DOCSLIB.ORG

LISA14 Proceedings Interior

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
LISA14 Proceedings Interior USENIX Association Proceedings of the 28th Large Installation System Administration Conference (LISA14) November 9–14, 2014 Seattle, WA Conference Organizers Program Chair Workshops Coordinator Nicole Forsgren Velasquez, Utah State University Cory Lueninghoener, Los Alamos National Laboratory Content Coordinators USENIX Board Liaisons Amy Rich, Mozilla Corporation David Blank-Edelman, Northeastern University College Adele Shakal, Cisco of Computer and Information Science Carolyn Rowland, NIST Research Committee Co-Chairs Kyrre Begnum, Oslo University College of USENIX Training Program Manager Applied Sciences Rik Farrow, Security Consultant Marc Chiarini, MarkLogic Corporation Tutorial Coordinators Research Committee Thomas A. Limoncelli, Stack Exchange, Inc. Theophilus Benson, Duke University Matthew Simmons, Northeastern University Adam Oliner, University of California, Berkeley and Kuro Labs LISA Lab Chair Paul Krizak, Qualcomm, Inc. Invited Talks Coordinators Patrick Cable, MIT Lincoln Laboratory LISA Lab Coordinator Chris McEniry, Sony Network Entertainment Doug Hughes, D. E. Shaw Research, LLC Matthew Simmons, Northeastern University LISA Build Coordinators Branson Matheson, Blackphone Invited Talks Committee Brett Thorsen, Cranial Thunder Solutions John Looney, Google, Inc. Branson Matheson, Blackphone Local Chair Gareth Rushgrove, Puppet Labs Lee Damon, University of Washington Jeffrey Snover, Microsoft THE USENIX Staff Mandi Walls, Chef John Willis, Stateless Networks Lightning Talks Coordinator Lee Damon, University of Washington External Reviewers Paul Armstrong Matt Disney Adam Moskowitz Yanpei Chen Suzanne McIntosh Josh Simon Jennifer Davis Dinah McNutt Guanying Wu Proceedings of the 28th Large Installation System Administration Conference (LISA14) Message from the Program Chair . v Wednesday, November 12, 2014 Head in the Clouds HotRestore: A Fast Restore System for Virtual Machine Cluster . 1 Lei Cui, Jianxin Li, Tianyu Wo, Bo Li, Renyu Yang, Yingjie Cao, and Jinpeng Huai, Beihang University Compiling Abstract Specifications into Concrete Systems—Bringing Order to the Cloud . .17 Ian Unruh, Alexandru G. Bardas, Rui Zhuang, Xinming Ou, and Scott A. DeLoach, Kansas State University An Administrator’s Guide to Internet Password Research . .35 Dinei Florêncio and Cormac Herley, Microsoft Research; Paul C. van Oorschot, Carleton University Who Watches? Analyzing Log Analysis: An Empirical Study of User Log Mining . .53 S. Alspaugh, University of California, Berkeley and Splunk Inc.; Beidi Chen and Jessica Lin, University of California, Berkeley; Archana Ganapathi, Splunk Inc.; Marti A. Hearst and Randy Katz, University of California, Berkeley Realtime High-Speed Network Traffic Monitoring Using ntopng . .69 Luca Deri, IIT/CNR and ntop; Maurizio Martinelli, IIT/CNR; Alfredo Cardigliano, ntop Towards Detecting Target Link Flooding Attack . .81 Lei Xue, The Hong Kong Polytechnic University; Xiapu Luo, The Hong Kong Polytechnic University Shenzen Research Institute; Edmond W. W. Chan and Xian Zhan, The Hong Kong Polytechnic University Thursday, November 13, 2014 High Speed Automatic and Dynamic Configuration of Data Compression for Web Servers . .97 Eyal Zohar, Yahoo! Labs; Yuval Cassuto, Technion—Israel Institute of Technology The Truth About MapReduce Performance on SSDs . 109 Karthik Kambatla, Cloudera Inc. and Purdue University; Yanpei Chen, Cloudera Inc. ParaSwift: File I/O Trace Modeling for the Future . .119 Rukma Talwadker and Kaladhar Voruganti, NetApp Inc. Wednesday, November 12, 2014 Poster Session Pedagogical Framework and Network Laboratory Management Tool for Practical Network Administration Education . .133 Zahid Nawaz, University of Oslo An Investigation of Cultural and Organizational Impacts on EKR Use and EKR Use Outcomes Among System Administrators at NASA . .135 Nicole Forsgren, Utah State University; E. Branson Matheson III, Blackphone Linux NFSv4 .1 Performance Under a Microscope . .137 Ming Chen, Stony Brook University; Dean Hildebrand, IBM Research—Almaden; Geoff Kuenning, Harvey Mudd College; Soujanya Shankaranarayana, Stony Brook University; Vasily Tarasov, Stony Brook University and IBM Research—Almaden; Arun O. Vasudevan and Erez Zadok, Stony Brook University; Ksenia Zakirova, Harvey Mudd College Demand-Provisioned Linux Containers for Private Network Access . .139 Patrick T. Cable II, MIT Lincoln Laboratory Virtual Interfaces for Exploration of Heterogeneous & Cloud Computing Architectures . 