Total Visibility 111 What Is Meant by ‘Telemetry’? Te·lem·e·try— a technology that allows...

download Total Visibility 111 What Is Meant by ‘Telemetry’? Te·lem·e·try— a technology that allows the remote measurement and reporting of information of interest.

If you can't read please download the document

TAGS:

Transcript of Total Visibility 111 What Is Meant by ‘Telemetry’? Te·lem·e·try— a technology that allows...

  • Slide 1
  • Slide 2
  • Total Visibility 111
  • Slide 3
  • What Is Meant by Telemetry? Telemetry a technology that allows the remote measurement and reporting of information of interest to the system designer or operator. The word is derived from Greek roots tele = remote, and metron = measure
  • Slide 4
  • Check List Check SNMP. Is there more you can do with it to pull down security information? Check RMON. Can you use it? Check Netflow. Are you using it, can you pull down more? Check Passive DNS See addendum for lots of links.
  • Slide 5
  • Holistic Approach to System-Wide Telemetry Cardiologist Ophthalmologist Neurologist Nephrologist Hematologist Podiatrist Holistic Approach to Patient Care Uses a system-wide approach, coordinating with various specialists, resulting in the patients better overall health and wellbeing.
  • Slide 6
  • Holistic Approach to System-Wide Telemetry Data Center: Inter as well as Intra Data Center traffic Customer Edge: Shared resources and services should be available Core: Performance must not be affected SP Peering: Ability to trace through asymmetric trafficAbility to trace through asymmetric traffic P P P P PE P P PE(s) L2 Agg. Broadband, Wireless (3G, 802.11), Ethernet, FTTH, Leased Line, ATM, Frame- Relay CPE(s) P P Data/Service Center CPE/ACCESS/AGGREGATION CORE PEERING DATA/SVC Center ISP / Alt. Carrier Listen
  • Slide 7
  • Source: University of Wisconsin Open Source Tools for NetFlow Analysis Visualization FlowScan Investigate the spike An identified cause of the outage
  • Slide 8
  • Source: UNINETT NetFlow - Stager
  • Slide 9
  • Source: http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/ Other Visualization Techniques Using SNMP Data with RRDTool Anomaly for DNS Queries Thruput Spike RTT Spike
  • Slide 10
  • Source: http://www.ntop.org Displaying RMONntop Examples Detailed Analysis i.e. TTL
  • Slide 11
  • BGP ExampleSQL Slammer
  • Slide 12
  • Correlating NetFlow and Routing Data Matching data collected from different tools
  • Slide 13
  • Syslog De facto logging standard for hosts, network infrastructure devices, supported in all most routers and switches Many levels of logging detail availablechoose the level(s) which are appropriate for each device/situation Logging of ACLs is generally contraindicated due to CPU overheadNetFlow provides more info, doesnt max the box Can be used in conjunction with Anycast and databases such as MySQL (http://www.mysql.com) to provide a scalable, robust logging infrastructurehttp://www.mysql.com Different facility numbers allows for segregation of log info based upon device type, function, other criteria Syslog-ng from http://www.balabit.com/products/syslog_ng/ adds a lot of useful functionalityHOW-TO located at http://www.campin.net/newlogcheck.html http://www.balabit.com/products/syslog_ng/ http://www.campin.net/newlogcheck.html
  • Slide 14
  • Benefits of Deploying NTP Very valuable on a global network with network elements in different time zones Easy to correlate data from a global or a sizable network with a consistent time stamp NTP based timestamp allows to trace security events for chronological forensic work Any compromise or alteration is easy to detect as network elements would go out of sync with the main clock Did you there is an NTP MIB? Some think that we may be able to use NTP Jitter to watch what is happening in the network.
  • Slide 15
  • Source: http://www.ethereal.comhttp://www.ethereal.com Packet Capture Examples Wealth of information, L1-L7 raw data for analysis
  • Slide 16
  • Total Visibility Addendum 15
  • Slide 17
  • NetFlowMore Information Cisco NetFlow Home http://www.cisco.com/warp/public/732/Te ch/nmp/netflow Linux NetFlow Reports HOWTO http://www.linuxgeek.org/netflow- howto.php Arbor Networks Peakflow SP http://www.arbornetworks.com/products_ sp.php http://www.arbornetworks.com/products_ sp.php
  • Slide 18
  • More Information about SNMP Cisco SNMP Object Tracker http://www.cisco.com/pcgi- bin/Support/Mibbrowser/mibinfo.pl?tab=4 http://www.cisco.com/pcgi- bin/Support/Mibbrowser/mibinfo.pl?tab=4 Cisco MIBs and Trap Definitions http://www.cisco.com/public/sw- center/netmgmt/cmtk/mibs.shtml http://www.cisco.com/public/sw- center/netmgmt/cmtk/mibs.shtml SNMPLinkhttp://www.snmplink.org/ SEC-1101/2102 give which SNMP parameters should be looked at.
  • Slide 19
  • RMONMore Information IETF RMON WG http://www.ietf.org/html.charters/rmonmi b-charter.html http://www.ietf.org/html.charters/rmonmi b-charter.html Cisco RMON Home http://www.cisco.com/en/US/tech/tk648/t k362/tk560/tech_protocol_home.html Cisco NAM Product Page http://www.cisco.com/en/US/products/hw /modules/ps2706/ps5025/index.html http://www.cisco.com/en/US/products/hw /modules/ps2706/ps5025/index.html
  • Slide 20
  • BGPMore Information Cisco BGP Home http://www.cisco.com/en/US/tech/tk365/t k80/tech_protocol_family_home.html http://www.cisco.com/en/US/tech/tk365/t k80/tech_protocol_family_home.html Slammer/BGP analysis http://www.nge.isi.edu/~masseyd/pubs/ massey_iwdc03.pdf http://www.nge.isi.edu/~masseyd/pubs/ massey_iwdc03.pdf Team CYMRU BGP Tools http://www.cymru.com/BGP/index.html http://www.cymru.com/BGP/index.html
  • Slide 21
  • SyslogMore Information Syslog.org - http://www.syslog.org/http://www.syslog.org/ Syslog Logging w/PostGres HOWTO http://kdough.net/projects/howto/sysl og_postgresql/ http://kdough.net/projects/howto/sysl og_postgresql/ Agent Smith Explains Syslog http://routergod.com/agentsmith/ http://routergod.com/agentsmith/
  • Slide 22
  • Packet CaptureMore Information tcpdump/libpcap Home http://www.tcpdump.org/ http://www.tcpdump.org/ Vinayak Hegdes Linux Gazette article http://www.linuxgazette.com/issue8 6/vinayak.html http://www.linuxgazette.com/issue8 6/vinayak.html
  • Slide 23
  • Remote Triggered Black Hole Remote Triggered Black Hole filtering is the foundation for a whole series of techniques to traceback and react to DOS/DDOS attacks on an ISPs network. Preparation does not effect ISP operations or performance. It does adds the option to an ISPs security toolkit.
  • Slide 24
  • More Netflow Tools NfSen - Netflow Sensor http://nfsen.sourceforge.net/http://nfsen.sourceforge.net/ NFDUMP http://nfdump.sourceforge.net/http://nfdump.sourceforge.net/ FlowCon http://www.cert.org/flocon/http://www.cert.org/flocon/

