern Web Design Trends for 2025Top 10 Modern Web Design Trends for 2025
Top 10 Modern Web Design Trends for 2025Rndexperts
 
How to Empower the future of UX Design with Gen AI
How to Empower the future of UX Design with Gen AIHow to Empower the future of UX Design with Gen AI
How to Empower the future of UX Design with Gen AIyuj
 
Mookuthi is an artisanal nose ornament brand based in Madras.
Mookuthi is an artisanal nose ornament brand based in Madras.Mookuthi is an artisanal nose ornament brand based in Madras.
Mookuthi is an artisanal nose ornament brand based in Madras.Mookuthi
 
Design Portfolio - 2024 - William Vickery
Design Portfolio - 2024 - William VickeryDesign Portfolio - 2024 - William Vickery
Design Portfolio - 2024 - William VickeryWilliamVickery6
 
Call Girls Aslali 7397865700 Ridhima Hire Me Full Night
Call Girls Aslali 7397865700 Ridhima Hire Me Full NightCall Girls Aslali 7397865700 Ridhima Hire Me Full Night
Call Girls Aslali 7397865700 Ridhima Hire Me Full Nightssuser7cb4ff
 
办理(UC毕业证书)查尔斯顿大学毕业证成绩单原版一比一
办理(UC毕业证书)查尔斯顿大学毕业证成绩单原版一比一办理(UC毕业证书)查尔斯顿大学毕业证成绩单原版一比一
办理(UC毕业证书)查尔斯顿大学毕业证成绩单原版一比一z xss
 
group_15_empirya_p1projectIndustrial.pdf
group_15_empirya_p1projectIndustrial.pdfgroup_15_empirya_p1projectIndustrial.pdf
group_15_empirya_p1projectIndustrial.pdfneelspinoy
 
Business research proposal mcdo.pptxBusiness research proposal mcdo.pptxBusin...
Business research proposal mcdo.pptxBusiness research proposal mcdo.pptxBusin...Business research proposal mcdo.pptxBusiness research proposal mcdo.pptxBusin...
Business research proposal mcdo.pptxBusiness research proposal mcdo.pptxBusin...mrchrns005
 
Call Us ✡️97111⇛47426⇛Call In girls Vasant Vihar༒(Delhi)
Call Us ✡️97111⇛47426⇛Call In girls Vasant Vihar༒(Delhi)Call Us ✡️97111⇛47426⇛Call In girls Vasant Vihar༒(Delhi)
Call Us ✡️97111⇛47426⇛Call In girls Vasant Vihar༒(Delhi)jennyeacort
 
cda.pptx critical discourse analysis ppt
cda.pptx critical discourse analysis pptcda.pptx critical discourse analysis ppt
cda.pptx critical discourse analysis pptMaryamAfzal41
 
韩国SKKU学位证,成均馆大学毕业证书1:1制作
韩国SKKU学位证,成均馆大学毕业证书1:1制作韩国SKKU学位证,成均馆大学毕业证书1:1制作
韩国SKKU学位证,成均馆大学毕业证书1:1制作7tz4rjpd
 
Untitled presedddddddddddddddddntation (1).pptx
Untitled presedddddddddddddddddntation (1).pptxUntitled presedddddddddddddddddntation (1).pptx
Untitled presedddddddddddddddddntation (1).pptxmapanig881
 
办理学位证(TheAuckland证书)新西兰奥克兰大学毕业证成绩单原版一比一
办理学位证(TheAuckland证书)新西兰奥克兰大学毕业证成绩单原版一比一办理学位证(TheAuckland证书)新西兰奥克兰大学毕业证成绩单原版一比一
办理学位证(TheAuckland证书)新西兰奥克兰大学毕业证成绩单原版一比一Fi L
 
毕业文凭制作#回国入职#diploma#degree澳洲弗林德斯大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲弗林德斯大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree 毕业文凭制作#回国入职#diploma#degree澳洲弗林德斯大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲弗林德斯大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree ttt fff
 
办理(USYD毕业证书)澳洲悉尼大学毕业证成绩单原版一比一
办理(USYD毕业证书)澳洲悉尼大学毕业证成绩单原版一比一办理(USYD毕业证书)澳洲悉尼大学毕业证成绩单原版一比一
办理(USYD毕业证书)澳洲悉尼大学毕业证成绩单原版一比一diploma 1
 

Recently uploaded (20)

DAKSHIN BIHAR GRAMIN BANK: REDEFINING THE DIGITAL BANKING EXPERIENCE WITH A U...
DAKSHIN BIHAR GRAMIN BANK: REDEFINING THE DIGITAL BANKING EXPERIENCE WITH A U...DAKSHIN BIHAR GRAMIN BANK: REDEFINING THE DIGITAL BANKING EXPERIENCE WITH A U...
DAKSHIN BIHAR GRAMIN BANK: REDEFINING THE DIGITAL BANKING EXPERIENCE WITH A U...
 