141 Hal Martin and Wayne G. Lutters, University of Maryland Time-Synchronized Visualization of Arbitrary Data Streams for Real-Time Monitoring and Historical Analysis . .143 Paul Z. Kolano, NASA Ames Research Center Formalising Configuration Languages: Why is this Important in Practice? . 145 Paul Anderson and Herry Herry, University of Edinburgh Message from the LISA14 Program Chair Welcome to LISA14! This marks the 28th meeting of the USENIX Large Installation System Administration Conference, and I’m pleased to present this year’s program and proceedings. This year, we shook things up a bit, pulling together all aspects of the LISA conference under coordination of the Chair. This resulted in a carefully curated program with content that spans tutorials, workshops, and technical talks, providing attendees with the opportunity to tailor the conference to their needs. We’re excited about the coordinated content and the tracks, and we think you will be, too. Of course, I could not have done this without a fantastic team of conference organizers who coordinated content across several areas to deliver the amazing program you see here. I would also like to thank those who contributed directly to the program: authors, shepherds, external reviewers, speakers, tutorial instructors, attendees, the LISA Build team, USENIX Board of Directors liaisons, and the USENIX staff. I would also like to personally thank USENIX Executive Director Casey Henderson for her support as we chartered new territory in conference organiza- tion, and for securing Diet Coke for the conference venue. Casey has been wonderful to work with and a true team- mate and colleague. This year, the conference accepted nine peer-reviewed full research papers, resulting in an acceptance rate of 31%. The conference also accepted nine peer-reviewed posters, which appear in the conference proceedings as extended abstracts. This adds to USENIX’s considerable body of peer-reviewed published work. To foster interaction and discussion among the LISA community and to extend the reach and engagement of our research papers, all of our accepted papers have been invited to present a poster in addition to their paper presentation. We hope our attendees will take the opportunity to learn about the cutting-edge research that is happening in systems administration, and find out how it might affect their work in the months and years to come. I am very proud of this year’s program and hope you enjoy the conference. Most importantly, I hope you also enjoy the hallway track; say “hi” to old friends and meet some new ones. Don’t be afraid to introduce yourself to someone new! The strength of LISA lies in you, the attendees, and in the discussions and technical conversations that happen between sessions. Nicole Forsgren Velasquez, Utah State University LISA14 Program Chair USENIX Association 28th Large Installation System Administration Conference (LISA14) v HotRestore: A Fast Restore System for Virtual Machine Cluster Lei Cui, Jianxin Li, Tianyu Wo, Bo Li, Renyu Yang, Yingjie Cao, Jinpeng Huai State Key Laboratory of Software Development Environment Beihang University, China cuilei, lijx, woty, libo, yangry, caoyj @act.buaa.edu.cn huaijp @buaa.edu.cn { } { } Abstract ability of applications running inside the VMC. There are many approaches for reliability enhancement in vir- A common way for virtual machine cluster (VMC) to tualized environment. Snapshot/restore [25, 39, 40, 37] tolerate failures is to create distributed snapshot and then is the most widely used one among them. It saves the restore from the snapshot upon failure. However, restor- running state of the applications periodically during the ing the whole VMC suffers from long restore latency due failure-free execution. Upon a failure, the system can re- to large snapshot files. Besides, different latencies would store the computation from a recorded intermediate state lead to discrepancies in start time among the virtual ma- rather than the initial state, thereby significantly reducing chines. The prior started virtual machine (VM) thus can- the amount of lost computation. This feature enables the not communicate with the VM that is still restoring, con- system administrators to recover the system and imme- sequently leading to the TCP backoff problem. diately regain the full capacity in the face of failures. In this paper, we present