Net Report Firewall Dashboard Presentation

1
Net Report? Firewall Dashboard Presentation

• Second Quarter 2006

2
Agenda

• 1. Front Page Features
• 2. Graph of Events by Day of the Month
• 3. Accepted/Blocked Traffic by Number of Hits
• 4. Accepted/Blocked Services by Source and
  Destination
• 5. Number of Events by Rules
• 6. Top n Accepted/Blocked Internal Users/Visitors
  by Hits with Top n Accepted/Blocked Services
• 7. Top n Outgoing/Incoming Accepted Services
  Sorted by KB
• 8. Top n Accepted/Blocked Services with their Top
  n Accepted/Blocked Internal Users/Visitors

3
1. Front Page Features
4
Front Cover Interactive Features
Dashboard Home Link via the Firewall Icon
Bookmarks
Previous and Next Arrows
Net Report Web Site and Page Numbers
Date and Time Dashboard was Generated
Key Points Hyperlinks Each Table, Graph,
Diagram and label has buttons or text in blue
which are hyperlinked to the relevant point in
the Dashboard Report (Dashboard). Simply click
the hyperlink or button you are interested in to
go to the detailed breakdown in the Dashboard.
Dashboard Home Link via the Firewall Icon click
the firewall icon in the top right corner
on any page to return to the Dashboard home
page. Previous and Next Arrows Easily navigate
between Dashboards from month-to-month or
day-to-day (i.e. with Daily or Monthly
Dashboards). Date and Time Dashboard was
Generated You can also add additional Parameters
via the Net Report Web Portal to specify the
specific name(s) of the Firewall(s) treated in
the Dashboard. When the Parameter is IGNORE this
means that no information has been submitted or
that no information is available. Bookmarks
Easily view the Table of Contents for the
Dashboard, easily navigate through the Dashboard
at any Time via the Bookmarks tree structure in
the left pane of the Dashboard.
5
Defining Your Firewall Dashboard File Names

• If you name your own Dashboard .pdf files you
  must respect the file name formats below.
• To navigate from one dashboard to another using
  the Previous and Next arrows in the top right
  corner of each dashboard, you must use the
  following file name format for your aggregated
  firewall dashboards.
• For a Monthly Report BookFirewall_Monthly_YYMM.p
  df
• For a Daily Report BookFirewall_Daily_YYMMDD.pdf
  
•  
• Please replace YYMMDD by the appropriate values
  (Year, Month Day with two characters for each,
  for example 060305 for March 5, 2006).
• Please respect the capitalization used for the
  .pdf file names to ensure that you can navigate
  between dashboards.

6
Front Cover Bookmarks

• Bookmarks Your Table of Contents
• Importance View the Bookmarks tab in the left
  pane of your .pdf Dashboard to use the Table
  of Contents.
• Tree Structure Click the plus sign adjacent to
  the Report title you are interested in to expand
  the branches and access the Report.
• Easy Navigation Click the Report title you
  wantto go directly to the page in the
  Dashboard.
• Customized Parameters You specify the
  Parameters you want in the Net Report Web
  Portal. For example, the Top n you select
  whether you want the top 5, 10, 60, 100 and so
  on.
• Note This Presentation follows the tree
  structurein the Bookmarks tab to your left.

7
Glossary

• Net Report Firewall Dashboard Terms and
  Definitions
• Visitor A Person or (IP) Device
  outside your company (i.e. external) at the
  origin of a connection.
• User A Person or (IP) Device
  inside your company (i.e. internal) at the origin
  of a connection.
• Site IP outside your company (i.e. external) as
  the target of a connection.
• Blocked A connection blocked by your
  Firewall (action drop, reject).
• Accepted A connection accepted by your
  Firewall (action accept).
• Inbound Visits to the Server(s)
  by Visitors (people outside your company, i.e.
  external).
• Outbound Visits to external
  Site(s)/Server(s) by Internal Users (people
  inside your company, i.e. internal).
• Internal Visits to the Servers
  by Users (people inside your company, i.e.
  internal).
• Service Connections destination port.
• Internal Devices inside your company. For
  example, the devices in the DMZ and LAN are
  Internal.
• External you define this zone. Normally this
  implies people and devices outside your company.
  Note you can define an Internal zone as an
  External zone if you wish. For example, when
  analyzing a Firewalls log, a certain subsidiary
  can be considered as external and the
  Headquarters as internal. Defining an External
  zone with an internal IP Address will have an
  impact on certain graphs.