Design principles on typography in design
Design principles on typography in designDesign principles on typography in design
Design principles on typography in design
 
Call Girls in Ashok Nagar Delhi ✡️9711147426✡️ Escorts Service
Call Girls in Ashok Nagar Delhi ✡️9711147426✡️ Escorts ServiceCall Girls in Ashok Nagar Delhi ✡️9711147426✡️ Escorts Service
Call Girls in Ashok Nagar Delhi ✡️9711147426✡️ Escorts Service
 
CREATING A POSITIVE SCHOOL CULTURE CHAPTER 10
CREATING A POSITIVE SCHOOL CULTURE CHAPTER 10CREATING A POSITIVE SCHOOL CULTURE CHAPTER 10
CREATING A POSITIVE SCHOOL CULTURE CHAPTER 10
 
Unveiling the Future: Columbus, Ohio Condominiums Through the Lens of 3D Arch...
Unveiling the Future: Columbus, Ohio Condominiums Through the Lens of 3D Arch...Unveiling the Future: Columbus, Ohio Condominiums Through the Lens of 3D Arch...
Unveiling the Future: Columbus, Ohio Condominiums Through the Lens of 3D Arch...
 
Top 10 Modern Web Design Trends for 2025
Top 10 Modern Web Design Trends for 2025Top 10 Modern Web Design Trends for 2025
Top 10 Modern Web Design Trends for 2025
 
How to Empower the future of UX Design with Gen AI
How to Empower the future of UX Design with Gen AIHow to Empower the future of UX Design with Gen AI
How to Empower the future of UX Design with Gen AI
 
Mookuthi is an artisanal nose ornament brand based in Madras.
Mookuthi is an artisanal nose ornament brand based in Madras.Mookuthi is an artisanal nose ornament brand based in Madras.
Mookuthi is an artisanal nose ornament brand based in Madras.
 
Design Portfolio - 2024 - William Vickery
Design Portfolio - 2024 - William VickeryDesign Portfolio - 2024 - William Vickery
Design Portfolio - 2024 - William Vickery
 
Call Girls Aslali 7397865700 Ridhima Hire Me Full Night
Call Girls Aslali 7397865700 Ridhima Hire Me Full NightCall Girls Aslali 7397865700 Ridhima Hire Me Full Night
Call Girls Aslali 7397865700 Ridhima Hire Me Full Night
 
办理(UC毕业证书)查尔斯顿大学毕业证成绩单原版一比一
办理(UC毕业证书)查尔斯顿大学毕业证成绩单原版一比一办理(UC毕业证书)查尔斯顿大学毕业证成绩单原版一比一
办理(UC毕业证书)查尔斯顿大学毕业证成绩单原版一比一
 
group_15_empirya_p1projectIndustrial.pdf
group_15_empirya_p1projectIndustrial.pdfgroup_15_empirya_p1projectIndustrial.pdf
group_15_empirya_p1projectIndustrial.pdf
 
Business research proposal mcdo.pptxBusiness research proposal mcdo.pptxBusin...
Business research proposal mcdo.pptxBusiness research proposal mcdo.pptxBusin...Business research proposal mcdo.pptxBusiness research proposal mcdo.pptxBusin...
Business research proposal mcdo.pptxBusiness research proposal mcdo.pptxBusin...
 
Call Us ✡️97111⇛47426⇛Call In girls Vasant Vihar༒(Delhi)
Call Us ✡️97111⇛47426⇛Call In girls Vasant Vihar༒(Delhi)Call Us ✡️97111⇛47426⇛Call In girls Vasant Vihar༒(Delhi)
Call Us ✡️97111⇛47426⇛Call In girls Vasant Vihar༒(Delhi)
 
cda.pptx critical discourse analysis ppt
cda.pptx critical discourse analysis pptcda.pptx critical discourse analysis ppt
cda.pptx critical discourse analysis ppt
 
韩国SKKU学位证,成均馆大学毕业证书1:1制作
韩国SKKU学位证,成均馆大学毕业证书1:1制作韩国SKKU学位证,成均馆大学毕业证书1:1制作
韩国SKKU学位证,成均馆大学毕业证书1:1制作
 
Untitled presedddddddddddddddddntation (1).pptx
Untitled presedddddddddddddddddntation (1).pptxUntitled presedddddddddddddddddntation (1).pptx
Untitled presedddddddddddddddddntation (1).pptx
 