a novel restore approach In the past decades, several methods have been pro- called HotRestore, which restores the VMC rapidly with- posed to create distributed snapshot of VMC, and most out compromising performance. Firstly, HotRestore re- of them aim to guarantee the global consistency whilst stores a single VM through an elastic working set which reducing the overhead such as downtime, snapshot size, prefetches the working set in a scalable window size, duration, etc [11, 25, 14]. However, restoring the VM- thereby reducing the restore latency. Second, HotRe- C has received less attention probably because restora- store constructs the communication-induced restore de-
Load more

Recommended publications
  • Protecting Location Privacy Fromuntrusted Wireless Service
    Protecting Location Privacy from Untrusted Wireless Service Providers Keen Sung Brian Levine Mariya Zheleva University of Massachusetts Amherst University of Massachusetts Amherst University at Albany, SUNY [email protected] [email protected] [email protected] ABSTRACT 1 INTRODUCTION Access to mobile wireless networks has become critical for day- When mobile users connect to the Internet, they authenticate to a to-day life. However, it also inherently requires that a user’s geo- cell tower, allowing service providers such as Verizon and AT&T graphic location is continuously tracked by the service provider. to store a log of the time, radio tower, and user identity [69]. As It is challenging to maintain location privacy, especially from the providers have advanced towards the current fifth generation of provider itself. To do so, a user can switch through a series of iden- cellular networks, the density of towers has grown, allowing these tifiers, and even go offline between each one, though it sacrifices logs to capture users’ location with increasing precision. Many users utility. This strategy can make it difficult for an adversary to per- are persistently connected, apprising providers of their location all form location profiling and trajectory linking attacks that match day. Connecting to a large private Wi-Fi network provides similar observed behavior to a known user. information to its administrators. And some ISPs offer cable, cellular, In this paper, we model and quantify the trade-off between utility and Wi-Fi hotspots as a unified package. and location privacy. We quantify the privacy available to a com- While fixed user identifiers are useful in supporting backend munity of users that are provided wireless service by an untrusted services such as postpaid billing, wireless providers’ misuse of provider.
    [Show full text]
  • Monitoring Network Traffic Using Ntopng
    Monitoring Network Traffic using ntopng Luca Deri <[email protected]> © 2013 - ntop.org Outlook • What are the main activities of ntop.org ? • ntop’s view on network monitoring. • From ntop to ntopng. • ntopng architecture and design. • Using ntopng. • Advanced monitoring with ntopng. • Future roadmap items. "2 © 2013 - ntop.org About ntop.org [1/2] • Private company devoted to development of open source network traffic monitoring applications. • ntop (circa 1998) is the first app we released and it is a web-based network monitoring application. • Today our products range from traffic monitoring, high-speed packet processing, deep-packet inspection, and IDS/IPS acceleration. "3 © 2013 - ntop.org About ntop.org [2/2] • Our software is powering many commercial products... "4 © 2013 - ntop.org ntop Goals • Provide better, yet price effective, traffic monitoring solution by enabling users to have increased traffic visibility. • Go beyond standard metrics and increase traffic visibility by analysing key protocols in detail. • Provide users comprehensive and accurate traffic reports able to offer at a fraction of price what many commercial products do together. • Promote open-source software, while protecting selected IPRs. "5 © 2013 - ntop.org ntop’s Approach to Traffic Monitoring • Ability to capture, process and (optionally) transmit traffic at line rate, any packet size. • Leverage on modern multi-core/NUMA architectures in order to promote scalability. • Use commodity hardware for producing affordable, long-living (no vendor lock), scalable (use new hardware by the time it is becoming available) monitoring solutions. • Use open-source to spread the software, and let the community test it on unchartered places. "6 © 2013 - ntop.org Some History • In 1998, the original ntop has been created.
