IT Infrastructure - PowerPoint PPT Presentation

1 / 88
About This Presentation
Title:

IT Infrastructure

Description:

Title: IT Infrastructure Author: Glenn Hsu Last modified by: Susan Yang Created Date: 12/8/2004 8:18:40 AM Document presentation format: – PowerPoint PPT presentation

Number of Views:101
Avg rating:3.0/5.0
Slides: 89
Provided by: Glen61
Category:

less

Transcript and Presenter's Notes

Title: IT Infrastructure


1
???????????
  • ???? ???? ???
  • 96? 11? 13?

2
????
  • 1. ??????
  • Viruses, Worms, Dos attack
  • 2.????????
  • Customer-based countermeasures
  • ISP-based countermeasures
  • 3. Detection Notification System
  • End-based, LAN-based, WAN-based (ISP)
  • 4. ??

3
1. ??????
  • ???????
  • Viruses
  • Large amount of program replication
  • Mail virus
  • Attached in email
  • Infect system by enduring user clicking the
    attached
  • Resend large amount of mail virus
  • Self-propagating programs,
  • Spread through toxic web page browsing

4
1.??????(cont.)
  • Worms
  • Self-propagating programs spread over Internet
  • Spread by scanning the network for vulnerable
    machines infecting them
  • Evolution of network worms
  • Spread through system vulnerability
  • CoRed (Jul 2001)
  • Spread through system vulnerability tftpd
  • Nimda, Nachi (Sep 2001)
  • Spread through system vulnerability mail virus
  • SoBig ( Aug 2003), MyDoom(jan 2004),Bagle (2004)
  • Spread through system vulnerability Toxic
    web-pages
  • Stanty (Dec 2004)

5
(No Transcript)
6
(No Transcript)
7
1.??????(cont.)
  • BotNet
  • Zombie army
  • Distributed through Irc (network chat room)
  • 6667/tcp
  • Dos attack
  • Slam well known web server (MicroSofts, Google,
    )
  • Flooding-based DDoS attack
  • Significant performance decline of network link
  • Identification thief
  • Spyware, Phishing (banks, ebay, paypal,

8
1.??????(cont.)
  • Technical Hackers
  • Show their skill
  • Technical Hackers Criminal gang
  • Enormous profits
  • The weak link in Internet Security
  • A significant population of Internet users are
    not adequately secure their desktops

9
2.????????
  • Where security countermeasures could be invoked
  • Customer-based countermeasures
  • ISP-based countermeasures
  • ISP core/edge/access routers

10
2.????????(cont.)
  • Customer-based countermeasures
  • Anti-virus software
  • Firewall, IDS
  • OS Vender s/w patch
  • Windows Update
  • Linux Up2date
  • S/W Venders Security Improvements
  • Desktop Vulnerability Checking
  • Firewall Secure ?? (Incorrect)

11
2.????????(cont.)
  • Why ISPs are uniquely positioned to help
  • John E.H. Clark (Feb 2003)
  • Traffic gateway
  • All traffic bw. Internet the customers desktop
    passes through ISPs access
  • Skilled network managers
  • Well organized network user information
  • High efficiency, wide range protection

12
2.????????(cont.)
  • ISP-based countermeasures
  • a) Measuring monitoring traffic
  • to/from customer
  • b) Bi-direction IPS at ISP access
  • 50 60 of junk attack traffic
  • c) Ingress address filtering at ISP access
  • In-line with the traffic being monitored
  • d) Users awareness training effort

13
3. Detection Notification System
  • Signature Detection
  • Packet payload
  • anomaly detection
  • Packet-based
  • Tcpdump (snooped over subnetworks)
  • Flow-based
  • Netfow (exported by router / switch)

14
3. Detection Notification System(cont.)
  • Our works
  • ??? /???????
  • ??,?????????????????,??????????????
  • flow?? ??
  • ?????
  • ????????????
  • ???????router Netflow ????
  • ??Flooding Detection System, FDS

15
3. Detection Notification System(cont.)
16
3. Detection Notification System(cont.)
  • PortScan????
  • ???????????PortScan flows,????????
  • ?????????????port number????????1024 65535.

