NOC & SOC

SUBMIT BY :

Vivek Hans

Jiwateshwar Singh

NOC

A network operations center (NOC) is a place from which administrators supervise, monitor and maintain a telecommunications network. Large enterprises with large networks as well as large network service providers typically have a network operations center, a room containing visualizations of the network or networks that are being monitored, workstations at which the detailed status of the network can be seen, and the necessary software to manage the networks.

WHY NOC???

Increase Network Availability Decrease Staffing & Training Requirements Optimize your Network’s Bandwidth Utilization

and Performance Improve Productivity while Decreasing

Operational Costs

WHAT IT PROVIDES….

24x7x365 Monitoring Problem Detection, Resolution and Notification Performance Management Network Optimization Software Maintenance Upgrades Configuration Backups Trouble Tickets, Status, Performance & Utilization

Reports are all available via the Internet

Additional Services

Information Technology Infrastructure

– Network Design and Implementation– Server Configuration– Internet Access– Firewalls– Virtual Private Networks– Wireless Access

Web Hosting & Page Design

SOHO Cable/DSL and Network Installations

SOC

A Security Operations Center (SOC) is a centralized unit in an organization that deals with security issues, on an organizational and technical level.

It attempts to prevent unauthorized access and manage security related incidents using processes and procedures

SOC……

Mission is risk management through centralized analysis using the combined resources consisting of personnel, dedicated hardware and specialized software

These systems operate constantly. These resources offer continuous risk analysis and guarantee protection against intrusion

Possible SOC services

Proactive analysis & system management Security device management Reporting Security alert DDOS mitigation Security assessment Technical assistance

Proactive analysis and system management

This security system provides proactive analysis of the systems and security devices of a system (intrusion detectionsystems /IDS , intrusion prevention systems/IPS, firewalls, etc).

This anti-intrusion system offers centralized management of security. Personnel need only concern themselves with the functions of

monitoring tools, rather than the complexity of any device under scrutiny.

Tools used by the SOC must be is scalable. For example, adding a new IDS to those already existing.

The SOC also performs policy management, including remote policy management.

Configuration of devices and security policies must be constantly updated as the system grows and evolves

Security device management

The security device management (SDM) service is composed of the following elements:

Fault management The main objective of fault management is to ensure

the continuous operation of the security infrastructure. The activity includes:

- Monitoring of client security devices - Fault Detection and Signaling - Fault Reporting - Corrective action determination - Corrective action implementation - System recovery (if necessary)

Security device management

Configuration management The main objective of configuration management is to ensure the

continuous enforcement of firewall rules tailored to customer needs. It applies to all equipment managed by the SOC and includes data packet discard / acceptance rules between an external source and an internal destination (or vice versa) based on:

– Source address.– Destination address.– Network protocol.– Service protocol.– Traffic log.

Configuration management may be performed remotely (remote configuration management)

Reporting

Logs generated by various system components are consolidated and reformatted into an easily understandable report for the customer. This reporting is particularly important because, besides providing details of any possible intrusion by unauthorized parties or accidents, may also allow the customer to take preventative action.

Security Alert

The security alert service is designed to notify customers in timely fashion of the discovery of new vulnerabilities in such a way that countermeasures can be effected in time upon an attack to mitigate or negate the impact of the attack.

Security assessment

It Includes :- Vulnerability assessment

– The vulnerability assessment searches for known vulnerabilities of systems and software installed. This is carried out through specific technologies that are configured and customized for each assessment

Penetration test– The penetration test is performed to isolate and exploit known or

unknown vulnerabilities of systems, services and installed web applications. It attempts to quantify the threat level represented on each system and the impact. This activity is carried out either through a number of technologies that are configured and customized per assessment, or manually for each service, system, and application.

Distributed denial of service (DDOS) mitigation

The DDOS Mitigation attempts to mitigate the effects of a denial of service attack directed at a critical function of a client’s web infrastructure. It receives notification of an attack on a client service. Countermeasures are activated and evaluated. Traffic is ‘cleaned’ and re-re-routed. An ‘end-of-attack notification’ is reported and logged.

Penetration test

The penetration test is performed to isolate and exploit known or unknown vulnerabilities of systems, services and installed web applications. It attempts to quantify the threat level represented on each system and the impact. This activity is carried out either through a number of technologies that are configured and customized per assessment, or manually for each service, system, and application.

Technical assistance

The SOC can provide general technical assistance for any issue regarding system operation, system violations, system update, security hardware and software update and configuration. Technical assistance can be provided remotely or on-site depending on the level of service.

Difference B/w SOC & NOC

NOC’s purpose has always been to ensure "power, ping, and pipe" to computing resources and is critically measured on uptime Service Level Agreements (SLAs). Conversely, the SOC’s purpose has been to "protect, detect, react, and recover" and is critically measured on response time SLAs. Combined, these Operations serve as both central nervous and immune systems to ensure the availability and integrity of IT assets

THANKS