    [Show full text]
  • Ntopng User's Guide
    ! !!" ! ! ! ! ! ! ! ! ! ! ! ! ntopng User’s Guide" High-Speed Web-based Traffic Analysis and Flow Collection " ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! Version 1.2" August 2014!" ! ! © 1998-14 - ntop.org" ntopng User’s Guide v.1.2 1.Table of Contents" ! 1. What’s New?"......................................................................................3" 2.It’s time for a completely new ntop."............................................................5" 3. Introduction"..............................................................................................6" 3.1. The main design principles"................................................................7" 3.2. What ntopng can do for me?"..............................................................7" 3.3. ntopng Architecture"..........................................................................9" 3.4. Download ntopng"............................................................................10" 4.Using ntopng"...........................................................................................11" 4.1. Compiling ntopng Source Code".......................................................11" 4.2. Installing a Binary ntopng"................................................................11" 4.3. ntopng Command Line Options".......................................................11" 4.4. ntopng on Windows".........................................................................16" 5. API Scripting Lua".....................................................................................18"
    [Show full text]
  • SGP Technologies Et INNOV8 Annoncent Le Lancement En Avant-Première Mondiale Du Smartphone BLACKPHONE Dans Les Boutiques LICK
    PRESS RELEASE SGP Technologies et INNOV8 annoncent le lancement en avant-première mondiale du smartphone BLACKPHONE dans les boutiques LICK Paris (France) / Geneva (Suisse), 5 Juin 2014. Blackphone, le premier smartphone qui permet la sécurité de la vie privée des utilisateurs, sera lancé en avant-première cet été en France chez LICK, 1er réseau de boutiques 2.0 dédié aux objets connectés. SGP Technologies (Joint-Venture entre Silent Circle et Geeksphone) créateur du BLACKPHONE a choisi le groupe INNOV8, pour dévoiler le premier smartphone qui respecte la vie privée, à l’occasion de l’ouverture de LICK (Groupe INNOV8), le premier réseau de boutiques 2.0 dédié aux objets connectés, le 5 juin au Concept Store des 4 Temps à la Défense. Dès cet été, LICK sera le premier réseau de magasins autorisé à distribuer cette innovation technologique. La distribution sera ensuite ouverte à d’autres canaux en France via Extenso Telecom (Leader de la distribution de smartphones, accessoires et objets connectés en France) afin de proposer au plus grand nombre cette innovation technologique en phase avec les attentes des clients soucieux du respect de leur vie privée et de leur sécurité. "La France est connue pour être très ouverte à l’innovation. Nous sommes heureux de travailler avec le groupe INNOV8 pour lancer le Blackphone sur ce marché important en Europe et d'offrir aux utilisateurs de smartphones une solution inégalée pour la protection de leur vie privée et de leur sécurité», a déclaré Tony Bryant, VP Sales de SGP Technologies. « Nous sommes convaincus que la technologie devient un véritable style de vie.
