beautypg.com

Network security monitoring, Chapter 6, Chapter 6 network security monitoring – Force10 Networks PSeries 100-00055-01 User Manual

Page 43

background image

P-Series Installation and Operation Guide, version 2.3.1.2

43

A key aspect of network security deployment is the ability to monitor the network for security events,
analyze them, and perform counter measures. To that end, the P-Series supports Sguil, an open source
network security monitoring and reporting system that provides the ability to:

collect, monitor, and correlate security events/alerts in the network

analyze security events based on context

categorize and escalate events for intrusion response decisions

The Sguil solution consists of the following components (

Figure 27

):

Sensors—Sensors are the systems actually monitoring network traffic and collecting data. Sensors
perform packet captures of network traffic in addition to running Snort in alert mode.

Database—The database holds the alert and session data that the sensors collect.

Client—The client is the interface to the Sguil server.

Server—The Sguil server maintains connections to the sensors, clients, and database.

Figure 27

Sguil Server

Sguil Client

Security Alert Information

P-Series Sensors

fn90025mp

Sguil Architecture

Chapter 6

Network Security Monitoring

See also other documents in the category Force10 Networks Hardware: