With the rise of cloud computing and virtualization, today's computer networks are becoming more vulnerable and constantly evolving, bringing with them new risks and uncertainties. Long gone are the days of fun hacking, hackers are financially motivated and more sophisticated than ever. Some have formed hacker groups such as LulzSec and Anonymous to share experiences and work together. Information security professionals struggle to keep up by trying to use passive (to detect) and active (to block) network security tools. While vendors develop and provide network security tools in a timely manner to protect against the latest cyber threats, the implementation of these tools is an ongoing challenge for various reasons.In this series of publications, we will describe the most basic network security tools that combat cyber threats, discuss common deployment problems and how to solve them usingnetwork packet brokers .
Passive safety devices
Passive network security tools are used to monitor and analyze network traffic. These tools work with a copy of traffic received from SPAN ports, network traffic taps (TAPs), or network packet brokers (NPBs). Passive monitoring does not introduce time delays and additional service information into the network. Passive security features such as IDS, Network Forensics, NBA and NTA are widely used today.
Intrusion detection system (IDS)
(Intrusion Detection System - IDS) , ( ). IDS , VMware, Xen .
IDS โ (Intrusion Prevention System โ IPS). , , . IPS , , , IPS IDS . , IPS IDS , .
IDS ( IPS) Positive Technologies, , , Smart-Soft, Info Watch, Stonesoft, Trend Micro, Fortinet, Cisco, HP, IBM, Juniper, McAfee, Sourcefire, Stonesoft, Trend Micro, Check Point.
(Network Forensics)
() , , , , . , () , . , , .
โ MicroOLAP, , AccessData, NIKSUN, RSA (NetWitness), Solera Networks.
(NBA) (NTA)
( ) , . , ยซ ยป, , .
(Network Behavior Analysis - NBA) , , NetFlow (cFlow, sFlow, jFlow IPFIX), , . (Network Traffic Analysis - NTA) , . , , . NTA (SOC).
NBA NTA โ Positive Technologies, Kaspersky, Group-IB, , Arbor Networks, Lancope, Riverbed Awake, Cisco, Darktrace, ExtraHop Networks, LogRhythm, Flowmon, RSA, TDS .
- , , . ? , (NPB).
โ 1.
, , . .
SPAN- (TAP) . SPAN- , , , , ยซยป , . TAP , TAP . , , .
: , (IDS) (NBA), Network Forensics NTA. , SPAN-, TAP. TAP .
: , , TAP , ( , , , ) , .
โ 2.
. , , .
: (IDS) 10GbE. , IDS 40%. , .
: IDS 40% , . , , . , ( , , , , , ) IDS. , , , , .
โ 3. 1G
10- Ethernet (10GbE 10G) 2002 , 2007 . 10G . 40G/100G, 200G/400G.
, , 1G. 1 / , , 1G, 10G/40G/100G.
: . 1G 10G/40G/100G. 1G. .
: , ( ) 10G/40G/100G 1G. 1G ( ), .
, :
/;
/ ;
;
;
;
.
, , , , . , .