Telemetry types, frequency,position and multiplexing in telemetry

Telemetry types, frequency,position and multiplexing in telemetry

Telemetry Onboarding

Telemetry Onboarding

Telemetry Quiz

Telemetry Quiz

Radio Telemetry Module User Guide - RACELOGIC - … Telemetr… · Radio Telemetry Module User Guide . Radio Telemetry Module 30/04/2008 Page 2 of 11 ... Microsoft Word - RL Telemetry

Radio Telemetry Module User Guide - RACELOGIC - … Telemetr… · Radio Telemetry Module User Guide . Radio Telemetry Module 30/04/2008 Page 2 of 11 ... Microsoft Word - RL Telemetry

Bio Telemetry

Bio Telemetry

TELEMETRY SYSTEMS Telemetry Data Processing & Simulation ...gdpspace.com/wp-content/uploads/TDP_Simulation-brochure_-FINAL… · Acroamatics' Telemetry Data Processing and Simulation

TELEMETRY SYSTEMS Telemetry Data Processing & Simulation ...gdpspace.com/wp-content/uploads/TDP_Simulation-brochure_-FINAL… · Acroamatics' Telemetry Data Processing and Simulation

Satellite Telemetry, Tracking and Control Subsystems · PDF fileSatellite Telemetry, Tracking and Control Subsystems ... • Two-way coherent communication ... Satellite Telemetry,

Satellite Telemetry, Tracking and Control Subsystems · PDF fileSatellite Telemetry, Tracking and Control Subsystems ... • Two-way coherent communication ... Satellite Telemetry,

Systems EngineeringManager APAC - icion-leadership.com · Arista 7500E /7280 7150. Telemetry/Visibility Leaf. External Network. MLAG. W eb Serv rs. App Delivery Contro lers. Firewalls.

Systems EngineeringManager APAC - icion-leadership.com · Arista 7500E /7280 7150. Telemetry/Visibility Leaf. External Network. MLAG. W eb Serv rs. App Delivery Contro lers. Firewalls.

