Segurança Em Redes De Comunicações

Data Sources

SNMP

  • Used to acquire knowledge about the current states of nodes/links/servers.

  • Local information. May be used to extrapolate to global information.

  • (Often) Requires the usage of vendor-specific MIBs.

Flow exporting

  • Used to characterize users/services in terms of the amount of traffic and traffic destinations.

  • Medium and large time-scale information.

  • Protocols: Cisco NetFlow, IPFIX – Standard, Juniper jFlow, and sFlow.

Packet Captures / RAW statistics / DPI vs. SPI

  • Used to characterize users/services in small time scales.

  • Requires distributed dedicated probes.

Access Server/Device logs and/or CLI access.

  • Used to acquire knowledge about past and current state.

Active measurements

  • Introduces entropy on the network and requires (for many measurements) precise clock synchronization.

  • E.g., one-way delay/jitter, round-trip delay/jitter.

PreviousPer-Service Detailed MonitoringNextSNMP

Last updated