8
Front Cover Navigating Each Section
Subsection 6 Traffic Activity by Number of
Distinct IP Addresses
Subsection 1 Firewall Filtered Traffic
Daily/Monthly Activity
Subsection 2 Number of Different Services
Subsection 5 Zone Topology Diagram
Subsection 3 Services Top 5 Accepted Services
by Hits
Subsection 4 Most Active Internal User and
External Visitor
Key PointsHyperlinks click the blue text or
buttons on the front page to be hyperlinked to
the relevant point in the Dashboard. Clicking
blue text will take you to the detailed data,
graph or pie chart in the Dashboard. Dynamic
Interactive Each Dashboard is dynamic and
interactive, meaning you can generate a Dashboard
anywhere, anytime and for example, e-mail it as
an attachment to the parties concerned (Upper
Management / IT).Aggregated Data Increases
your statistics visibility and narrows the focus
to the key details you need, saving you from
wading through reams of raw data. Operating
Environment Windows 2000 and greater, and SQL
Server 2000 and greater. IP Source beginning
with It is possible to enter multiple IP Source
values via IP Source beginning with
ltXXX.XgtltXXX.XXXgt (for example 162.8156.8).
This enables the user to display statistics for a
series of IP Addresses. User Group beginning
with The criterion User_Group beginning with
XXXXYYYY enables users to display statistics
for groups of users and for the users within
those groups. These criteria are multi-value
(value1value2value3) and the user must insert a
semi-colon character ltgt toseparate the values.

Click for the Details You Need!
9
Front Cover Interactive Topology Diagram

• Subsection 5 Zone Topology
  Diagram
• Importance This diagram shows the general zones
  and trafficflows between zones and through your
  Firewall for an overall picture of your
  Firewalls position between the Exterior and the
  interior (i.e. Internal DMZ and LAN).
• Note You must carefully define the various
  zones. You define the External zone, for example
  (i.e. normally people and devices outside your
  company). However, you can define an Internal
  zone as an External zone if you wish.
• Definitions
• Internal DMZ and LAN, you fix this zones
  definition.
• External outside your company, (that is, not
  Internal-DMZ and LAN) you define External.
• Inbound from External ? Internal (DMZ / LAN)
• Outbound from Internal (DMA / LAN) ? External
• Key
• 1 Firewall Accepted Inbound Traffic.
• 2 Firewall Blocked Inbound Traffic.
• 3 Firewall Blocked Traffic from Internal
  Zone 1 (e.g. LAN) ? Internal Zone 2 (e.g. DMZ).
• 4 Firewall Accepted Traffic from Internal
  Zone 1 (e.g. LAN) ? Internal Zone 2 (e.g. DMZ).
• 5 Firewall Blocked Outbound Traffic.
• 6 Firewall Accepted Outbound Traffic.
• For Accepted Figures Click 1, 4 and 6 to go
  directlyto the Top n Accepted Services by
  Source/Destination.
• For Blocked Figures Click 2, 3 and 5 to go
  directly to the Top n Blocked Services by
  Source/Destination

Internal DMZ LAN
LAN
DMZ
Firewall
External As You Define (i.e. Everything except
hosts defined as DMZ or LAN)
10
Front Cover Detailed Right Side Navigation

• Subsection 1 Firewall Filtered Traffic
  Daily/Monthly Activity
• Importance This graph shows the number of
  events your Firewall accepted and blocked either
  by day or by month.
• Hyperlinks click on the day (for a monthly
  Report) or the hour (for a daily report) to go
  directly to the relevant graph with the details.

• Subsection 2 Number of Different Services
• Definitions
• Inbound External ? Internal (DMZ LAN).
• Outbound Internal (DMZ LAN) ? External.
• Internal Internal (e.g. LAN) ? Internal (e.g.
  DMZ).
• Error External ? External. Represents a
  misconfiguration for the zones in your topology.
  
• Importance This table shows the number of
  different services your Firewall accepted or
  blocked.
• Hyperlinks click the blue text to go directly
  to the detailed data.

Click the Graph for the Detail You Need!
Click the Cell for the Detail You Need!

• Subsection 3 Top 5 Accepted Services by Hits
• Importance This graph shows the five most
  accepted protocol family groups (i.e. services)
  which your company used the most often.
• Note the MB column only appears if your
  Firewall provides
• Accounting information.
• Definition
• Services protocol family group, for example -
  Mail Protocol family SMTP, IMAP, POP, QMTP,
  IMSP- Internet Protocol family HTTP, HTTPS
  - System Protocol family Telnet, echo, HNS,
  DNS, BPS

Click the Cell for the Detail You Need!
11
Front Cover Detailed Left Side Navigation

• Subsection 6 Traffic Activity by the No. of
  Distinct IP Addresses
• Importance This table shows the
• Number of External Visitors (outside your
  company) Internal Users your Firewall accepted
  or blocked.
• Number of External Destinations and Internal
  Server traffic your Firewall accepted or
  blocked.
• Hyperlinks click the blue text to go directly
  to the detailed data.

Click the Cells for the Detail You Need!

• Subsection 5 Zone Topology Diagram
• Importance This diagram shows the general zones
  and traffic flow between zones and through your
  Firewall to give you an overall picture of your
  Firewalls position between the exterior
  (External) and the interior (Internal i.e. DMZ
  and LAN). Please see the General Topology Slide.
• Hyperlinks click the blue text to go directly
  to the detailed data.

• Subsection 4 Most Active Internal User
  External Visitor
• Importance Most active Internal User (e.g. LAN
  User) and External User with the Source and
  Firewall action (that is, accepted or blocked)
  along with the number of hits.
• Hyperlinks click the blue text to go directly
  to the detailed data.

Click the Cells for the Detail You Need!
12
2. Graph of Events by Day of the Month
13
Graph of Events by Hour of the Day/Day of the
Month

• Traffic Accepted Traffic Graph for
  Monthly Firewall Dashboards
• Importance This Graph shows the number of
  Inbound, Outbound and Internal events your
  Firewall accepted, with the number of hits by
  day of the month (for Monthly Firewall
  Dashboards) based on daily aggregated data.
• Source Hyperlinks Page 1 Subsection 1
  hyperlinks lead to this graph on page 2. The Go
  to Graph icon also leads to this graph
  from the Events by Hour or the Day/Day of the
  Month Data table.

• Traffic Blocked Traffic Graph
• Importance. This Graph shows the number of
  Inbound, Outbound and Internal events your
  Firewall blocked,with the number of hits by day
  of the month (for Monthly Firewall Dashboards)
  based on daily aggregated data.
• Source Hyperlink Page 1 Subsection 1 hyperlinks
  lead to this graph on page 2.The Go to Graph
  icon also leads to this graph.
• Note Clicking the Go to Data icon,
  enables you to view the detailed data feeding
  this graph from the Events by Hour or the
  Day/Day of the Month Data table.

14
Table of Events by Hour of the Day/Day of the
Month

• Events by Hour of the Day/Day of the Month - Data
• Importance. This Graph shows the number of
  Inbound, Outbound and Internal events your
  Firewall blocked,with the number of hits by day
  of the month (for Monthly Firewall Dashboards)
  based on daily aggregated data.
• Source Hyperlink On page 2 the Go to Data
  icon leads to this table.
• Note Clicking the Go to Data icon,
  enables you to view the graph fed by this data in
  the Events by Hour or the Day/Day of the Month
  Graph.

15
3. Accepted/Blocked Traffic Figures Analyzed by
Number of Hits
16
Accepted/Blocked Traffic Figures by No. of Hits

• Traffic Accepted Inbound, Outbound and
  Internal Traffic by Number of Hits
• Importance this table shows the number of
  Inbound, Outbound and Internal traffic your
  Firewall accepted, by the number of hits, with
  the total MB accepted by your Firewall and the
  Firewall action specified (i.e. accept).
• Definitions Firewall action accept the
  Firewall accepted the traffic.

Detailed Statistics by Number of Hits

• Traffic Blocked Inbound, Outbound and
  Internal Traffic by Number of Hits
• Importance this table shows the number of
  Inbound, Outbound and Internal traffic your
  Firewall blocked, by the number of hits, the
  total MB blocked by your Firewall and the
  Firewall action specified (i.e. drop, reject).
• Definitions Firewall actions drop the
  Firewall dropped the Inbound/Outbound/Internal
  event.reject the Firewall rejected the
  Inbound/Outbound/Internal event.

17
4. Accepted/Blocked Services by Source
Destination
18
All the Sources Destinations with their Top n
Accepted Services
Top n Accepted Services by Source, Destination
Area and Firewall Rule Where n is the number you
specified in Net Report Web Portal

• All the Sources and Destinations with their
  Top n Accepted Services
• Importance This table shows the services your
  Firewall accepted the most by Source and
  Destination Area along with the Service, the
  Firewall rule which treated them and the total
  number of hits accepted by your Firewall.
• Note where n is the number specified in the
  parameters in the Net Report Web Portal. If you
  choose one or severalsources they are displayed
  in the bottom left corner of the page as a
  parameter, only the IP Addresses selected will
  be displayed.

19
All the Sources Destinations with their Top n
Blocked Services
Top n Blocked Services by Source, Destination
Area and Firewall Rule Where n is the number you
specify in Net Report Web Portal

• All the Sources and Destinations with their
  Top n Blocked Services
• Importance This table shows the services your
  Firewall blocked the most by Source and
  Destination Area along with the Service, the
  Firewall rule which treated them and the total
  number of hits blocked by your Firewall.
• Note where n is the number specified in the
  parameters in the Net Report Web Portal. If you
  choose one or severalsources they are displayed
  in the bottom left corner of the page as a
  parameter, only the IP Addresses selected will
  be displayed.

20
5. Number of Events by Rules
21
Number of Events by Rules - Graph

• Number of Accepted Internal, Outbound and
  Inbound Events by Firewall Rule
• Importance This graph shows the number of
  events the specific Firewall Rules accepted for
  Inbound, Outbound or Internal events along with
  the total number of hits your Firewall accepted.

Graph with the Number of Events Accepted or
Blocked by your Firewall by the Internal,
Outbound and Internal categories (as shown in the
key to the right)

• Number of Blocked Internal, Outbound and
  Inbound Events by Firewall Rule
• Importance This graph shows the number of
  events the specific Firewall Rules blocked for
  Inbound, Outbound or Internal events along with
  the total number of hits your Firewall blocked.
  This notably helps you improve your Firewall
  performance.
• Note clicking the Go to Data icon takes
  you to the table of detailed data feeding this
  graph.

22
Number of Events by Rules - Table

• Number of Accepted Internal, Outbound and
  Inbound Events by Firewall Rule
• Importance This table shows the number of
  events the specific Firewall Rules accepted for
  Inbound, Outbound or Internal events along with
  the total number of hits your Firewall accepted.

Table with the Number of Events Accepted or
Blocked by Your Firewall

• Number of Blocked Internal, Outbound and
  Inbound Events by Firewall Rule
• Importance This table shows the number of
  events the specific Firewall Rules blocked for
  Inbound, Outbound or Internal events along with
  the total number of hits your Firewall blocked.
  This notably helps you improve your Firewall
  performance.
• Notes clicking the Go to Graph icon will
  take you directly to the graph fed by this data.

23
6. Top n Accepted/Blocked Internal
Users/Visitors by Hits with their Top n
Accepted/Blocked Services
24
Top n Accepted Internal Users/Visitors Sorted by
Hits

• Top n Accepted Internal Users
• Importance This table shows the top n Internal
  users (specifying their Source Area) your
  Firewall accepted classed by hits and volume (in
  KB) for the information transferred and with the
  elapsed time.

Top n Accepted Internal Users by Hits Table
Top n Accepted Visitors (to your site) by Hits
Table
Click the Internal User column hyperlinks for
details on Accepted Internal Users
Click the Visitor column hyperlinks for details
on Accepted Visitors.

• Top n Accepted Visitors (to your Site)
  
• Importance This table shows the top n Visitors
  (who visited your site, with their Source Area)
  which your Firewall accepted classed by hits and
  volume (in KB) for the information transferred
  and with the elapsed time.

25
Top n Accepted Internal Users/Visitors with
their Top n Accepted Services

• Top n Accepted Internal Users with
  their Top n Services
• Importance This table shows for the top n
  Internal users your Firewall accepted the top x
  most demanded Services your Firewall accepted.
  Illustrating to which Destination Area and by
  which Firewall rule they were treated, with the
  total number of hits.

Top n Accepted Visitors (to your site) with their
Top n Accepted Services Table
Top n Accepted Internal Users with their Top n
Accepted Services Table
Click the Service and Comment columns hyperlinks
for details on Accepted External Visitors.
Click the Service and Comment columns hyperlinks
for details on Accepted Internal Users

• Top n Accepted Visitors (to your Site)
  with their Top n Services
• Importance This table shows for the top n
  Visitors to your Site/Server(s) (with their
  Source Area) which your Firewall accepted the
  top x most demanded services accepted.
  Illustrating to which Destination Area and by
  which Firewall rule they were treated along
  with the total number of hits.

26
Top n Blocked Internal Users/Visitors with their
Top n Blocked Services

• Top n Blocked Internal Users with their
  Top n Blocked Services, Specifying Source Area
  and Service
• Importance This table shows for the top n
  Internal users your Firewall blocked for the top
  x most demanded and blocked Services (defined in
  the Comment column). Illustrating to which
  Destination Area and by which Firewall rule they
  were treated with the total number of blocked
  hits.

Top n Blocked Internal Userswith their Top n
Blocked Services Table
Top n Blocked Visitors (to your site) with their
Top n Blocked Services Table
Click the Service and Comment columns hyperlinks
for details on Blocked External Visitors.
Click the Service and Comment columns hyperlinks
for details on Blocked Internal Users

• Top n Blocked Visitors (to your Site)
  with their Top n Blocked Services, with Source
  Area and Service
• Importance This table shows for the top n
  Visitors your Firewall blocked for the top x most
  demanded and blocked Services. Illustrating to
  which Destination Area and by which Firewall rule
  they were treated, with the total number of
  blocked hits.

27
7. Top n Outgoing/Incoming Accepted
ServicesSorted by Hits
28
Top n Incoming Accepted Services by Hits Graph
Table
Click the Service hyperlinks for details on
Accepted Incoming Services
Top n Incoming Services Accepted by your
Firewall Sorted by Hits

• Top n Incoming Accepted Services Sorted by
  Hits
• Importance This table shows the top n Incoming
  Services (defined in the Service Comment column)
  your Firewall accepted sorted by Hits along with
  the number of accepted KB and the elapsed time.
• Note If it is inappropriate to sort by Hits,
  then the statistics will sorted by the number of
  KB.
• Note Clicking the Go to Data icon leads
  you to the detailed data feeding the pie chart.
• Clicking the Go to Graph icon leads you
  to the pie chart fed by the detailed data.

29
Top n Outgoing Accepted Services by Hits Graph
Table
Click the Service hyperlinks for details on
Accepted Outgoing Services
Top n Outgoing Services Accepted by your
Firewall Sorted by Hits

• Top n Outgoing Accepted Services Sorted by
  Hits
• Importance This table shows the top n Outgoing
  Services (defined in the Service Comment column)
  your Firewall accepted sorted by Hits along with
  the number of accepted KB and the elapsed time.
• Note If it is inappropriate to sort by Hits,
  then the statistics will sorted by the number of
  KB.
• Note Clicking the Go to Data icon leads
  you to the detailed data feeding the pie chart.
• Clicking the Go to Graph icon leads you
  to the pie chart fed by the detailed data.

30
8. Top n Accepted/Blocked Services with their
Top n Accepted/Blocked Internal Users/Visitors
Top 10 Users Visitors using the
GreatestVariety of Services
31
Top n Accepted/Blocked Services with their Top n
Accepted/Blocked Internal Users/Visitors

• Top n Accepted Services with their Top n
  Accepted Internal Users/Visitors
• Importance These tables show the top n Services
  (defined in the Comment column) your Firewall
  accepted with the Top n Internal Users/Visitors
  your Firewall accepted with the Source and
  Destination Areas, the Firewall rule they were
  treated by and the total number of accepted hits.

Top n Accepted Services with their Top n Accepted
Internal Users/Visitors
Top n Blocked Services with their Top n Blocked
Internal Users/Visitors
Click the Service and Comment columns hyperlinks
for details on Accepted Internal Users
Click the Service and Comment columns hyperlinks
for details on Blocked External Visitors.

• Top n Blocked Services with their Top n
  Blocked Internal Users/Visitors
• Importance These tables show the top n Services
  (defined in the Comment column) your Firewall
  blocked with the top n Internal Users/Visitors
  your Firewall blocked with the Source and
  Destination Areas, the Firewall rule they were
  treated by and the total number of blocked hits.

32
Top n Users Visitors using the Greatest
Variety of Services

• Top n Internal Users and Visitors using the
  Greatest Variety of Services
• Importance This table shows the top n Users and
  Visitors using the Greatest Variety of Services
  (accepted and blocked by your Firewall) with the
  number of Distinct Services accepted and blocked
  specified and the total number of accepted and
  blocked Services and hits.
• Note this helps you find, as a sample, a slow
  port scan.

Top n Internal Users and Visitors using the
Greatest Variety of Services
Top n External Visitors using the Greatest
Variety of Services
Click the External Visitors column hyperlinks for
details on External Visitors using the Greatest
Variety of Services.

• Top n External Visitors using the Greatest
  Variety of Services
• Importance This table shows the top n External
  Visitors using the Greatest Variety of Services
  (accepted and blocked by your Firewall) with the
  number of Distinct Services accepted and blocked
  and the total number of accepted and blocked
  Services and hits.

33
Contact ussales_at_netreport.fr
34
Web site http//www.net-report.net
Stay in control with Net Report!