办理学位证(TheAuckland证书)新西兰奥克兰大学毕业证成绩单原版一比一
办理学位证(TheAuckland证书)新西兰奥克兰大学毕业证成绩单原版一比一办理学位证(TheAuckland证书)新西兰奥克兰大学毕业证成绩单原版一比一
办理学位证(TheAuckland证书)新西兰奥克兰大学毕业证成绩单原版一比一
 
毕业文凭制作#回国入职#diploma#degree澳洲弗林德斯大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲弗林德斯大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree 毕业文凭制作#回国入职#diploma#degree澳洲弗林德斯大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲弗林德斯大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
 
办理(USYD毕业证书)澳洲悉尼大学毕业证成绩单原版一比一
办理(USYD毕业证书)澳洲悉尼大学毕业证成绩单原版一比一办理(USYD毕业证书)澳洲悉尼大学毕业证成绩单原版一比一
办理(USYD毕业证书)澳洲悉尼大学毕业证成绩单原版一比一
 

Optimize Network Security with Traffic Analysis & Cyber Protection

  • 1. NETWORK TRAFFIC ANALYSIS WITH CYBER SECURITY
  • 2. CONTENTS • INTRODUCTION • WHAT IS CYBER SECURITY? • WHAT IS NETWORK TRAFFIC ANALYSIS? • NEED OF NETWORK ANALYSIS • HOW TO SOLVE NETWORK NETWORK TRAFFIC? • FEATURES OF NETWORK TRAFFIC ANALYSIS • NETWORK ANALYZERS • IMPORTANCE OF NETWORK TRAFFIC ANALYSIS • USE CASES FOR ANALYSING NETWORK TRAFFIC • WHAT TO LOOK FOR IN A NETWORK TRAFFIC ANALYSIS • NETWORK PROTOCOLS • ARCHITECTURE DIAGRAM • CONCLUSION
  • 3. INTRODUCTION • Network traffic analysis have been the most spoken topic nowadays. • Network traffic analysis techniques allow the traffic at particular points on a network to be recorded displayed in useful form and analyzed. • Traffic can be monitored at the network boundary on specific segments at particular interfaces. • Network traffic analysis can easily be detected using various network analyzers.
  • 4. WHAT IS CYBER SECURITY? •Computer technology security, cybersecurity or information security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. •Cyber security is the application of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber attacks. •It aims to reduce the risk of cyber attacks and protect against the unauthorised exploitation of systems, networks and technologies. •Cybersecurity is important because it protects all categories of data from theft and damage.
  • 5. WHAT IS NETWORK TRAFFIC ANALYSIS? •Network traffic analysis (NTA) is a method of monitoring network availability and activity to identify anomalies, including security and operational issues. •Common use cases for NTA include: Collecting a real-time and historical record of what's happening on your network. Detecting malware such as ransomware activity. •Network traffic analysis is primarily done to get in-depth insight into what type of traffic/network packets or data is flowing through a network.
  • 6.
  • 7. NEED OF NETWORK TRAFFIC ANALYSIS • Gain special knowledge about the network • Investigate and troubleshoot abnormal behaviour -Abnormal packets -Network slow performance 1. congestion 2. Retransmission -Unexpected traffic -Broken applications -Load balancer issues
  • 8. • Network forensenics -Collecting evidence -Incident Handling -Tracing attacks -Linking infected hosts -Determining patient zero • Stealing Sensitive information • Pen-testing • Developing IPS/IDS signatures • Troubleshoot problems • Analyse the performance of network sections to identify bottlenecks
  • 9. • Network intrusion detection • Logging network traffic for forsenic evidence • Analysing the operation of network applications • Tracing the source of DoS attack • Detecting spyware and compromised hosts possibly a botnet member • To capture clear-text usernames and passwords and those which are trivially encrypted • To passively map a network • To passively fingerprint the OS of network hosts • To capture other confidential information
  • 10. HOW TO SOLVE NETWORK TRAFFIC? • Identify what applications/protocols are running on the network • Identify bandwidth hogs down to a user, application or device level • Monitor client to server network traffic • Troubleshoot network & application performance issues
  • 11. FEATURES OF NETWORK TRAFFIC ANALYSIS • Broad Visibility • Whether the network communications in question are traditional TCP/IP style packets, virtual network traffic crossing from a vSwitch, traffic from and within cloud workloads, API calls to SaaS applications, or serverless computing instances, NTA tools have the ability to monitor and analyze a broad variety of communications in real-time. • Encrypted Traffic Analysis With over 70 percent of web traffic encrypted, organizations need an accessible method for decrypting their network traffic without disrupting data privacy implications. NTA solutions deliver on this challenge by enabling security professionals to uncover network threats by analyzing the full payload without actually peeking into it.
  • 12. • Entity Tracking NTA products offer the ability to track and profile all entities on a network, including the devices, users, applications, destinations, and more. Machine learning and analytics then attribute the behaviors and relationships to the named entities, providing infinitely more value to organizations than a static list of IP addresses. • Detection and Response Because NTA tools attribute behaviors to entities, ample context is available for detection and response workflows. This means security professionals no longer need to sift through multiple data sources such as DHCP and DNS logs, configuration management databases and directory service infrastructure in an attempt to gain comprehensive visibility. Instead, they can quickly detect anomalies, decisively track them down, determine the root cause and react accordingly.
