NOC & SOC
SUBMIT BY :
Vivek Hans
Jiwateshwar Singh
NOC
A network operations center (NOC) is a place from which administrators supervise, monitor and maintain a telecommunications network. Large enterprises with large networks as well as large network service providers typically have a network operations center, a room containing visualizations of the network or networks that are being monitored, workstations at which the detailed status of the network can be seen, and the necessary software to manage the networks.
WHY NOC???
Increase Network Availability Decrease Staffing & Training Requirements Optimize your Network’s Bandwidth Utilization
and Performance Improve Productivity while Decreasing
Operational Costs
WHAT IT PROVIDES….
24x7x365 Monitoring Problem Detection, Resolution and Notification Performance Management Network Optimization Software Maintenance Upgrades Configuration Backups Trouble Tickets, Status, Performance & Utilization
Reports are all available via the Internet
Additional Services
Information Technology Infrastructure
– Network Design and Implementation– Server Configuration– Internet Access– Firewalls– Virtual Private Networks– Wireless Access
Web Hosting & Page Design
SOHO Cable/DSL and Network Installations
SOC
A Security Operations Center (SOC) is a centralized unit in an organization that deals with security issues, on an organizational and technical level.
It attempts to prevent unauthorized access and manage security related incidents using processes and procedures
SOC……
Mission is risk management through centralized analysis using the combined resources consisting of personnel, dedicated hardware and specialized software
These systems operate constantly. These resources offer continuous risk analysis and guarantee protection against intrusion
Possible SOC services
Proactive analysis & system management Security device management Reporting Security alert DDOS mitigation Security assessment Technical assistance
Proactive analysis and system management
This security system provides proactive analysis of the systems and security devices of a system (intrusion detectionsystems /IDS , intrusion prevention systems/IPS, firewalls, etc).
This anti-intrusion system offers centralized management of security. Personnel need only concern themselves with the functions of
monitoring tools, rather than the complexity of any device under scrutiny.
Tools used by the SOC must be is scalable. For example, adding a new IDS to those already existing.
The SOC also performs policy management, including remote policy management.
Configuration of devices and security policies must be constantly updated as the system grows and evolves
Security device management
The security device management (SDM) service is composed of the following elements:
Fault management The main objective of fault management is to ensure
the continuous operation of the security infrastructure. The activity includes:
- Monitoring of client security devices - Fault Detection and Signaling - Fault Reporting - Corrective action determination - Corrective action implementation - System recovery (if necessary)
Security device management
Configuration management The main objective of configuration management is to ensure the
continuous enforcement of firewall rules tailored to customer needs. It applies to all equipment managed by the SOC and includes data packet discard / acceptance rules between an external source and an internal destination (or vice versa) based on:
– Source address.– Destination address.– Network protocol.– Service protocol.– Traffic log.
Configuration management may be performed remotely (remote configuration management)
Reporting
Logs generated by various system components are consolidated and reformatted into an easily understandable report for the customer. This reporting is particularly important because, besides providing details of any possible intrusion by unauthorized parties or accidents, may also allow the customer to take preventative action.
Security Alert
The security alert service is designed to notify customers in timely fashion of the discovery of new vulnerabilities in such a way that countermeasures can be effected in time upon an attack to mitigate or negate the impact of the attack.
Security assessment
It Includes :- Vulnerability assessment
– The vulnerability assessment searches for known vulnerabilities of systems and software installed. This is carried out through specific technologies that are configured and customized for each assessment
Penetration test– The penetration test is performed to isolate and exploit known or
unknown vulnerabilities of systems, services and installed web applications. It attempts to quantify the threat level represented on each system and the impact. This activity is carried out either through a number of technologies that are configured and customized per assessment, or manually for each service, system, and application.
Distributed denial of service (DDOS) mitigation
The DDOS Mitigation attempts to mitigate the effects of a denial of service attack directed at a critical function of a client’s web infrastructure. It receives notification of an attack on a client service. Countermeasures are activated and evaluated. Traffic is ‘cleaned’ and re-re-routed. An ‘end-of-attack notification’ is reported and logged.
Penetration test
The penetration test is performed to isolate and exploit known or unknown vulnerabilities of systems, services and installed web applications. It attempts to quantify the threat level represented on each system and the impact. This activity is carried out either through a number of technologies that are configured and customized per assessment, or manually for each service, system, and application.
Technical assistance
The SOC can provide general technical assistance for any issue regarding system operation, system violations, system update, security hardware and software update and configuration. Technical assistance can be provided remotely or on-site depending on the level of service.
Difference B/w SOC & NOC
NOC’s purpose has always been to ensure "power, ping, and pipe" to computing resources and is critically measured on uptime Service Level Agreements (SLAs). Conversely, the SOC’s purpose has been to "protect, detect, react, and recover" and is critically measured on response time SLAs. Combined, these Operations serve as both central nervous and immune systems to ensure the availability and integrity of IT assets
THANKS