    [Show full text]
  • Rethinking Hyper- Converged Infrastructure for Edge Computing
    OpenInfra Days Shanghai 2019 Rethinking Hyper- Converged Infrastructure for Edge Computing Feng Li (李枫) [email protected] Nov 5,2019 Agenda I. Edge Computing Overview Outstanding Platforms Status, Trend, and HCI Summary II. Overall Design Design Goals & Principles Hardware Platform Why is eBPF eBPF Development III. Testbed Development Boards Software Platform Development Model IV. Computing, Networking, Storage HPC Networking ntopng DRedis Rethink Lightweight Storage Solutions V. Containerization, Services, and DevOps Kata Container Lightweight Kubernetes Cilium In-Kernel Services VI. Distributed Framework Ray My Practice VII. Messaging & RPC gRPC & Protobuf Rethink In-Kernel Messaging VIII. Data Processing Apache Arrow Lightweight Solution IX. Artificial Intelligence Trends TVM ARM NN My Practice X. Monitoring, Tuning, and Debugging Extending LISA Extending ntopng My Practice XI. Security Reference Design Hardware-Software Co-designed System Security XII. Miscs New Python Runtime FPGA XIII.eBPF-centric New Design Software Architecture XIV.Wrap-up I. Edge Computing 1) Overview https://en.wikipedia.org/wiki/Edge_computing a distributed computing paradigm which brings computation and data storage closer to the location where it is needed, to improve response times and save bandwidth.… https://www.networkworld.com/article/3224893/what-is-edge- computing-and-how-it-s-changing-the-network.html a way to streamline the flow of traffic from IoT devices and provide real-time local data analysis Intelligent
    [Show full text]
  • ETSI TR 102 659-1 V1.2.1 (2009-10) Technical Report
    ETSI TR 102 659-1 V1.2.1 (2009-10) Technical Report GRID; Study of ICT Grid interoperability gaps; Part 1: Inventory of ICT Stakeholders 2 ETSI TR 102 659-1 V1.2.1 (2009-10) Reference RTR/GRID-0001-1[2] Keywords analysis, directory, ICT, interoperability, testing ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice Individual copies of the present document can be downloaded from: http://www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http://portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media.
    [Show full text]
  • RELEASE NOTES UFED PHYSICAL ANALYZER, Version 5.0 | March 2016 UFED LOGICAL ANALYZER
    NOW SUPPORTING 19,203 DEVICE PROFILES +1,528 APP VERSIONS UFED TOUCH, UFED 4PC, RELEASE NOTES UFED PHYSICAL ANALYZER, Version 5.0 | March 2016 UFED LOGICAL ANALYZER COMMON/KNOWN HIGHLIGHTS System Images IMAGE FILTER ◼ Temporary root (ADB) solution for selected Android Focus on the relevant media files and devices running OS 4.3-5.1.1 – this capability enables file get to the evidence you need fast system and physical extraction methods and decoding from devices running OS 4.3-5.1.1 32-bit with ADB enabled. In addition, this capability enables extraction of apps data for logical extraction. This version EXTRACT DATA FROM BLOCKED APPS adds this capability for 110 devices and many more will First in the Industry – Access blocked application data with file be added in coming releases. system extraction ◼ Enhanced physical extraction while bypassing lock of 27 Samsung Android devices with APQ8084 chipset (Snapdragon 805), including Samsung Galaxy Note 4, Note Edge, and Note 4 Duos. This chipset was previously supported with UFED, but due to operating system EXCLUSIVE: UNIFY MULTIPLE EXTRACTIONS changes, this capability was temporarily unavailable. In the world of devices, operating system changes Merge multiple extractions in single unified report for more frequently, and thus, influence our support abilities. efficient investigations As our ongoing effort to continue to provide our customers with technological breakthroughs, Cellebrite Logical 10K items developed a new method to overcome this barrier. Physical 20K items 22K items ◼ File system and logical extraction and decoding support for iPhone SE Samsung Galaxy S7 and LG G5 devices. File System 15K items ◼ Physical extraction and decoding support for a new family of TomTom devices (including Go 1000 Point Trading, 4CQ01 Go 2505 Mm, 4CT50, 4CR52 Go Live 1015 and 4CS03 Go 2405).
