1 / 21

Brocade INM 概觀

打造企業新世代內網安全管理 Brocade INM 、 s F low 、 Snort Integrate Application Note 2009.10.14 William Lin / CISSP, CEH williamlin@bestcom.com.tw. Brocade INM 概觀. Brocade IronView Network Manager. Layers 2-3 Layers 4-7 MPLS Wireless Northbound Interface. Easy to use L2-3 Topology Group Configuration

kerriv
Télécharger la présentation

Brocade INM 概觀

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 打造企業新世代內網安全管理Brocade INM、sFlow、Snort Integrate Application Note 2009.10.14William Lin / CISSP, CEHwilliamlin@bestcom.com.tw

  2. Brocade INM概觀

  3. Brocade IronView Network Manager • Layers 2-3 • Layers 4-7 • MPLS • Wireless • Northbound Interface • Easy to use • L2-3 Topology • Group Configuration • Change Management • Reporting • Event Manager • Traffic Analyzer • sFlow Collector • Performance Monitor • MAC Filter Manager • ACL Manager • IronShield 360

  4. Brocade IronView Network Manager MPLS Provisioning Topology Security Event Management Policy Management Configuration July 2009 Brocade INM Overview

  5. Core Access Third Party Aggregation INM 可以管理所有的Brocade IP設備 FI-ES Series FI-WS Series FI-ESX Series FI-LS Series NI-CES Series BI-RX Series FI-GS Series NI-XMR Series FI-SX Series FI-CX Series TI-24X NI-MLX Series SI-ADX Series IPM Series Scalable to over 10,000 devices

  6. INM提供整合的單一管理介面 Layer 2 / Layer 3 Manager • Easy-to-use, intuitive GUI • Support for all Brocade L2/L3 devices • Status, configuration, statistics, topology, and end-point settings • NetIron MLX, XMR, and CES support • Wireless Manager • Centralized management of wireless switches and Access Points (APs) across the network • RF monitoring to detect rogue APs • Northbound Interface • Integration with third-party Network Management Systems (NMSs) • Inventory information for Brocade and third-party devices • Java or Perl scripting interface • ServerIron Manager • Physical and virtual IP management • Gobal Server Load Balancing (GSLB) • Support for new ServerIron ADX Application Delivery Controllers July 2009 Brocade INM Overview

  7. INM降低網路管理的複雜度 Ease of Use • Intuitive Web-based tools to reduce management time and OpEx • Access from anywhere within the network • Dashboard with at-a-glance summary asset and event information • Device Configuration Manager • Automatically deploy device configurations • Execute CLI commands across groups of switches • Change Manager • View, retrieve, and restore configurations • Manual or scheduled backups • Pre/post-change snapshots • Roll back configuration changes • Topology Manager • Integrated topology discovery • L2, VLAN, IP, STP/RSTP, MRP, and MPLS • Background maps support • Device search capabilities July 2009 Brocade INM Overview

  8. INM有助於提高網路可靠性 Event Manager • SNMP, Syslog, Snort, and partner events • SNMP Trap forwarding • Reporting, analysis, monitoring, and remediation • Easier to meet Service Level Agreements (SLAs) • Closed-loop remediation through integration with Device Configuration Manager • Traffic Analyzer • sFlow reporting, accounting, and presentation • Gain visibility into network activity • Custom report generator • Trending and analysis for troubleshooting • Performance Monitor • Monitor essential network performance information • Advanced graphing tool • Brocade and third-party device support • Export graphs as images or CSV files July 2009 Brocade INM Overview

  9. INM可整合設備安全機制 MAC Filter Manager • Importing, configuration, and deployment of MAC filters across devices • Wired and wireless device support • Access Control List (ACL) Manager • Rapidly configure and deploy ACLs • Replicate ACLs to groups of switches • Supports predefined service ACLs • ACL customization support • Brocade IronShield 360 • sFlow collection and conversion to PCAP • Integration with Snort and other open source Intrusion Detection Solutions (IDSs) • Identify accidental or malicious activity July 2009 Brocade INM Overview

  10. INM 特色 July 2009 Brocade INM Overview

  11. sFlow機制可提升網路管理能見度

  12. WAN Data Center 藉由sFlow提供網路流量資訊做到端對端流量監控 100 MbE 10 GbE NetIron MLX Core 100 MbE PoE 1 GbE 10 GbE BigIron RX 1 /10 GbE FastIron SX800 Network Administrator 1 GbE PoE Aggregation 10 GbE FastIron SX1600 PoE FastIron SuperX PoE FastIron CX PoE+ FastIron WS PoE Access Devices sFlow Collector 802.11n Access Point (PoE+) Surveillance Cameras Content-Rich, Video, Unified Communication Business Desktops and Phones 100 MbE and 1 GbE Devices August 2009 Enterprise Campus Networks

  13. Switch/Router forwarding tables sFlow agent interface counters Switching ASIC 1 in N sampling sFlow 運作方式及其內容 sFlow Datagram packet header src/dst i/f sampling parms forwarding user ID URL i/f counters eg 128B rate pool src 802.1p/Q dst 802.1p/Q next hop src/dst mask AS path communities localPref src/dst Radius TACACS sFlow Collector & Analyzer

  14. 使用sFlow提供流量資訊好處 • 提升網路流量能見度 • 部署容易, 不需更動網路架構 • 持續性的監控方式

  15. 整合Brocade IP 設備、sFlow、INM、SNORT提升網路管理能力與效率

  16. How to? • Step1:選擇支援sFlow輸出之設備設定sFlow vlan 1 name DEFAULT-VLAN by port snmp-server community ji394ao3sm3 rw snmp-server host 10.100.0.24 sflow enable sflow destination 10.100.0.24 ! interface Fastethernet 0/1 sflow forwarding ! interface Fastethernet 0/2 sflow forwarding !

  17. How to? (Cont.) • Step 2:安裝Brocade INM • Step 3:安裝SNORT • Step 4:設定INM, SNORT相關設定檔 • Step 5:確認sFlow是否有進INM • Step 6:確認SNORT正確啟用狀態 • Step 7:產生流量驗證SNORT告警事件出現在 INM的事件管理器上

  18. 測試與驗證環境 偵測嘗試透過Web管理介面與FWS的連線告警 (授權管理者為10.100.0.25, 其他為未被授權) ! 同樣的機制也可以應用在Reconnaissance行為、蠕蟲擴散、未經授權存取特定資源的偵測

  19. 結論 • 提昇管理能見度與效率 • 異常流量預警能力 • 網路中斷預警能力 • 整合單一中控台

  20. 敬請指教

More Related