A useful oversimplification for network surveillance?

• Previous message (by thread): A useful oversimplification for network surveillance?
• Next message (by thread): Completely off-topic: Sprint Nextel's new logo ....
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Howard C. Berkowitz wrote:
> 
> I'm developing some guidance for ISP surveillance for infrastructure 
> attacks, and my increasing impression is that for other than the expert 
> level, there may be some useful simplifications of the applicability of 
> tools. Remember that I am speaking of surveillance here, not the 
> detailed analysis in a sinkhole.  Perhaps this could be the basis of 
> some security architecture presentations/tutorials at NANOG.

Have a look at these two presentations, the first covers most of the
items you listed, the second one, while more enterprise-oriented also
applies to large SP management networks.

"Building an Early Warning System in a Service Provider Network"
  http://www.securite.org/presentations/secip/BHEU2004-NF-SP-EWS-v11.ppt
  http://www.securite.org/presentations/secip/BHEU2004-NF-SP-EWS-v11.zip (PDF)

"Network flows and Security"
  http://www.securite.org/presentations/secip/BHEU2005-NetflowSecurity-NF-v101.ppt
  http://www.securite.org/presentations/secip/BHEU2005-NetflowSecurity-NF-v101.pdf

Nico.
-- 
Nicolas FISCHBACH (nico at securite.org) <http://www.securite.org/nico/>
Senior Manager - IP Engineering/Security - COLT Telecom
Securite.Org Team - http://www.securite.org/

• Previous message (by thread): A useful oversimplification for network surveillance?
• Next message (by thread): Completely off-topic: Sprint Nextel's new logo ....
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]