    [Show full text]
  • Why “Mobile” Security Is the Hardest Security
    Tufts University School of Engineering COMP 111 - Security Why “Mobile” Security is the Hardest Security By Kevin Dorosh Abstract Tech-savvy people understand that Android is less safe than iPhone, but most don’t understand how glaring cell phone security is across the board. Android’s particularly lackluster performance is exemplified in the MAC address randomization techniques employed to prevent others from being able to stalk your location through your mobile device. MAC address randomization was introduced by Apple in June of 2014 and by Google in 2015, although (glaringly) only 6% of Android devices today currently have this tech [3]. Sadly, in devices with the tech enabled, the Karma attack can still be exploited. Even worse, both iOS and Android are susceptible to RTS (request to send frame) attacks. Other power users have even seen success setting up desktop GSM towers as intermediaries between mobile devices and real cell phone towers to gather similar information [5]. This paper attempts to explain simple techniques to glean information from other mobile phones that can be used for nefarious purposes from stalking to identity fraud, but also by government agencies to monitor evildoers without their knowledge. As this paper should make clear, mobile security is far more difficult than “stationary security”, for lack of a better term. Even worse, some of these flaws are problems exist with the Wi-Fi protocol itself, but we will still offer solutions to mitigate risks and fix the protocols. As we do more on our phones every day, it becomes imperative that we understand and address these risks.
    [Show full text]
  • Network Traffic and Security Monitoring Using Ntopng and Influxdb
    Network Traffic and Security Monitoring Using ntopng and InfluxDB Luca Deri <[email protected]> @lucaderi © 2018 - ntop.org 1 Part I: Welcome to ntopng © 2018 - ntop.org 2 About Me • (1997) Founder of the ntop.org project with the purpose of creating a simple, and open source web-based traffic monitoring application. • Lecturer at the University of Pisa, Italy. • Author of various open source projects ◦n2n: peer-to-peer layer 2 VPN. ◦nDPI: deep-packet-inspection library. ◦PF_RING: high-speed packet capture and transmission. © 2018 - ntop.org 3 About ntop.org • ntop develops open source network traffic monitoring applications. • ntop (circa 1998) is the first app we released and it is a web-based network monitoring application. • Today our products range from traffic monitoring, high-speed packet processing, deep-packet inspection, and IDS/IPS acceleration (bro and suricata). © 2018 - ntop.org 4 ntop’s Approach to Traffic Monitoring • Ability to capture, process and (optionally) transmit traffic at line rate, any packet size. • Leverage on modern multi-core/NUMA architectures in order to promote scalability. • Use commodity hardware for producing affordable, long-living (no vendor lock), scalable (use new hardware by the time it is becoming available) monitoring solutions. • Use open-source to spread the software, and let the community test it on unchartered places. © 2018 - ntop.org 5 Motivation For Traffic Monitoring If you can’t measure it, you can’t improve it (Lord Kelvin, 1824 – 1907) If you can’t measure it, you can’t manage it (Peter Drucker, 1909 – 2005) © 2018 - ntop.org 6 What Happens in Our Network? • Do we have control over our network? • It’s not possible to imagine a healthy network without a clear understanding of traffic flowing on our network.
    [Show full text]
  • Network Security Toolkit Iso Free Download Network Security Toolkit (NST) 24 7977 Installation Step by Step
    network security toolkit iso free download Network Security Toolkit (NST) 24 7977 Installation Step by Step. Network Security Toolkit, aka NST, is a Linux distribution for security professionals and network admins, using MATE as the default desktop environment and as such it is lightweight and runs fast. The latest stable version NST 24 7977 was released on July 4th, 2016. It’s based on the recently released Fedora 24, with the best-of-breed open source network security applications added such as: WireShark WUI Scapy Multi-Traceroute (MTR) ntopng pcap netflow Netfilter Kismet …… These tool can work with Mercator, Google Maps, Google Earth and WebGL Globe to geolocate IP addresses which you can access by visiting the Web user interface (WUI). Very cool indeed. geolocation and graphic tool matrix. So this tutorial will show you how to install Network Security Toolkit 24. Let’s get started. Step 1: Download Network Security Toolkit 24 7977 ISO Image. The NST ISO image can be booted in live mode for those who like to have a try before installing to hard drive. Go to the official website, http://www.networksecuritytoolkit.org which looks so 2010 and a bit of confusing because the download link is not easy to find. Click the Release button on the upper left menu, then click Download . And you will be taken to SourceForge. Click the iso link to download. Note that NST only support 64 bit CPU. It’s a 2.8 GB file so now you can grab a cup of coffee or tea. Step 2: Create a Live DVD/USB.
