CIO Home | White Papers | Bloggers | Webcasts | Newsletters | RSS

|

»

Network

Machine shop

Inside a Network Operations Center

Harvard's NOC uses tools from TopLayer and Q1 Labs to keep an eye out for security problems.

Leave a comment

By Simson Garfinkel

Thu, June 21, 2007 — CSO — I recently had a chance to visit Harvard University's network surveillance center. One doesn't normally see the words university and network surveillance in the same sentence, because surveillance of any kind is usually seen as being at odds with the tradition of academic freedom present at most universities. Unfortunately, higher education has long been associated with Internet-related computer crime—both as victims and as the home institution of many perpetrators. As a result, many universities have had to make significant investment in various kinds of network monitoring.

What makes Harvard's network surveillance notable is not the fact that Crimson engages in network surveillance but the scale and technical sophistication of those monitoring operations. Harvard has 6-gigabit connections to both Tier 1 Internet providers and Internet2. Between 10 and 20 terabytes of data moves across Harvard's border every day. What's more, traffic frequently undergoes asymmetric routing, which means that packets travel across different border routers depending on whether they are leaving Harvard or returning—one of the unfortunate consequences of something known as "hot potato routing."

Yet despite this complexity, Harvard manages to categorize and record information about practically every packet crossing its borders.

To find out how Harvard works this magic, I met with Jay Tumas, Harvard’s network operations manager. It wasn’t a long walk: Jay's office at University Information Systems is just a block down the street from my office at the School of Engineering and Applied Science.

No Packet Left Behind
Harvard's connections to the Internet and Internet2 take place in three physical locations: two in Boston and one in Cambridge. But rather than deploy intrusion and anomaly-detection systems at the border, Tumas has built a dedicated monitoring system that takes all critical traffic, makes a copy of every packet and sends those copies to the network surveillance center on 10-gigabit optical fibers. There the flows are reassembled using Cisco switches and sorted according to protocol family using a cluster of Top Layer 4508 IDS Balancers.

This architecture both lets Harvard split the load among multiple systems—it’s too much data for one IDS—and lets each IDS be configured with only the signatures that it actually needs, which makes each IDS run faster than it would if it were responsible for the full protocol suite.

"Last year we had over 10 million IDS hits," says Tumas. But instead of sending out an alert for each hit or just tabulating them in some log file that nobody ever really reads, Harvard has built a reactive system that rates the severity of each IDS hit, judges the chance of a false positive and then automatically alerts the responsible security manager.

1 | 2 | 3 | 4 |next page »

Comments

Print

LinkedIn

More from IT Drilldown « Back to Network

Articles

Global Warming Research Exposed After Hack

Twitter Geotagging: What You Need to Know

Five Reasons the Google Chrome OS Will Flop

Why Chrome OS Will Fail -- Big Time

100G Ethernet Cheat Sheet

10G in Data Centers Driving Ethernet Switch Market

The 5 Best, and 5 Worst, Features of Google Chrome OS

The 5 Best, and 5 Worst, Features of Google Chrome OS

More Articles »

Network ABCs

Get up to speed on network monitoring.

Learn More »

Network Newsletter

Network MarketSpace

Thinking About Deploying Mobile Broadband?

Explore lessons and best practices experienced by companies that have deployed mobile broadband to their workforce. Learn more »

Increase Application Performance and User Experience

This research shifts the attention from basic load-balancing features to application delivery features. Learn more »

Gartner Magic Quadrant, Application Delivery Controllers 2009

The market for products to improve the delivery of application software over networks remains dynamic. Learn more »

Top to Bottom Performance Management Excellence at the City of Chicago

McAfee's Network Security Platform IPS

McAfee's Network Security Platform IPS; the costs, benefits, flexibility, and risk elements. Learn more »

The Cost of SQL Sprawl

Learn how a new approach to SQL server consolidation can reduce server counts by 50%, lower maintenance costs by 70% and reduce administration time by 75%. Learn more »

