|Place of Origin:||China|
|Certification:||CCC, CE, RoHS|
|Minimum Order Quantity:||1 SET|
|Packaging Details:||Outer Carton plus Inner Foam|
|Delivery Time:||1-3 Working Days|
|Payment Terms:||L/C, D/A, D/P, T/T, Western Union, MoneyGram|
|Supply Ability:||100 sets per month|
|API:||Application Program Interface||K Situational Awareness:||SNMP, NetFlow, SFlow, NetStream, Packet Capturing|
|Data Visualization:||WireShark, NTopng, Ganglia, GeoIP||Network Attack:||Mainstreaming Of Cybercrime Happen Everyday|
|Applications:||Data Center Of Telecom, Broadcasting, Operators||Related Solutions:||Network Visibility, Network Monitor, Network Security, Network Analytics, Data Center, Traffic Management, Traffic Optimize|
tap api integration
Network Situational Awareness to Manage Network Tap Through API Data Integration Interface
Situational Awareness Background
Situational Awareness (SA) was first introduced in the military field.In the 1980s, the U.S. air force introduced the concept of situational awareness, covering three levels of perception (perception), understanding and prediction.In the 90 s, the concept of situational Awareness begins to be accepted gradually, and with the rise of the network and upgrade for situational Awareness "network (Cyberspace Situation Awareness, CSA)", refers to the large-scale network environment to the safety factor of the change of the network Situation obtaining, understanding, display, and the recent development trend of postpone forecasts, and the final purpose is to make decisions and action.This article will focus on the following topics to discuss some common problems in network situational awareness:
The basis of network perception: network layer, sensor
Network analysis technology: SNMP, NetFlow, sFlow, NetStream, Packet Capturing
Network data visualization: WireShark, NTopng, Ganglia, GeoIP
The basis of Network Awareness
1. No single sensor is all-powerful
The general steps to measure a network are as follows: first, obtain the network topology, the connection method of the network, the list of potential observation points, etc.Then determine the potential observation point, determine the position can see the flow;Finally, the optimal coverage scheme is determined.In a complex network, no single sensor can be fully covered, so multiple sensors need to be used together.According to the field of collection, sensors can be divided into three categories:
Network: intrusion detection system (IDS), NetFlow collector, TCP collector (such as tcpdump)
Host: reside on the host, monitor the activities (file access, login and logout) on the host, network card traffic
Services: mail messages, HTTP requests for specific services
2. Influence of network layering on sensors
In general, the focus of the network sensor is layer 2 ~ 4 in the OSI model, while the focus of the service sensor is layer 5 and above.In the impact of layering on network traffic, it is also necessary to consider the maximum transmission unit (MTU) : the upper limit of the data frame size, which affects the maximum size of packets that can be transmitted in the medium.The OSI model layer 5 session layer needs to consider the situation is session encryption, the encrypted information can not be directly understood;In layers 6 and 7, you must know the protocol details to extract meaningful information.
Network Analysis Technology
Network traffic reflects the running state of the network and is the key to judge whether the network is running normally.If the traffic received by the network exceeds its actual carrying capacity, the network performance will be degraded.Various parameters of traffic in the network mainly include receiving and sending datagrams, packet loss rate, datagrams delay.
1- SNMP (Simple Network Management Protocol) contains an application layer Protocol, a database schema, and a set of data objects
2- RMON(Remote Network Monitoring,RFC2021)Network monitoring data contains a set of statistics and performance metrics that are exchanged between different monitors (or probes) and console systems.It can actively monitor the remote device and track the traffic information on the network segment connected by the device port.As long as give adequate resources to detector, it can also be to prevent protective performance monitoring data equipment, equipment diagnosis to active on the network performance and record network performance, in the event of a failure to timely notify the information managers, related information is divided into statistics, history, alarms, events, such as four groups, rules can be preset.
3- NetFlow vs sFlow vs NetStream
4- Protocol and user identification
According to the contents of the data report header, IP address, port number, protocol, message format and other characteristics can be analyzed. After classification, various application layer protocols can be accurately identified, such as P2P (thunderbolt), instant messaging (QQ, WeChat), VPN, email and so on.Of course, this is only "shallow" packet detection, like looking at the sender and recipient on an envelope.