17
3. Detection Notification System(cont.)
  • ??3?NetFlow????
  • (1)source IP ?? (src_IP)
  • (2)destina- tion???(dst_port)
  • (3)?TCP??
  • ?Feature-based??????
  • ??????? SYNFIN TCP handshaking
    ?????????????ports?source ??, ??Portscan????

18
3. Detection Notification System(cont.)
  • SMTP Flooding (Spam) ????
  • ??Portscan????
  • spam????
  • ??????SMTP (Simple Mail Transfer Ptorocol)???????
  • ??outbound????????
  • ??SMTP??????????

19
3. Detection Notification System(cont.)
  • Packet Flooding ????
  • ?????UDP/ICMP Flooding??
  • ???????????
  • ????routing??
  • ??source (src_IP) ?virtual flow
  • ???????source IP ???
  • ???UDP / ICMP Packet/ Byte/ Flow??
  • ???????DDoS??

20
3. Detection Notification System(cont.)
  • Flooding ????????
  • Feature-based????/????
  • ????source IP?????destination port?flow?,packet?,
    byte?,?mean packet size????,
  • Multi-thresholds??????
  • ?????source?????
  • flow sourcei,packet sourcei,
  • bytesourcei, pkt_sizesourcei
  • ???????TCP???????durationsourcei
  • ????????,???PortScan sources.

21
(No Transcript)
22
(No Transcript)
23
(No Transcript)
24
(No Transcript)
25
3. Detection Notification System(cont.)
  • Flooding ?????????
  • ?? ip_routing table
  • Router ipRoute SNMP MIB
  • ?????RWhois IP????????
  • ???????? ????

26
3. Detection Notification System(cont.)
  • Flooding ?????????(cont.)
  • ????router????routing
  • snmpwalk ipRouteMask (1.3.6.1.4.21.2.1.11)
  • snmpwalk ipRouteNextHop (1.3.6.1.4. 21.2.1.7)
  • ??/???? ip_routing ??
  • ????RWhois network schema???
  • ??NextHop ?????????
  • ???? IP??????
  • http//susan.tyc.edu.tw/yang/rwhois.php?ip140.11
    5.1.12

27
(No Transcript)
28
4. ??
  • Flooding????????(FDS)
  • aggregate router NetFlow????
  • ????PortScan, Spam? packet flooding????
  • ?? Rwhoisd IP ???????
  • ?????????????????
  • ?????????,??flooding??

29
4. ??(cont.)
  • ?????????
  • ??????????????????
  • portscan ?? (??????? ports)
  • Spam
  • packet flooding??
  • ???flooding ????
  • ???????????????
  • ?????????? flooding??

30
Thank You!
31
???? abuse????
  • ???? ???????
  • ???(center7_at_cc.ncu.edu.tw)

32
? ? ? ?
  • 1. abuse complaint ?????
  • 2. abuse????
  • 3. abuse????
  • 4. P2P traffic target system
  • http//163.25.255.22/yang/index_abuse_emule.php
  • http//163.25.255.22/yang/index_abuse_emule_port.
    php
  • 5.??

33
1.Abuse complain ?????
  • Abuse complaint ?????
  • ???? abuse complaint mail file
  • abuse_at_ncu.edu.tw (/var/mail/abuse)
  • ??/?? abuse ???
  • PortScan/Password crack (??????)
  • Spam (??/???)
  • Infringement (???????)
  • Phishing (????)
  • ???????,????????.

34
1.Abuse complain ?????(cont.)
  • ????????
  • ?? abuse_at_ncu.edu.tw mail file, ??/?? ?????
  • ?? dbacl(digramic Bayesian text classifier)
    ???????abuse type (spam, infringe, portscan,
    phish).
  • ?? target IP ??,?? IP, abuse ????
  • ? IP ?key,?? Rwhois Server, ?????
    emai.,?????????????.

35
1.Abuse complain ?????(cont.)
  • ????
  • ??????abuse?????????.
  • ?????????,?????????.
  • ?????
  • ??on-demand abuse??????.

