|
Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
 |
ATM Mapping and Monitoring ToolAliases:NoneTechnical Challenge:Increased complexity and dynamic nature of emerging network technologies.Description:The ATM Mapping and Monitoring Tool is a flexible system for mapping, monitoring and protecting an ATM network. The tool employs the active participation of a sensor in a given ATM protocol. The sensor participates in protocol message exchanges and state machines with other network elements such that, by looking at that protocol the sensor is indistinguishable from the other entities. By actively participating in the protocol, the sensor is able to collect information and statistics on the protocol in a realtime event driven manner. The sensors support the ATM Forum routing protocol, Private Network-Network Interface Version 1.0,and the ATM Forum LAN Emulation User-Network Interface version 2.0 protocols. The sensors are configured by monitors, graphical user interfaces, through downloaded rule sets which dictate the interesting events the sensors should listen for, when they will alert the monitor, and what action should be taken when those events occur. Through the use of a scripting language, the Tool Command Language (TCL), both the monitor and sensor can be tailored to listen and react to different events and to perform different actions when those events occur. Within a network, there may be multiple monitors, which connect to multiple sensors, and multiple sensors per monitor. This functionality allows for the sharing of the sensor infrastructure across the security, network, configuration, and bandwidth management communities, which may be contained in different administrative domains.The monitor can perform correlation between events within different protocols to assist in enhanced detection of faults, intrusions and anomalous behavior. The system is different from the systems that are deployed today, because it primarily looks at control protocols, not user data. In addition to the above capabilities, the tool has been enhanced to provide capabilities to define ATM security features, to ensure that these features continue to be used and enforced and to use additional data from ATM connection logs. These features allow an operator to define a security boundary and a connection filtering policy for an ATM network. The operator can then apply the policy to the boundary. The tool will then use information and events derived from ATM logs and the sensors to determine if the policies are being enforced or if a condition has occurred that circumvents the policy. This tool has been developed in such a way that additional protocol sensors can easily be written and integrated. Some of these protocols to which this software could be applied are IP routing protocols, virtual LAN protocols and some of the emerging optical protocols. By enhancing the tool in this fashion, it could be made into a system to monitor a very heterogeneous networking environment. Demonstration Capability:Yes, Depending upon the level of security clearance. Noncleared individuals can get prototype and lab level demonstrations. Appropriately cleared individuals may be granted access to operational environments where this tool is in use.Potential Commercial Application(s):This technology has applications in the network management and security sectors. In the area of network management, the tool can be used to monitor the state of an ATM network and see events as they occur. It also has enhanced capabilities that allow it to be used to monitor the available bandwidth in the network and watch for changes in real-time. These uses suggest that the tool would fit well with an equipment vendor, a network management vendor or even a services vendor to quickly diagnose the network topology and state. In the security sector, the technology can be applied in an ATM intrusion detection system or to monitor for proper configuration control.Patent Status:Filed: Patent Application Serial No. 10/190,962 (Updated)Reference Number: 1160If you are interested in exploring this technology further, please express your interest in writing to the: National Security Agency |
|
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15 2009 |
Welcome to the National Security Agency - NSA/CSS
2009 National Security Agency
Privacy
|
Terms of Use
|
NoFEAR Act
|
FOIA
|
DNI.gov
|
DOD.mil
|
USA.gov
|
Contact Us
|
Site Map
Privacy
|
Terms of Use
|
NoFEAR Act
|
FOIA
|
DNI.gov
|
DOD.mil
|
USA.gov
|
Contact Us
|
Site Map