1. Support
  1. Programs
  1. Register
  1. Tech Info Library
  1. Software
  1. Documentation
  1. Policies & Procedures
  1. Best Practices
  1. Product Lifecycle
  2. Evaluate
  3. Procure
  4. Deploy
  5. Operate
  6. Extend
  7. ITIL
  8. Service Support
  9. Service Delivery
  1. Contact Support

ITIL: Service Delivery

Security Management

The objective of the Security Management discipline is to prevent the occurrence of security-related incidents by managing the confidentiality, integrity, and availability of IT services.

PacketShaper sits on all of the WAN links inside the enterprise network, a place where firewalls and other network security devices aren't present. While firewalls and intrusion prevention systems can provide excellent perimeter security to keep malicious traffic out of the network, there is still a need to have something available to manage the problem if somehow a virus, worm, or other malicious traffic does manage to make it past the firewall.

PacketShaper can help with the following issues related to security:

Application flow validation — Packeteer’s classification detects dynamic and migrating port assignments, differentiates applications using the same port, and uses Layer 7 application indicators to identify applications. The PacketShaper allows you to verify that an application flow is what it’s supposed to be. These capabilities allow the PacketShaper to defeat users' attempts at masquerading recreational traffic as innocent web-browsing; web proxies, encryption, and port hopping do not fool the PacketShaper.

Rogue server detection — Top Talkers/Listeners is one of several PacketShaper features that can help in the detection of rogue servers. For example, suppose FTP suddenly shows up in the Top Ten pie chart. To find out who is contributing to this increase in FTP traffic, you can use the Top Talkers and Top Listeners feature to track the hosts that initiate the most traffic (talkers) and hosts that receive the most traffic (listeners).

Application overload protection — If a denial-of-service attack occurs on your network, you’ll want to make sure your application servers don’t become overwhelmed with the excessive traffic. Packeteer’s flow limit policies offer such protection. These types of policies limit the number of flows per minute that can be received by any server. Packeteer’s adaptive response feature can notify you when flows are being blocked because of the flow limit policy.

Detection of SYN and Spoofing attacks — A high number of new flows per minute and/or failed flows per minute can indicate an attack is occurring. Adaptive response offers several agent templates that monitor flows to/from hosts to help in the detection of SYN attacks and spoofing. After setting up these adaptive response agents, you can be notified automatically when a host has excessive failed flows and/or new flows per minute, thus alerting you to a possible attack. In addition, you can automatically restrict the bandwidth of these violating hosts so that you can minimize the problem while you do further investigation.

Detection of recreational traffic — Excessive recreational traffic can disrupt a network. Employees downloading music files, hosting a file server for music files, communicating via unsanctioned instant messaging, listening to Internet radio all day long, watching streaming video of current events — all of these non-business-related activities consume bandwidth that could be better used elsewhere. You can use Packeteer's sophisticated classification and control features to detect and control recreational traffic.

Protection against Network Congestion Events — The very nature of TCP traffic can cause Network Congestion Events (NCEs) — network-related situations that impact application performance and user productivity. Every day tasks, such as an employee FTPing a large file or emails with gargantuan attachments, can produce NCEs. Fortunately, the PacketShaper can prevent these types of NCEs from occurring. The basic foundation of the PacketShaper is designed to prevent Network Congestion Events.

Network forensics — PacketShaper's network forensics toolset provides real-time visibility into exactly what is happening on the network. Find out who is using a certain server or network application, when, and what else he/she is doing. The following PacketShaper tools provide rapid problem resolution for security attacks: graphing tools, flow detail records, host analysis, and packet capture.

For detailed procedures on using the PacketShaper for WAN application security, refer to Secure WAN Applications and the Packeteer Orange Book: Configuring PacketShaper for Threat Containment.

 

View the other disciplines in the ITIL Service Delivery area:

Service Level Management  

Capacity Management

Continuity Management

Availability Management

Cost Management

 

BLUE COAT ACQUISITION
Blue Coat will continue to support Packeteer customers based on active/current support agreements. Customers may obtain support for Packeteer products through the same mechanisms previously utilized.

Please see bluecoat.com/support/packeteer
for more detailed information.

Resource Library