Automatic Network Protection Scenarios Using NetFlow

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F12%3A00058680" target="_blank" >RIV/00216224:14610/12:00058680 - isvavai.cz</a>

Výsledek na webu

<a href="http://www.cert.org/flocon/2012/presentations/krmicek-protection-scenarios.pdf" target="_blank" >http://www.cert.org/flocon/2012/presentations/krmicek-protection-scenarios.pdf</a>

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

Automatic Network Protection Scenarios Using NetFlow

Popis výsledku v původním jazyce

Protecting a computer network against various types of network attacks is becoming more difficult due to increasing speeds of current computer networks and due to new types of network threats appearing every day. NetFlow monitoring is used with advantageto inspect all incoming traffic and detect attacks against monitored networks. In this presentation we will describe five scenarios using NetFlow for an automatic protection of a local network: 1) NetFlow monitoring and remotely triggered black hole filtering; 2) NetFlow monitoring and firewalling; 3) NetFlow monitoring and phishing quarantine; 4) NetFlow monitoring and traffic shaping; and 5) NetFlow monitoring and counter-attacking. These scenarios will be illustrated using the example of an SSH brute force attack. Possibilities to use a hardware device for NetFlow monitoring and traffic filtering will be discussed and compared to software alternatives.

Název v anglickém jazyce

Automatic Network Protection Scenarios Using NetFlow

Popis výsledku anglicky

Protecting a computer network against various types of network attacks is becoming more difficult due to increasing speeds of current computer networks and due to new types of network threats appearing every day. NetFlow monitoring is used with advantageto inspect all incoming traffic and detect attacks against monitored networks. In this presentation we will describe five scenarios using NetFlow for an automatic protection of a local network: 1) NetFlow monitoring and remotely triggered black hole filtering; 2) NetFlow monitoring and firewalling; 3) NetFlow monitoring and phishing quarantine; 4) NetFlow monitoring and traffic shaping; and 5) NetFlow monitoring and counter-attacking. These scenarios will be illustrated using the example of an SSH brute force attack. Possibilities to use a hardware device for NetFlow monitoring and traffic filtering will be discussed and compared to software alternatives.

Druh

A - Audiovizuální tvorba

CEP obor

IN - Informatika

OECD FORD obor

—

Projekt

<a href="/cs/project/OVMASUN200801" target="_blank" >OVMASUN200801: CYBER ? Bezpečnost informačních a komunikačních systémů AČR - on line monitorování, vizualizace a filtrace paketů. Rozvoj schopností Computer Incident Response Capability v prostředí Cyber Defence.</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2012

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

ISBN

—

Místo vydání

—

Název nakladatele resp. objednatele

—

Verze

—

Identifikační číslo nosiče

—