Understanding the problem is one step closer to resolving it. Get the insight to your IT infrastructure with us.

blackstartΔίκτυα και Επικοινωνίες

26 Οκτ 2013 (πριν από 3 χρόνια και 11 μήνες)

113 εμφανίσεις


Confidential Information



Page:
1

of
5



blackstart_013170f3
-
afc3
-
4af7
-
890f
-
e021b7aa7756.doc


Traffic Analysis Report



Understanding the problem is one step closer to resolving it.


Get the insight to your IT infrastructure with us.



Introduction


Paraphora

is working with Jwelex India to introduce the Remote IT Infrastructure Management
service
s to streamline the IT infrastructure activities for the Jwelex India. Mr. Hitesh Shah and Mr.
Ketan Shah are the key people who are managing the IT infrastructure to maintain the highest
level of availability and to keep up with the upcoming technology fo
r J
e
welex India. The
Jewelex

team has provided in
-
depth understanding of the It infrastructure located at
Jewelex

India,
SPPEZ
location.


There are various issues faced in the history and the recent past with
respect

to the Internet
access, eMail servers,
internal

applications etc. Paraphora has conducted a traffic analysis to
study the current traffic patterns and conditions on the network at
Jewelex

SEEPZ office and
following document describes the findings of this study.

This will also server as the Phas
e
-

I to
implement the Remote IT Infrastructure Management services.



Recent Issues


As it happens with most of the IT environments with growing complexities and dependencies,
there are certain issues brought forward by the
Jewelex

team. There were few in
cidents of
Internet slow down or complete outages of the internet access. This also might have affected the
internet dependent services such as email, web hosting, remote access etc. These issues may
be related to the firewall, ISP link, or other network d
evices. Also, there are concerns about the
internal network slow down due to unknown reasons.



Process


Paraphora team has conducted preliminary audit onsite and also captured sample traffic patterns
for 15 minutes interval on Internet link as well as on
the Core Switch connecting to the application
servers. Traffic captures were analyzed and detail reports were generated to
understand pain
areas and any unwanted, unnecessary or unidentified communications on the network.



Network Layout



Internet

SEEPZ

Unit I

MIDC

Unit

SEEPZ

Unit I
I

(Data Center)

Fiber link

2 Mbps link


Confidential Information



Page:
2

of
5



blackstart_013170f3
-
afc3
-
4af7
-
890f
-
e021b7aa7756.doc

Repor
t and Analysis


The report is divided
into two sections;


S
ection


I


focused on the Internet traffic
and
MIDC
WAN location analysis


Section



II

focused on the LAN traffic

analysis


Section


I


Major traffic flow on the internet is outbound, inbound
traffic limited to the mail and remote access
users using Citrix application
. All the traffic flowing through the
Cisco
-
1701 router is traversing
through the Linux firewall.
Traffic distribution
pattern
is displayed in
F
igure



1
.



Figure


1
:
WAN Traffi
c distribution












Confidential Information



Page:
3

of
5



blackstart_013170f3
-
afc3
-
4af7
-
890f
-
e021b7aa7756.doc

Major WAN bandwidth over the 2Mbps link to MIDC location is used by the client server
application
hosted over the server “192.168.100.240”
access by the MIDC location users over the
“exec” protocol using TCP port 512,
Figure


2
. This application is used by all the users in
Jewelex

over the LAN and WAN, further analysis to optimize this traffic will require studying the
application in details and recommend various scenarios based on current infrastructure and the
future roadmap.

There are other applications such as Microsoft Directory Services
, LDAP and
other generic applications hosted on 192.168.100.10 and 192.168.100.11.



Figure


2

: MIDC WAN Link









The WAN link is also used by MIDC users to access internet through t
he HTTP proxy server
hosted on the server “192.168.100.4”

see
Figure


3
.



Figure


2

: HTTP Proxy






Internet bandwidth is used mainly for browsing the internet, mail servers and remote access
users. Major internet traffic consists of
HTTP/HTTP
-
Proxy,

SMTP

and Citrix Remote Access
solution. The traffic distribution
for

these individual protocols is
described

in
Fi
gure


4
.

There are
other generic applications which may increase the vulnerability of the internal network.
Applications such as Kazaa (file

Sharing), Nessus, Epma, etc. are being used over the network
by various users which should ideally be blocked at the firewall or by applying appropriate
antivirus, anti
-
spyware solutions and
secured group

policies.


Confidential Information



Page:
4

of
5



blackstart_013170f3
-
afc3
-
4af7
-
890f
-
e021b7aa7756.doc

Figure


4
a

:

SMTP
Traffic








Fig
ure


4b

:

HTTP Traffic







Figure


4c

:

Miscellaneous Traffic


Kazaa



Remote Registry Access




Confidential Information



Page:
5

of
5



blackstart_013170f3
-
afc3
-
4af7
-
890f
-
e021b7aa7756.doc

Nessus




Section


II


The traffic analysis for the LAN
is limited to the traffic traversing the Cisco 3500 core switch. It
was conducted by capturing

the traffic on the core switch connecting the servers and uplink to the
floor switches. Th
ere are 2 Cisco 3500 series, 3 D
-
link 10266 and 1 3
-
Com switch in the
Jewelex

LAN
Infrastructure
connecting the users and the application servers. The Cisco 3500 swi
tches
are the only managed devices on the LAN.


There are various applicatio
ns being accessed over the LAN.

The LAN traffic is distributed into
the Client/Sever application, mail, Microsoft DS, Name Server, NetBIOS, DHCP
, File Sharing

and
IPX. There are ma
ny
TCP/UDP
broadcast applications and services running on the network
which are generating unnecessary traffic on the LAN.


Amongst other standard applications the IPX
protocol

is also noticed on the network.
Figure


5

displays the list of hosts found gen
erating IPX traffic on the network. These hosts can be tracked
using the MAC address from the IPX address table.


Figure


5

:

IPX Traffic





Local network efficiency and security can be improved by structured and segmented network
segments based on User

groups, Applications, Departmental users etc. The network can also be
optimized by server hardening and configuring group policies on the network to restrict the
unsolicited traffic and applications from accessing the network resources. Network and
applic
ations audit will provide more insight into the status of the individual resources operating
over the IT Infrastructure.



Recommendation


Since
Jewelex

India is in the process of restructuring their IT Infrastructure resources and
network architecture, co
nsidering more secured and policy driven approach to build the network
and applications solutions during design phase is recommended.