"Deep" packet detection, which makes sense as a probe into the contents of a pair of letters, is more artistic than the brute force of opening the envelope.Instead of actually reading the contents of a packet, it collects peripheral information and does a "Profiling" of the data stream.A research team in China once published a paper on "network traffic classification, research progress and prospects", which mentioned a variety of technologies for "Deep Packet Inspection" (DPI) using machine learning
Your network is under Attack? The Mainstreaming of Cybercrime happen everyday.
Take control and solve problems faster;
Experience Next Generation Visibility and Troubleshooting;
Achieving Service Assurance across Multi-Cloud Environments;
Smart Security is Here!
Contact our team today, see what the others can't, let's be a partner, we are here to accelerate Your NFV Journey!
The MATRIX traffic collection visual management system can be completed by deploying:
1- E-government cloud presence network topology, the relationship between collection point location and presence network topology, the collection network topology itself, security analysis equipment (intrusion detection, audit, FLOWEYE, etc.) and other overall equipment involved in the whole monitoring flow acquisition and analysis chain for unified visual display and monitoring.
2- real-time monitoring and collection of healthy operation status information of the link, including real-time display of current flow rate curve;Inquiry and display of historical flow rate curve;Links are displayed based on different packet length distribution models to reflect message application characteristics.Links are presented based on the distribution models of different unicast/multicast/broadcast messages to reflect the network health profile.
3- Real-time monitoring of traffic status information output to different back-end security analysis systems.Based on the fact that different security analysis systems may focus on different types of traffic data, the MATRIX system can monitor the flow curve status and statistics output to each analysis system in real time.
4- Real-time state monitoring of the acquisition link/flow output link. In case of link anomalies or significant anomalies in the flow model, the system can generate warnings and output them to the security situation awareness platform through the interface for unified presentation. Users can further process the anomalies in a timely manner to improve the availability of the whole system.
5 - MATRIX flow acquisition visual management system to perform sampling MATRIX in each equipment unit visualization of flow distribution strategy management, based on the current network topology view and go deep into the application of lateral flow classification described strategy can be more clear description of the complete flow distribution configuration, greatly reduce maintenance difficulty traffic management strategies.
The 6-matrix traffic collection visual management system can not only independently provide a visual WEB interface, but also provide WEBSERVICE, socket and other types of API interface to integrate with the security management platform, and accept the unified centralized management of the security management platform to present a unified management view to users.
To sum up, through the deployment of SDN flow collection and distribution MATRIX and MATRIX flow collection and distribution of visual management system components to the cloud security management unified e-government platform and tightly integrated with platform construction, achieve the basis of the unified administration of e-government cloud network traffic data management effect, for the analysis of network security and security situational awareness system provide strong support.
3. 100G Data Acquisition, Data Capturing and Switch Service Card/Module Network Taps for Network Situational Awareness (SA)
|Component type||Product Model||Basic Parameter||Remarks|
|Service card||NT-TCA-SCG10||100G exchange card,10*QSFP28 interface||Choose according to actual business needs|
|NT-TCA-CG10||100G service card,10*QSFP28 interface|
|NT-TCA-XG24||10G service card,24*SFP+ interface|
|NT-TCA-RTM-CG10||100G RTM card,10*QSFP28 interface|
|NT-TCA-RTM-EXG24||10G RTM card,24*SFP+ interface|
|TCA Visibility Embedded software system||NT-TCA-SOFT-PKG||must|
Contact Person: Jerry
Medical Industry Network Security Services: Hospital Infomation Data Center Monitoring
Anti-ddos Solution: Nanosecond response, separation of inspection and control, flexible management
Hospital Data Center: Typically deployed with a variety of toll servers, case management servers, and pharmacy management servers
Medical Industry Network Security: hospital network isolation and information exchange construction needs. Internal networks can easily be attacked by malicious intruders from external networks