36
(No Transcript)
37
2. abuse????
  • 93?(2004)
  • 94?(2005)
  • 95?(2006)
  • 96?(2007)

38
(No Transcript)
39
(No Transcript)
40
(No Transcript)
41
(No Transcript)
42
3.Abuse????
  • ???(Infringement)
  • ??? (Spam)
  • PortScan
  • Phishing

43
(No Transcript)
44
(No Transcript)
45
(No Transcript)
46
163.30..
47
4. Abuse ??????
  • URL
  • http//ayang.tyc.edu.tw/Tyc_Abuse/Tanet/summ_notif
    y.php
  • ???? abuse complaint ??
  • ?? ??,??
  • 96-01
  • 95-12

48
(No Transcript)
49
(No Transcript)
50
(No Transcript)
51
5. P2P traffic target system
  • Feature of P2Pmtraffic
  • Packet size (large packet)
  • Connections (many to many)
  • Duration (last longer)
  • Traffic volume (large amount)
  • URLs of Tyc P2P traffic statistic
  • http//163.25.255.22/yang/index_abuse_emule.php
  • http//163.25.255.22/yang/index_abuse_emule_port.
    php

52
(No Transcript)
53
(No Transcript)
54
6.??
  • ???????????
  • Technique
  • ?? Flood Detection system
  • ??? firewall, IDS
  • ???? firewall, antivirus package
  • Education end user
  • Protect PC from being exploited as stepping stone
  • Security policy
  • Management Support

55
5.??(cont.)
  • Putting an end to the dark side of network
  • Increase awareness
  • Education users
  • Implement organization policies
  • Use Technology to protect against these threats
  • Flooding Detection system

56
5.??(cont.)
  • ??????
  • ????????????
  • ??????????????
  • Content-based ????????
  • Mining
  • Detection

57
???????????
  • ???????? ???
  • 2007? 10? 8?

58
????
  • 1.????
  • 2.???? Trunk ?????
  • 3.?????????????
  • 4.??

59
1.????
  • ???????
  • Cost
  • 2 million per year
  • Performance
  • Trunk Traffic Statistics (MRTG?)
  • Ping (RTT?)
  • ?? firewall ??? ping traffic
  • User Sensitive Traffic Statistics
  • Delay for fetching png or pdf file
  • Cisco, hp, 3com, ubuntu

60
2. ???? Trunk ??
  • ??core router7609??????????
  • http//cygnus.cc.ncu.edu.tw/mrtg/7609/r7609_63.htm
    l
  • ???????????
  • http//cygnus.cc.ncu.edu.tw/mrtg/m160/m160_65.html
  • ?????TANET????
  • http//mrtg.moe.edu.tw/backbone/ncu_cht.html

61
??core router????????
62
???????????
63
?????TANET????
64
2. ???? Trunk ??(cont.)
  • TANET??????
  • http//mrtg.moe.edu.tw/internet/internet-pos-stm16
    .html
  • ?????????http//mrtg.ntcu.net/ntcu-6509/211.76.255
    .1_po8_1.html

65
TANET??????
66
?????????
67
3.??????????
  • ?????? http//bunny.tyc.edu.tw/Ncu/browse.jsp
  • NCU_Llink Collector
  • 140.115.11.131
  • TYC_Link
  • 163.25.254.7

68
3.??????????(cont.)
  • 2007-Aug 2007-Sep
  • 8/178/31, 9/19/30
  • 2007-Oct
  • 10/3 (NCTU_DORM??)
  • 10/9 (NCTU_DORM??)
  • 10/15 (TWGATE ??routing path)
  • 10/16 10/31

69
(No Transcript)
70
(No Transcript)
71
(No Transcript)
72
(No Transcript)
73
(No Transcript)
74
4. ?????
  • delay2.java
  • get()
  • main()
  • wget_stat.sh
  • crontab
  • Call delay2 routinely