  • 13. • Comprehensive Baseline To keep up with ever-changing modern IT environments, NTA solutions track behaviors that are unique to an entity or a small number of entities in comparison to the bulk of entities in an environment. The underlying data is available immediately and NTA machine learning baselines evolve in real-time as behaviors change. Also, with entity tracking capabilities, NTA baselines are even more comprehensive as they can understand the source and destination entities, in addition to traffic patterns. For instance, what might be normal for a workstation is not normal for a server or IP phone or camera.
  • 14. NETWORK ANALYZERS • Wireshark • NMAP cli and gui • Network Associates Sniffer • TCP Dump based basic command line utility (UNIX) • Windows Network Monitor included with windows server Oss • Snort • Dsniff • Ettercap
  • 15. IMPORTANCE OF NETWORK TRAFFIC ANALYSIS • Keeping a close eye on your network perimeter is always good practice. Even with strong firewalls in place, mistakes can happen and rogue traffic could get through. • Users could also leverage methods such as tunneling, external anonymizers, and VPNs to get around firewall rules. • A network monitoring solution should be able to detect activity indicative of ransomware attacks via insecure protocols. Take WannaCry, for example, where attackers actively scanned for networks with TCP port 445 open, and then used a vulnerability in SMBv1 to access network file shares.
  • 16. • Remote Desktop Protocol (RDP) is another commonly targeted application. Make sure you block any inbound connection attempts on your firewall. • Monitoring traffic inside your firewalls allows you to validate rules, gain valuable insight, and can also be used as a source of network traffic-based alerts. • Monitoring traffic inside your firewalls allows you to validate rules, gain valuable insight, and can also be used as a source of network traffic-based alerts.
  • 17. • CLI strings may reveal login procedures, presentation of user credentials, commands to display boot or running configuration, copying files, and more. • Be sure to check your network data for any devices running unencrypted management protocols, such as: • Telnet • Hypertext Transport Protocol (HTTP, port 80) • Simple Network Management Protocol (SNMP, ports 161/162) • Cisco Smart Install (SMI port 4786)
  • 18.
  • 19.
  • 20. USECASES FOR ANALYZING NETWORK TRAFFIC • Detection of ransomware activity • Monitoring data exfiltration/internet activity • Monitor access to files on file servers or MSSQL databases • Track a user’s activity on the network, though User Forensics reporting • Provide an inventory of what devices, servers and services are running on the network • Highlight and identity root cause of bandwidth peaks on the network • Provide real-time dashboards focusing on network and user activity • Generate network activity reports for management and auditors for any time period
  • 21. WHAT TO LOOK FOR IN A NETWORK TRAFFIC ANALYSIS • Not all tools for monitoring network traffic are the same. Generally, they can be broken down into two types: flow-based tools and deep packet inspection (DPI) tools. • Within these tools you’ll have options for software agents, storing historical data, and intrusion detection systems. • When evaluating which solution is right for your organization, consider these five things:
  • 22. 1. Availability of flow-enabled devices 2. The data source 3. The points on the network 4. Real-time data vs. historical data 5. Full packet capture, cost and complexity
  • 23. NETWORK PROTOCOLS • There are totally 7 layers of protocols for analyzing network traffic
  • 25.
  • 26.
  • 27.
  • 28. CONCLUSION • Network traffic analysis is an essential way to monitor network availability and activity to identify anomalies, maximize performance, and keep an eye out for attacks. • Alongside log aggregation, UEBA, and endpoint data, network traffic is a core piece of the comprehensive visibility and security analysis to discover threats early and extinguish them fast. • When choosing a NTA solution, consider the current blind spots on your network, the data sources you need information from, and the critical points on the network where they converge for efficient monitoring. With NTA added as a layer to your security information and event management (SIEM) solution, you’ll gain visibility into even more of your environment and your users.
  • 29. FUTURE SCOPE • This can be further enhanced to • Fault management • Alerts and Threshold • Windows event log monitoring • Traffic management • Network Security • Network scheduling