A useful oversimplification for network surveillance?
Nicolas FISCHBACH
nicolist at securite.org
Tue Aug 30 22:56:09 UTC 2005
Howard C. Berkowitz wrote:
>
> I'm developing some guidance for ISP surveillance for infrastructure
> attacks, and my increasing impression is that for other than the expert
> level, there may be some useful simplifications of the applicability of
> tools. Remember that I am speaking of surveillance here, not the
> detailed analysis in a sinkhole. Perhaps this could be the basis of
> some security architecture presentations/tutorials at NANOG.
Have a look at these two presentations, the first covers most of the
items you listed, the second one, while more enterprise-oriented also
applies to large SP management networks.
"Building an Early Warning System in a Service Provider Network"
http://www.securite.org/presentations/secip/BHEU2004-NF-SP-EWS-v11.ppt
http://www.securite.org/presentations/secip/BHEU2004-NF-SP-EWS-v11.zip (PDF)
"Network flows and Security"
http://www.securite.org/presentations/secip/BHEU2005-NetflowSecurity-NF-v101.ppt
http://www.securite.org/presentations/secip/BHEU2005-NetflowSecurity-NF-v101.pdf
Nico.
--
Nicolas FISCHBACH (nico at securite.org) <http://www.securite.org/nico/>
Senior Manager - IP Engineering/Security - COLT Telecom
Securite.Org Team - http://www.securite.org/
More information about the NANOG
mailing list