    [Show full text]
  • Untraceable Links: Technology Tricks Used by Crooks to Cover Their Tracks
    UNTRACEABLE LINKS: TECHNOLOGY TRICKS USED BY CROOKS TO COVER THEIR TRACKS New mobile apps, underground networks, and crypto-phones are appearing daily. More sophisticated technologies such as mesh networks allow mobile devices to use public Wi-Fi to communicate from one device to another without ever using the cellular network or the Internet. Anonymous and encrypted email services are under development to evade government surveillance. Learn how these new technology capabilities are making anonymous communication easier for fraudsters and helping them cover their tracks. You will learn how to: Define mesh networks. Explain the way underground networks can provide untraceable email. Identify encrypted email services and how they work. WALT MANNING, CFE President Investigations MD Green Cove Springs, FL Walt Manning is the president of Investigations MD, a consulting firm that conducts research related to future crimes while also helping investigators market and develop their businesses. He has 35 years of experience in the fields of criminal justice, investigations, digital forensics, and e-discovery. He retired with the rank of lieutenant after a 20-year career with the Dallas Police Department. Manning is a contributing author to the Fraud Examiners Manual, which is the official training manual of the ACFE, and has articles published in Fraud Magazine, Police Computer Review, The Police Chief, and Information Systems Security, which is a prestigious journal in the computer security field. “Association of Certified Fraud Examiners,” “Certified Fraud Examiner,” “CFE,” “ACFE,” and the ACFE Logo are trademarks owned by the Association of Certified Fraud Examiners, Inc. The contents of this paper may not be transmitted, re-published, modified, reproduced, distributed, copied, or sold without the prior consent of the author.
    [Show full text]
  • Network Troubleshooting Using Ntopng Luca Deri <[email protected]>
    Network Troubleshooting Using ntopng Luca Deri <[email protected]> Outlook • Part 1: Introduction to ntopng ◦ntopng architecture and design. ◦ntopng as a flow collector. ◦Exploring system activities using ntopng. • Part 2: ntopng+Wireshark Monitoring Use Cases ◦Using ntopng. ◦ntopng and Wireshark. ◦Advanced monitoring with ntopng. ◦Future roadmap items. 2 SharkFest 2015 - Computer History Museum June 22-15, 2015 About ntop.org • ntop develops open source network traffic monitoring applications. • ntop (circa 1998) is the first app we released and it is a web-based network monitoring application. • Today our products range from traffic monitoring, to high-speed packet processing, deep-packet inspection, and IDS/IPS acceleration (snort, Bro and suricata). 3 SharkFest 2015 - Computer History Museum June 22-15, 2015 ntop’s Approach to Traffic Monitoring • Ability to capture, process and (optionally) transmit traffic at line rate, any packet size. • Leverage on modern multi-core/NUMA architectures in order to promote scalability. • Use commodity hardware for producing affordable, long-living (no vendor lock), scalable (use new hardware by the time it is becoming available) monitoring solutions. • Use open-source to spread the software, and let the community test it on unchartered places. 4 SharkFest 2015 - Computer History Museum June 22-15, 2015 Some History • In 1998, the original ntop has been created. • It was a C-based app embedding a web server able to capture traffic and analyse it. • Contrary to many tools available at that time, ntop used a web GUI to report traffic activities. • It is available for Unix and Windows under GPL. 5 SharkFest 2015 - Computer History Museum June 22-15, 2015 ntop Architecture Cisco NetFlow HTTP/HTTPS RRD InMon sFlow 6 SharkFest 2015 - Computer History Museum June 22-15, 2015 Why was ntop obsolete? • Its original LAN-oriented design prevented ntop from handling more than a few hundred Mbit.
    [Show full text]