TAILIEUCHUNG - Enriching Network Security Analysis with Time Travel

Competitors. Monitoring the network could be used for corporate research; for exam- ple, gathering info about how a company uses electricity, from which utility, and for what loads. The curious party could be a competing utility, or a manufacturer of more electrically efficient equipment. Human error. This can affect control system implementation (thus the need for com- missioning), key sharing, network administration, physical security, upgrades, flaws in software and hardware development, etc. . | Enriching Network Security Analysis with Time Travel Gregor Maier TU Berlin DT Labs Anja Feldmann TU Berlin DT Labs Robin Sommer ICSI LBNL Vern Paxson ICSI UC Berkeley Holger Dreger Siemens aG Corporate Technology Fabian Schneider TU Berlin DT Labs ABSTRACT In many situations it can be enormously helpful to archive the raw contents of a network traffic stream to disk to enable later inspection of activity that becomes interesting only in retrospect. We present a Time Machine TM for network traffic that provides such a capability. The TM leverages the heavy-tailed nature of network flows to capture nearly all of the likely-interesting traffic while storing only a small fraction of the total volume. An initial proof-of-principle prototype established the forensic value of such an approach contributing to the investigation of numerous attacks at a site with thousands of users. Based on these experiences a rearchitected implementation of the system provides flexible high-performance traffic stream capture indexing and retrieval including an interface between the TM and a real-time network intrusion detection system NIDS . The NIDS controls the TM by dynamically adjusting recording parameters instructing it to permanently store suspicious activity for offline forensics and fetching traffic from the past for retrospective analysis. We present a detailed performance evaluation of both stand-alone and joint setups and report on experiences with running the system live in high-volume environments. Categories and Subject Descriptors Computer-Communication Networks Network Operations - Network monitoring General Terms Measurement Performance Security Keywords Forensics Packet Capture Intrusion Detection 1. INTRODUCTION When investigating security incidents or trouble-shooting performance problems network packet traces especially those with full payload content can prove invaluable. Yet in many operational environments wholesale recording and retention of entire data .

• An ninh - Bảo mật
• Remote Access Clients
• Different Management Servers
• The Configuration File
• Configuring Gateways
• SecureClient Features
• Endpoint Security
• Endpoint Security VPN CLI
• công nghệ thông tin
• tin học
• microsoft office
• computer network
• internet
• Maintaining ISA Server
• Management Interface
• VPN server
• Integrated functionality
• Web caching
• Enhanced Performance