about-core

Monitoring, Detection and Reporting of Security Incidents in CESNET NREN

Network anomalies and incidents are no longer exceptions in current networks. These undesirable activities may influence the network itself or its services. Naturally, the goal of a network operator is to reveal all threatening activities and handle them accordingly. A suitable monitoring infrastructure plays a key role in such a process. The monitoring infrastructure provides informative data about the traffic. An analysis of this data may help revealing anomalies while storage of this data allows to track and diagnose a cause of the observed incidents retrospectively. The presentation deals with a deployment of the research monitoring infrastructure in CESNET2 network. It describes an architecture consisting of metering points as well as of collectors and data analysis. The results demonstrate that the deployed infrastructure provides wide scale insight on the behavior of ingress and egress network traffic.

Speakers

Authors

  • Vaclav Bartos
  • Pavel Celeda
  • Tomas Kreuzwieser
  • Viktor Pus
  • Petr Velan

Part of session

Security management

Related documents