75
public void get(String theUrl, String filename)
throws IOException theUrl_name
theUrl try URL gotoUrl
new URL(theUrl) InputStreamReader
isr new InputStreamReader(gotoUrl.openStream())
BufferedReader in new
BufferedReader(isr) StringBuffer sb
new StringBuffer() String
inputLine boolean isFirst true
//grab the contents at the URL
while ((inputLine in.readLine()) ! null)
sb.append(inputLine"\r\n")
//write it locally
createAFile(filename, sb.toString())
catch (MalformedURLException mue)
mue.printStackTrace()
catch (IOException ioe) throw ioe

76
public static void main(String args)
Date datenew Date() SimpleDateFormat
daynew SimpleDateFormat("MMdd")
SimpleDateFormat dfnew SimpleDateFormat("MMddHH")
// System.out.println(df.format(date))
String day_fileday.format(date)
String cur_hourdf.format(date) String
filename "/home/Ncu_Link/" day_file
try BufferedWriter out new
BufferedWriter(new FileWriter(filename, true))
out.write("\n Hour " cur_hour)
long elapsedtime System.currentTimeMillis()
out.write("\n From "
elapsedtime " msec. ") delay2
httpGetter new delay2()
httpGetter.get(args0, args1)
out.write("\n To " elapsedtime " msec.
") elapsedtime
System.currentTimeMillis() - elapsedtime
out.write("\n It takes " elapsedtime "
msec." theUrl_name "\n")
out.close() catch (Exception
ex) ex.printStackTrace()

77
!/bin/csh -f setenv CLASSPATH '.' set
batch_home/opt/apache-tomcat-6.0.14/webapps/ROOT/
Socket set flist/bin/ls batch_home/lib/.jar f
oreach name (flist) setenv CLASSPATH
CLASSPATHname end cd batch_home java
delay2 http//www.cisco.com/cdc_content_elements/i
mages/homepage/ ba_partnerLocato_blue.jpg
cisco.jpg java delay2 http//welcome.hp-ww.com/cou
ntry/us/en/img/n4_welcome/smb/ primary_smb_msg_730
.jpg hp.jpg java delay2 http//www.3com.com/other/
pdfs/solutions/en_US/3com_505403 -001.pdf
3com.pdf java delay2 http//www.ubuntu.com/themes/
ubuntu07/images/ubuntulogo.pn g ubuntu.png
78
Date 111900 It takes 922 msec.http//www.cisco.com
/cdc_content_elements/images/homepage/ba_ partnerL
ocato_blue.jpg Date 111900 It takes 1797
msec.http//welcome.hp-ww.com/country/us/en/img/n4
_welcome/smb/pr imary_smb_msg_730.jpg Date
111900 It takes 19266 msec.http//www.3com.com/oth
er/pdfs/solutions/en_US/3com_505403- 001.pdf Date
111900 It takes 1140 msec.http//www.ubuntu.com/t
hemes/ubuntu07/images/ubuntulogo.png Date 111904
It takes 1079 msec.http//www.cisco.com/cdc_conten
t_elements/images/homepage/ba _partnerLocato_blue.
jpg Date 111904 It takes 859 msec.http//welcome.
hp-ww.com/country/us/en/img/n4_welcome/smb/pri mar
y_smb_msg_730.jpg Date 111904 It takes 12203
msec.http//www.3com.com/other/pdfs/solutions/en_U
S/3com_505403-001.pdf Date 111904 It takes 1078
msec.http//www.ubuntu.com/themes/ubuntu07/images/
ubuntulogo.png
79
4. ????? (cont.)
  • LinkPerf.java
  • Extract the data recorded per 4 hours period
  • Aggregate the mean delay (msec)
  • Output to another file

80
1101Thu welcome.hp-ww.com774,
www.3com.com13443, www.cisco.com800,
www.ubuntu.com1115ltbrgt 1102Fri
welcome.hp-ww.com847, www.3com.com12825,
www.cisco.com815, www.ubuntu.com1025ltbrgt 1103
Sat welcome.hp-ww.com1074, www.3com.com13578,
www.cisco.com853, www.ubuntu.com1225ltbrgt 1104
Sun welcome.hp-ww.com672, www.3com.com15053,
www.cisco.com821, www.ubuntu.com1071ltbrgt 1105
Mon welcome.hp-ww.com824, www.3com.com13240,
www.cisco.com837, www.ubuntu.com1065ltbrgt
81
4. ????? (cont.)
  • Browse.jsp
  • Offer user to monitoring the aggregate data
    records
  • Times_both.jsp
  • Draw the time-series graph according to the
    aggregate data records
  • Call jfreechart libraries
  • jfreechart-1.0.6

