Session Abstract

This talk will cover the network monitoring infrastructure at Indiana University. Our NIDS setup provides visibility on multiple links at speeds ranging from 10G to 100G, feeding Bro and Suricata nodes to provide network forensics and signature-based intrusion detection.

We will also discuss the challenges of network security monitoring at high speeds. This will cover tapping and aggregation tools and our use of filters, flow shunting, and traffic deduplication policies to reduce load on network monitoring hardware.