A Bottleneck-free Infrastructure

Storage bottlenecks have a significant impact on performance and productivity. Learn more »

Application Delivery Despite Emerging Challenges

IT organizations need to choose appropriate application delivery solutions that can scale to support the emerging challenges. Learn more »

WHITE PAPERS

Top 10 Lessons Learned for Corporate 3G Mobile Broadband Deployments

Gartner Research Report: Load Balancers Are Dead

Gartner Magic Quadrant, Application Delivery Controllers 2009

The Total Economic Impact of Network Security Intrusion Prevention

SQL Server Consolidation

HP StorageWorks: A Bottleneck-free Infrastructure

The 2009 Handbook of Application Delivery

The CIO's New Guide to Design of Global IT Infrastructure

How Riverbed Helps Organizations Cut Costs

An In-Depth Look at ROI

Tolly Group ShoreTel Power Usage

IP Telephony from A-Z

Getting the Right Foundation: Unified Communications

From Voice over IP to Unified Communications: Simplify System Management

Are You Connected for Success?

Upgrading to VMware vSphere with vWire

Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle

Managing a growing threat: An Executive's Guide to Web Application Security

Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities

More White Papers »

SPONSORED LINKS

ROI of Application Delivery Controllers

Upgrading to VMware vSphere with vWire

Maximizing website Return on Information with high-quality search

See how AT&T can help protect your network.

Webcast: Unleashing the Power of Customer Data

White Paper: Improve Agility with Operational Responsiveness

White Paper: Legacy Tools: Not Built for the Helpdesk

Taking a Seat at the Executive Table: The Reality of Virtualization

White Paper: Next Generation Remote Infrastructure Management

Keeping Your Members Safe from Online Scams and Predators

The Total Economic Impact of Network Security Intrusion Prevention

Generation Remote Infrastructure Management - Changing the Paradigm

Cloud-Based Email Management: Opinion Shifts In Favor

eBook: How Can You Make Your People Productive Anywhere?

Achieving Business Agility with Application Grid

Ready to virtualize tier one applications? Check your virtualization maturity.

Seven Ways ITIL Can Help You in an Economic Downturn

Tips for successful virtualization management.

AT&T Synaptic Storage as a Service. Expand on demand

Trend Micro ranked #1 against real-world malware. Read more.

Webinar: Jump-start your in-house e-discovery with Ringtail QuickCull from FTI Technology

Streamline IT Costs. Boost Performance with WAN Optimization.

Build your 1st app FREE with Force.com

TDWI checklist helps define data readiness for analytics. Download report.

eZine: A Roadmap to Reducing IT Complexity

Gartner Magic Quadrant, Application Delivery Controllers 2009

Return on Information: Google Enterprise Search pays you back

Cut Costs & Green Your IT Operations with PC Power Management

White Paper: 4 Customer Service Myths

White Paper: Managed Security for a Not-So-Secure World

White Paper: 5 Best Practices for Smartphone Support

Global Research: CIOs Weigh In On Virtualization

5 Key Virtualization Management Challenges

Secure Email and Web-Based Communication from Evolving Attacks

WagerWorks Takes Fraudsters Out of the Game using iovation

Seven Design Requirements for Web 2.0 Threat Protection

Increase UPS efficiency without sacrificing protection.

Learn how advanced forecasting tools can deliver significant business results for global corporations.

Lower IT Costs with Oracle Database 11g Release 2

White Paper: Visibility and the New Normal of Mobile Work

Taking the Service Desk to the Next Level

Learn about The Information Technology Infrastructure Library.

Return on Information: Google Enterprise Search pays you back. Get the facts.

VMware. The source for Business Infrastructure Virtualization.

ShoreTel tells businesses to untangle from competitors' complexity and turn to its brilliantly simple UC solution

Top Five CIO Challenges

Read the RSA report: Security for Business Innovation

64-page prescriptive guide to security, compliance, and IT operations.

A Clear View Toward Virtualization

Virtualization Technology as a Business Solution

RESOURCE CENTER

© 1994 - 2009 CXO Media Inc.