82
lt_at_ page contentType "image/pngcharsetUTF-8"gt
lt_at_ page import"java.util.,java.io.,java.awt.,
java.text." gt lt_at_ page import
"org.jfree.chart.JFreeChart"gt lt_at_ page import
"org.jfree.chart.ChartRenderingInfo"gt lt_at_ page
import "org.jfree.chart.servlet.ServletUtilities"
gt lt_at_ page import "org.jfree.chart.entity.Standa
rdEntityCollection"gt lt_at_ page import
"org.jfree.chart.servlet.ServletUtilities"gt lt_at_
page import "org.jfree.chart.ChartUtilities"gt lt
_at_ page import "javax.servlet.ServletOutputStream"
gt lt_at_ page import"org.jfree.chart.ChartFactory"
gt lt_at_ page import"org.jfree.data.xy."gt lt_at_
page import"org.jfree.data.time."gt lt_at_ page
import"org.jfree.chart.axis." gt lt_at_ page
import"org.jfree.chart.ui." gt lt_at_ page
import"org.jfree.chart.plot."gt lt_at_ page
import"org.jfree.chart.renderer.xy."gt lt_at_ page
import"org.jfree.ui.ApplicationFrame" gt lt_at_
page import"org.jfree.ui.RefineryUtilities"gt lt_at_
page import"org.jfree.chart.title." gt lt_at_
page import"org.jfree.chart.servlet.ServletUtilit
ies" gt lt_at_ page import"org.jfree.chart.urls."
gt lt_at_ page import"org.jfree.chart.entity."
gt lt_at_ page import"org.jfree.chart.labels.Standar
dXYToolTipGenerator" gt lt TimeSeriesCollectio
n dataset new TimeSeriesCollection()
TimeSeries series1 new TimeSeries("NCU
-???????") TimeSeries series2 new
TimeSeries("TYC -TANET??????")
83
series1.add(new Day(1, 9, 2007), 13312)
series1.add(new Day(2, 9, 2007),
12880) series2.add(new Day(20, 10, 2007),
25573958) series2.add(new Day(21, 10, 2007),
25612666) // add the dataset
dataset.addSeries(series1)
dataset.addSeries(series2) //
dataset.setDomainIsPointsInTime(true) String
chartTitle "Delay of NCU / TYC Trunk (2007-Sep
Oct)" JFreeChart chart
ChartFactory.createTimeSeriesChart(
chartTitle, "??time", "Delay (msec)", dataset,
true, true, false ) chart.setBackgroundPaint
(java.awt.Color.white)
84
// plot XYPlot plot chart.getXYPlot()
XYItemRenderer renderer plot.getRenderer()
if (renderer instanceof XYLineAndShapeRenderer)
XYLineAndShapeRenderer rr
(XYLineAndShapeRenderer) renderer //
rr.setDefaultShapesVisible(true) //
rr.setDefaultShapesFilled(true)
DateAxis axis (DateAxis) plot.getDomainAxis()
axis.setDateFormatOverride(new
SimpleDateFormat("dd")) chart.setBackgroundP
aint(java.awt.Color.white) OutputStream
ostream response.getOutputStream()
ChartUtilities.writeChartAsPNG(ostream, chart,
700, 400) ostream.close() gt
85
(No Transcript)
86
5.??
  • Tyc_Link/Ncu_Link????????
  • ?? JAVA /JSP ??
  • (1)????,?????JAVA
  • population resources???.
  • (2)??JAVA,JSP?K ?,???????.
  • ???????? Socket, File, regex( pattern, match,
    scanner)
  • ???????,???.

87
5.??(cont.)
  • ?? Jfreechart
  • Time series chart
  • Bar chart
  • Pie chart
  • ????, ??????????

88
Thank You!
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "IT Infrastructure" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!