tailieunhanh - Practical Network Security: Experiences with ntop
Security is a broadly used term encompassing the characteristics of authentication, integrity, privacy, non- repudiation, and anti-playback. In the case of our sensor network the security requirements are comprised of authentication, integrity, privacy (or confidentiality) and anti-playback. The recipient of a message needs to be able to be unequivocally assured that the message came from its stated source. Similarly, the recipient needs to be assured that the message was not altered in transit and that it is not an earlier message being re-played in order to veil the current environment. Finally, all communications need to be kept private so that eavesdroppers can- not intercept, study and. | Practical Network Security Experiences with ntop Luca Deri 1 2 and Stefano Suin2 1Finsiel . Via Matteucci 34 b 56124 Pisa. Email 2Centro Serra University of Pisa Lungarno Pacinotti 43 Pisa Italy. Email deri stefano @ As networks become large and heterogeneous network administrators need efficient tools for monitoring network activities and enforcing global security. In open environments such as universities and research organisations it is rather difficult to prevent access to core network resources without restricting user s freedom. Ntop is an open-source web-based traffic measurement and monitoring application written by the authors and widely used over the Internet. This paper shows how ntop can also be effectively used for network security as it is able to identify potential intruders and security flaws as well as discover misconfigured or faulty applications that generate suspicious traffic. Keywords traffic monitoring network security intrusion detection TCP IP. 1. Introduction Early in 1997 the Centro Serra responsible for providing network services to the whole University of Pisa needed an application for monitoring relevant network activities flowing across the campus backbone. Traditional Unix tools for testing basic connectivity problems as well as network sniffers such as tcpdump 1 or snoop were not considered sufficient. These tools are very powerful for tracking network traffic but they need off-line tools for better analysing and correlating captured data as well as identifying security violations. Other tools for network monitoring such as RMON 30 probes and NeTraMet 2 offer advanced programming languages for analysing network flows and building statistical event records. Unfortunately these tools have been designed for analysing well known network flows whereas it is not always easy to guess what network resources will be attacked. Beside some exceptions such as NFR Network Flight Recorder 3 many security tools .
đang nạp các trang xem trước