1 / 76

IRONMAN V1.5

IRONMAN V1.5. Network Management Environment. IRONMAN V1.5 Traffic Problem Domain. Nodes : 50,000,000 total ; 5000 to protect Protocols : 160 + Ports : 1024 well-known ; 60000+ others Services : 10 - 200 (e.g. WWW, email) Applications : ???

mclair
Download Presentation

IRONMAN V1.5

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IRONMAN V1.5 Network Management Environment

  2. IRONMAN V1.5 Traffic Problem Domain • Nodes : 50,000,000 total ; 5000 to protect • Protocols : 160 + • Ports : 1024 well-known ; 60000+ others • Services : 10 - 200 (e.g. WWW, email) • Applications : ??? • Typically 500 ++ instances (packets) per second • Acceptable vs unacceptable combinations

  3. Provides Interactive Management of networks and components Policy Based Modeling, Analysis and Control Passive Monitoring and Active Probing of Networks Dynamic Visualization of Information and Systems Integration of Existing Commercial Tools and Custom Tools Virtual Common Data Repository for all Information Sources Client-Server and Peer-to-Peer Architecture using Standard Technology IRONMAN V1.5 Network Management Environment

  4. Functional Architecture Acquisition Control ADAPTIVE MANIFOLD Representation Presentation Analysis Decision

  5. IRONMAN HTTP Server WWW Browser HTTP Server (Sockets) VRML 2.0 Plugin IRONMAN Agent Server Network IRONMAN HTTP Server IRONMAN HTTP Server Client Manifold Client Support Applications System Architecture

  6. Distributed Interactive Simulation and Control • client-server structure • servers: data-gathering (probes and monitors), analysis, control, representation, persistent storage and decision support • clients: working storage, presentation (display) and command consoles • some analysis in clients but only for network efficiency • collaborative architecture (i.e. shared workspace through servers, storage and presentation space) • streaming data updates • database architecture: local working and global persistent

  7. Hierarchy of Fusion Problems

  8. Probing, Monitoring and Control • Probes: CyberCop, Nessus, Internet Security Scanner, .... • Intrusion Detection: NetRanger, Network Flight Recorder, ….. • Monitoring: SNMP RMON, TCP Dump, …... • Policy/Configuration: SNMP, Telnet, X-Windows, .... • Agents: perform one or more of the above ... • other

  9. Vulnerability Database Schema • Vulnerability Identification(id, title) • Description and impact • System identification • Application information • Reference to the vulnerability • Detailed analysis, detection techniques and fixes analysis, detection, fix, test, workaround, patch • Detailed information about exploitation (exploit, pattern) • Classifications and features (class, category) • Verification of vulnerability • Source of vulnerability information

  10. Agents • several intrusion detection system use agents as collectors /sensors ( e.g. AAFID); • agents are being studied as component of IRONMAN for: • acquisition • analysis • communication • control

  11. IETF IDWG Core Terms and Relationships

  12. Principal Visualization Goals • to identify if system is stable or unstable relative to an identified set of criteria (e.g. a security policy) • to identify if internal changes to the system will move system toward instability • to identify any external events which are tending to move the system towards instability

  13. IRONMAN Visualization • the generation of a set of (visual and aural) sensory stimuli for the user; and • the detection and interpretation of these stimuli by the user • user input to visualization • use VRML 2.0 as implementation framework

  14. VRML 2.0 Scene Graph • Group: Collections and Hierarchies • Transform (Xform): Shape,Colour, Location, Texture of Object • Script: Behaviour of Object and/or connection to Network • Sensor: Connection to User Actions and/or User Avatar Location

  15. Individual Control of Visualization Elements • VRML 2.0 scene is composed of nodes • each node is coupled to data source or network process • very large distributed computational structures can be monitored in real time over the network • each element can display individual characteristics • aggregate provides visualization support through collective morphology and topology

  16. Visualization Toolkit • a basic object editor; • a mapping assignment editor (to map data to parameters); • a basic visualization library manager; • a data set formatter; • a VRML 2.0 generator;

  17. Data Structures Visualization Toolkit • Six data structures are being developed to support models :- • network - main objects (vertices and lines); • permutation - reordering of vertices; • vector - values of vertices; • cluster - subset of vertices (e. g. one class from partition); • partition - mapping of vertices to clusters; • hierarchy - hierarchically ordered clusters and vertices. • Algorithns which operate on these are being developed and evaluated.

  18. VR Server • Uses specification to generate a visualization; • inputs: • one or more data sets; • a set of prototypes or templates; • an algorithm for converting or mapping the data sets into Euclidean space using the available prototypes and templates • distributed compositional architecture

  19. System High-Level Visualization

  20. System Level of Detail Visualization

  21. System Level of Detail Visualization

  22. System High-Level Visualization Example: • 676 hosts • Ring is a LAN • White box is a selected host. HUD displays IP of host

  23. System Attribute Visualization • e.g. Mapping Network Components to Vulnerabilities • VRML 2.0 with behaviours and external interfaces

  24. System Attribute Visualization

  25. System Attribute Visualization

  26. System Behaviour Visualization VRML 2.0 with behaviours and external interfaces • tracking events through topology e.g. Traceroute • Events can be displayed using shapes which travel along links in the visual display. • Events can (1) have any shape, and can either be (2) persistent and aggregate or (3) transient

  27. System Constraint Visualization • e.g. Policy Violations by Multiple Components • VRML 2.0 with behaviours and external interfaces

  28. Partitioned Host Traffic Visualization • Various display layouts are possible • This example shows line and spiral

  29. Partitioned Host Traffic Visualization • Partition Hosts into 2 or more categories • Time-independent Display

  30. Partitioned TCP Dump Visualization External Hosts - red disk Internal Hosts - green line

  31. Partitioned Host Traffic Visualization • shows partition of hosts • time-independent • scan of network displayed

  32. Temporal TCP Dump Traffic Visualization Cartesian Display

  33. Temporal TCP Dump Visualization

  34. Temporal TCP Dump Traffic Visualization Polar Display

  35. EPIC Port Alerts

  36. EPIC Signature Alerts

  37. Hyper-Geometric Visualization

  38. Hyper-Geometric Visualization

  39. Heads Up Displays

  40. Heads Up Displays

  41. Context Displays

  42. Context Displays

  43. Context Displays

  44. Context Displays

  45. Context Displays Top View

  46. Context Displays

  47. Context Displays Textured reference floor providing context status and “bubbles” indicating status of particular machines “Bubbles” indicating status of particular machines Textured reference floor providing context status

  48. Conetrees Conetrees can be used either for user interface ( i.e. selection of options, etc) or to indicate hierarchical structures

  49. Controls and • Level of Detail Elements of the visual presentation can be provided with associated controls and displays. Buttons can be persistent or can become visisble with proximity or external triggers

  50. Controls and • Level of Detail In this case, selecting the red button caused the remainder of the elements in the display to be hidden. Actions associated with each user interface can be dynamically assigned or form part of a standard user interface profile. If buttons are dynamically assigned, they will have information tableaus associated with them.

More Related