Spring 2009 Internet2 Member Meeting

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Adapting Low Cost Network Equipment for Internal Network Security Monitoring

Time 04/28/09 04:30PM-05:30PM

Session Abstract

Lawrence Berkeley National Laboratory has installed low-cost
off-the-shelf equipment for internal monitoring, adapted to create a
distributed network of probes that report subnet monitoring information
to a central station for correlation and analysis.

This project has been successful in the detection of malicious systems
scanning within an enterprise, as well as facilitation of a widespread
honeypot deployment, in a very cost-effective, as well as
energy-efficient manner.

As an exciting enhancement, we report our progress in converting this
infrastructure into a network of transparent network layer-2 bridges,
essentially giving a master node full network connectivity into internal
subnets, thus allowing for easy centralized deployment of honeypot,
Intrusion Detection and Network Access Control applications internally
in an Enterprise network.

Finally, we discuss the challenges and benefits of this innovative
technology and present a roadmap for future advances in this area.


Speaker Jim Mellander Lawrence Berkeley National Laboratory

Presentation Media

media item thumbnail Deployment of Commodity Network Probes at LBNL (pdf)

Speaker Michael LaHaye Internet2

Speaker Jim Mellander Lawrence Berkeley National Laboratory

Secondary tracks System and Network Security for Advanced Networks

gold Sponsors