UNIT - 1 TELEMETRY PRINCIPLES€¦ · UNIT – 1 TELEMETRY PRINCIPLES 6 JNKOTHARI,IC DEPARTMENT PNEUMATIC TELEMETRY : • In a pneumatic telemetry system, compressed air is used to

UNIT - 1 TELEMETRY PRINCIPLES€¦ · UNIT – 1 TELEMETRY PRINCIPLES 6 JNKOTHARI,IC DEPARTMENT PNEUMATIC TELEMETRY : • In a pneumatic telemetry system, compressed air is used to

1.KingTech Telemetry Flow · 1.KingTech Telemetry Flow 1.JR 2.JETI 3.FUTABA 4.Graupner Setting Fuel Tank Telemetry Select Press Enter to Telemetry Menu …

1.KingTech Telemetry Flow · 1.KingTech Telemetry Flow 1.JR 2.JETI 3.FUTABA 4.Graupner Setting Fuel Tank Telemetry Select Press Enter to Telemetry Menu …

Telemetry Report

Telemetry Report

CLOUD EOS NETWORKING PORTFOLIO€¦ · Cloud Visibility & Telemetry Cloud Orchestration Seamless workload mobility Private Cloud Public Cloud vEOS vEOS cEOS cEOS Available Architecture

CLOUD EOS NETWORKING PORTFOLIO€¦ · Cloud Visibility & Telemetry Cloud Orchestration Seamless workload mobility Private Cloud Public Cloud vEOS vEOS cEOS cEOS Available Architecture

-Assessment Of IJse Of Telemetry i Oil-Field...Telemetry - Telemetry is a technology that allows the remote transmission of data. Telemetry use for water monitoring in North Dakota

-Assessment Of IJse Of Telemetry i Oil-Field...Telemetry - Telemetry is a technology that allows the remote transmission of data. Telemetry use for water monitoring in North Dakota

application visibility and network telemetry using splunk … · ARISTA WHITE PAPER APPLICATION VISIBILITY AND NETWORK TELEMETRY USING SPLUNK 2 There are two parts to the Arista Network

application visibility and network telemetry using splunk … · ARISTA WHITE PAPER APPLICATION VISIBILITY AND NETWORK TELEMETRY USING SPLUNK 2 There are two parts to the Arista Network

TELEMETRY ACQUISITION SYSTEM - U.S. Navy Naval Air Systems … · Mobile Telemetry Assets AUTOMATIC TRACKING TELEMETRY ACQUISITION SYSTEM The Automatic Tracking Telemetry Acquisition

TELEMETRY ACQUISITION SYSTEM - U.S. Navy Naval Air Systems … · Mobile Telemetry Assets AUTOMATIC TRACKING TELEMETRY ACQUISITION SYSTEM The Automatic Tracking Telemetry Acquisition

SonicWall Products Update · Secure Access NAC, DPI-SSL Enablement etc. Risk Intelligence Threat Intel, EP Telemetry etc. Vision for SonicWall Capture Client Delivering Endpoint Visibility

SonicWall Products Update · Secure Access NAC, DPI-SSL Enablement etc. Risk Intelligence Threat Intel, EP Telemetry etc. Vision for SonicWall Capture Client Delivering Endpoint Visibility

A New Telemetry System - US EPA · A New Telemetry System; A New ... Our existing telemetry system ... Microsoft PowerPoint - A New Telemetry System.ppt Author: kcaven02

A New Telemetry System - US EPA · A New Telemetry System; A New ... Our existing telemetry system ... Microsoft PowerPoint - A New Telemetry System.ppt Author: kcaven02

Freedom: The Promise of Telemetry Revisited - Stellar Telemetry Webinar (TSE Systems)

Freedom: The Promise of Telemetry Revisited - Stellar Telemetry Webinar (TSE Systems)

GLOBAL SPONSORS - Dell€¦ · Enterprise & Cloud Networking . Industry Trends. Multi-Cloud. 2.5G in the AP. Telemetry & Visibility . IoT. Multi-tenant . Security . 25G in the Rack.

GLOBAL SPONSORS - Dell€¦ · Enterprise & Cloud Networking . Industry Trends. Multi-Cloud. 2.5G in the AP. Telemetry & Visibility . IoT. Multi-tenant . Security . 25G in the Rack.

Aerospace Telemetry (IRIG 106 PCM & CHAPTER 10 intro) · What is Telemetry? Learn Telemetry Basics Airborne Side Telemetry System Ground Side Telemetry - Ground Station Ground Station

Aerospace Telemetry (IRIG 106 PCM & CHAPTER 10 intro) · What is Telemetry? Learn Telemetry Basics Airborne Side Telemetry System Ground Side Telemetry - Ground Station Ground Station