Exinda v6.1 New Signatures

equableunalaskaΑσφάλεια

9 Δεκ 2013 (πριν από 3 χρόνια και 11 μήνες)

291 εμφανίσεις

© 2002


2011, Exinda Networks Inc. Proprietary & Confidential

Performance You Can See

Exinda v6.1 New Signatures


Patrick Wood

Senior Director Product Management


June 2011

© 2002


2011, Exinda Networks Inc. Proprietary & Confidential

Performance You Can See

Shallow
Packet Inspection


vs
. Deep Packet Inspection


Deep Packet Inspection
(DPI) provides
application awareness by


Analysis of the content in both the
packet header and the payload over a
series of packet transactions


DPI provides the ability to


Analyze network usage


Optimize network performance


Inspects the complete communication
including all layers of the OSI model

© 2002


2011, Exinda Networks Inc. Proprietary & Confidential

Performance You Can See

Visibility
-

Application and Protocol Signatures


Similar to how and x
-
ray
machine identifies hazards in
baggage or how fingerprints are
used to identify
individuals



Signatures are used to identify
applications and protocols.

© 2002


2011, Exinda Networks Inc. Proprietary & Confidential

Performance You Can See

Visibility


Layer 7 Deep Packet
Inspection

Identify Traffic by:



Layer 2


7 of the OSI model
including:


Headers


Protocol Structures


Packet Payload


Actual packet contents
rather than layer 3
-
4
address/port information


Allows finer traffic controls


Reporting & Visibility


Blocking/Discard


Rate Limiting








URL

www.cnn.com

© 2002


2011, Exinda Networks Inc. Proprietary & Confidential

Performance You Can See


Analysing the behaviour of connections using many metrics:


Packet size


Packet frequency


Packet contents (patterns)


Connection frequency


Connections per host


Response times


Port numbers/
ranges



Why Heuristic Inspection?



Encrypted applications like Bit Torrent do not allow DPI to identify the traffic. The
only option is to classify based on behaviour!



Visibility
-

Heuristic Inspection

© 2002


2011, Exinda Networks Inc. Proprietary & Confidential

Performance You Can See


What are new and updated signatures?


Exinda updates classification signatures with every release


Classification engine stays current with changes in WAN traffic and additions of new applications.



Exinda has added 12 new application
signatures



Exinda has updated over 60 existing
signatures



Exinda has added a new custom L7 HTTP signature called “Method”.



HTTP Method allows the creation of a custom application signature based upon how HTTP is
being used (GET, HEAD, POST, PUT, DELETE)



HTTP Method Key Benefit


For example, HTTP POST


A large advertising firm uses this to monitor activity of employees
posting to blogs




New & Updated Signatures
-

Overview

© 2002


2011, Exinda Networks Inc. Proprietary & Confidential

Performance You Can See

New Application Definitions:


ANts P2P (P2P)


BOLT


IM+ (Instant Messaging)


iPlayer (Streaming)


JBK3000 (Middleware)


OperaMini


PCoIP (Thin Client)


Spotify (Streaming)


Tango (VoIP)


Teredo (VPN)


UltraSurf (Anonymous Proxy)


Viber (VoIP)

Improved/Updated Application Definitions
:


AIM


Aimini


Armagetron


Battlefield


Bittorrent


Blackberry


Club Penguin


Dofus


eDonkey


Fiesta


Flash


Florensia


Fring


FTP


Funshion


OpenVPN


Oscar


PalTalk


POP


PPlive


PS3


QQ


Quake


RADIUS


RTCP


RTP


SecondLife


Shoutcast


SIP


Skype


SopCast


SSL


STUN


syslog


Teamspeak


TeamViewer


TOR


UUSee


VeohTV


VPN
-
X


Winny


World of Warcraft


Yahoo


YourFreedom


Zattoo


Gamekit


Gnutella


gTalk


H323


Hamachi


HTTP


Icecast


IMAP


iMesh


Jabber


Maplestory


Meebo


MSN


Netbios


Nimbuzz


Octoshape


New & Updated Signatures
-

Detail

© 2002


2011, Exinda Networks Inc. Proprietary & Confidential

Performance You Can See

END