|
 |
 |
 |
 |
 |
 |
 |
 |
  |
|
|
|
|
|
Application examples
Quarantine or isolating an IP host contaminated by virusesDouble firewall
Black list / White list filtering
Analyzing network traffic usage
Charging according to usage
Filtering Applications
Quarantine or isolating an IP host contaminated by viruses
An IP-host contaminated by worms or viruses can be identified and isolated from the others in order to prevent further contamination and other disturbance to the others in the network. The acces is granted only to the pages where a security update is available.
The identification of a contaminated IP host (item 1 in the figure above) can be obtained by measuring the traffic from each IP host with SNE. An exceptionally large continuous outbound traffic indicates a potential problem, especially if the traffic is of unusual kind. For example, a junk mail server uses the mail port and a DDoS attack may include an exceeding amounts of ICMP traffic or very small packets. The identification of a contaminated IP host can also be performed by means of a dedicated security software or hardware (5) readily available and installed in the system.
An integration software (3) reads the measured data, compares the readings with the preset threshold values, and makes the decision whether isolation is required or not.
In order to isolate the contaminated IP host, the integration software rewrites and uploads the configuration file to the SNE(2). The new configuration allows the contaminated IP host to access only a security company homepage (4) for security update and cure for the contamination problem.
The integration software notifies the appropriate parts of the system regarding the new subscriber settings. The subscriber can be informed by sending an SMS message and give instructions to proceed, provided that the contact information is available in the customer database.
Double firewall
Staselog Network Equalizer can be used as company's secondary firewall. It can handle large rule sets with high throughput. Therefore, it is excellent for relieving the main firewall load.
Black list / White list filtering
Open XML interface combined with the ability to handle a large number of firewalling rules makes Staselog Network Equalizer a powerful tool for various black list / white list filtering applications. The black list filtering denies access to the listed IP addresses. The white list allows access only to the listed IP addreses.
Stastistics Applications
Analyzing network traffic usage
Staselog Network Equalizer enables detailed
analysis of network traffic quantities.
One can measure the total network load as well as
single user's or user group's traffic.
The analysis helps to find out what kind of traffic uses the
bandwidth and what kind of bandwidth management settings
would be appropriate. The TOP10 list of IP hosts with largest
outbound traffic helps to identify unauthorized servers or
potential security issues. The P2P servers with a large
amount of upstream traffic can also be spotted, even in case
of encrypted traffic. However, this information is not
required in the congestion elimination since it
is not based on limiting P2P traffic.
Charging according to usage
Network traffic quantities can be exported as XML (or CSV) and the data can be utilized to charge customers according to real network usage. The choice is up to the operator how to use this option. For instance, the monthly fee can be elevated to an upper class when a given transfer quota is exceed. The charging can also be associated to usage of given applications. The measurement feature is useful in companies or communes for sharing the networking cost internally according to the usage.