190 likes | 210 Views
CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A. CURELAN TECHNOLOGY Co., LTD www.CureLan.com. The Flowviewer can protect your device from the cyber-intrusions and the cyber-attacks. Port scan. The Flowviewer has the ability to detect kinds of cyber-intrusion and cyber-attack by
E N D
CURELAN TECHNOLOGY Co., LTDFlowviewer FM-800A CURELAN TECHNOLOGY Co., LTD www.CureLan.com
The Flowviewer can protect your device from the cyber-intrusions and the cyber-attacks Port scan • The Flowviewer has the ability to detect kinds of cyber-intrusion and cyber-attack by analyzing the detail information of each IP. UDP Flood Attack SSH Cyber-Intrusion DOS Attack Cyber-Attack RDP DNS Attack Worm Inner Intrusion NTP Attack
The difference between the Flowviewer and other IPS/IDS products
Major Functions • Automatically block infected IPs from L3 Switch by ACL (for Cisco, Foundry, Alcatel and Extreme) or block by Flowviewer (in inline mode). • RDP and SSH password guess detection and blocking. • Port Scan, worm and Inner Intrusion detection and blocking. • UDP flood, DOS, DNS and NTP attack detection and blocking. • Provide kinds of intrusion/attack report: • RDP password guess, SSH password guess, Port Scan, worm, Inner Intrusion, UDP flood, DOS, DNS and NTP. • Netflow or sFlow traffic report.
Reports • The Flowviewer provides a lot of report, including the report of Inner Intrusion, RDP, SSH, Port Scan, worm, UDP flood, DOS, DNS,NTP attack report and the network traffic reports. • Under “Query” “Daily Graphic”, the administrator can check what happened from the “Abnormal traffic matrix”.
The real case of theSSH & RDP intrusion • The Flowviewer can detect both SSH and RDP password guessing attack.
The real case of the DOS attack • The administrator can see the information of the attack by clicking the blockon the abnormal traffic matrix.
The real case of the DOS attack (Cont.) • If the administrator wants to see the detail information of the attack, he can zoom-in by clicking the number of Flows.
The real case of theUDP flood attack • The administrator can see the information of the attack by clicking the blockon the abnormal traffic matrix.
The real case of the UDP flood attack (Cont.) • If the administrator wants to see the detail information of the attack, he can zoom-in by clicking the number of Flows.
The real case of theDNS attack • The administrator can see the information of the attack by clicking the blockon the abnormal traffic matrix.
The real case of theNTP attack • The administrator can see the information of the attack by clicking the blockon the abnormal traffic matrix.
Inner Intrusion • The Russian hacking groups steal money from banks and rigged ATMs to spew cash across the world. Because the ATM system is a closed network system, the method that they can use is intruding from intranet to intranet. I think we can make a reasonable guess that it may be due to the cooperation of the inside staff. He will invade other computers from intranet so that the police cannot track down his IP and then use the victim computer hacking the ATM service center. After the intrusion succeed, he can send cash spewing to the ATM and appoint people to take the money. • The First Commercial Bank heist in Taiwan can be solved because the police found the face of the people who take money from the cctv. That makes the police know who the suspects are right away. As a result, they found the money but not the people who hide in the dark side. • If the First Commercial Bank uses the Flowviewer, they can detect the intrusion from intranet to intranet by the Inner Intrusion detection function. They can block the intrusion and find out the source IP addresses.
Inner Intrusion (Cont.) • In Taiwan, a secret unit of government uses the closed network. They used the Flowviewer and found out the intrusion by the inner intrusion detection function. The spies were caught in the end. • The secret unit of Taiwan's government uses the closed network ; the ATM system is a closed network system, too. I think the method that the hackers used is the same. The only difference is that the Trojans horse programs they used. The hackers always use the latest version of program. That means the pattern is not be defined, so the device of IPS cannot detect these intrusions. • The Inner Intrusion detection function is unique and available only in Flowviewer. A unit used the Flowviewer to find out the spies who tried to intrude from intranet.
The real case of theInner Intrusion • The administrator can see the information of the attack by clicking the blockon the abnormal traffic matrix.
The Flowviewer can be deployed in inline mode to prevent the cyber-intrusion and the cyber-attack When the hackers use the devices on the relay attack, the FM-800A will detect and send the ACL commands to the core switch automatically to block this attack. The FM-800A will block the hackers automatically by sending the ACL commands to the switch while they try to attack the intranet. Hackers will try to compromise the computers on the intranet by a range of methods such as P2P, exploiting vulnerable Apps, spear phishing, etc. They use the infected machines to compromise other computers or servers on the network. There are two ways to automatically block the attacks from the hackers. ◎Flowviewer can automatically block the attacks from the hackers. ◎Flowviewer can automatically send the ACL commands to the Core Switch to block the attacks from the hackers.
Using mathematical formula to analyze the cyber-attack • We can know how many sessions that hacker may create from the following formula.