NOC & SOC

SUBMIT BY :
Vivek Hans
Jiwateshwar Singh
NOC
 A network operations center (NOC) is a place from which
administrators supervise, monitor and maintain a
telecommunications network. Large enterprises with large
networks as well as large network service providers typically
have a network operations center, a room containing
visualizations of the network or networks that are being
monitored, workstations at which the detailed status of the
network can be seen, and the necessary software to manage the
networks.
WHY NOC???
 Increase Network Availability
 Decrease Staffing & Training Requirements
 Optimize your Network’s Bandwidth Utilization
and Performance
 Improve Productivity while Decreasing
Operational Costs
WHAT IT PROVIDES….
 24x7x365 Monitoring
 Problem Detection, Resolution and Notification
 Performance Management
 Network Optimization
 Software Maintenance Upgrades
 Configuration Backups
 Trouble Tickets, Status, Performance & Utilization
Reports are all available via the Internet
Additional Services

 Information Technology Infrastructure

– Network Design and Implementation

– Server Configuration
– Internet Access
– Firewalls
– Virtual Private Networks
– Wireless Access

 Web Hosting & Page Design

 SOHO Cable/DSL and Network Installations

SOC
 A Security Operations Center (SOC) is a
centralized unit in an organization that deals
with security issues, on an organizational and
technical level.
 It attempts to prevent unauthorized access and
manage security related incidents using processes
and procedures
SOC……
 Mission is risk management through centralized
analysis using the combined resources consisting of
personnel, dedicated hardware and specialized
software
 These systems operate constantly. These resources
offer continuous risk analysis and guarantee
protection against intrusion
Possible SOC services

 Proactive analysis & system management

 Security device management
 Reporting
 Security alert
 DDOS mitigation
 Security assessment
 Technical assistance
Proactive analysis and system management

 This security system provides proactive analysis of the systems and

security devices of a system (intrusion detectionsystems /IDS ,
intrusion prevention systems/IPS, firewalls, etc).
 This anti-intrusion system offers centralized management of security.
 Personnel need only concern themselves with the functions of
monitoring tools, rather than the complexity of any device under
scrutiny.
 Tools used by the SOC must be is scalable. For example, adding a
new IDS to those already existing.
 The SOC also performs policy management, including remote policy
management.
 Configuration of devices and security policies must be constantly
updated as the system grows and evolves
Security device management

The security device management (SDM) service is

composed of the following elements:
 Fault management
 The main objective of fault management is to ensure the
continuous operation of the security infrastructure. The
activity includes:
 - Monitoring of client security devices - Fault Detection
and Signaling - Fault Reporting - Corrective action
determination - Corrective action implementation -
System recovery (if necessary)
Security device management

Configuration management
 The main objective of configuration management is to ensure the
continuous enforcement of firewall rules tailored to customer needs. It
applies to all equipment managed by the SOC and includes data
packet discard / acceptance rules between an external source and an
internal destination (or vice versa) based on:
– Source address.
– Destination address.
– Network protocol.
– Service protocol.
– Traffic log.
 Configuration management may be performed remotely (remote
configuration management)
Reporting

 Logs generated by various system

components are consolidated and
reformatted into an easily understandable
report for the customer. This reporting is
particularly important because, besides
providing details of any possible intrusion by
unauthorized parties or accidents, may also
allow the customer to take preventative
action.
Security Alert

 The security alert service is designed to

notify customers in timely fashion of the
discovery of new vulnerabilities in such a way
that countermeasures can be effected in time
upon an attack to mitigate or negate the
impact of the attack.
Security assessment

It Includes :-
 Vulnerability assessment
– The vulnerability assessment searches for known vulnerabilities of
systems and software installed. This is carried out through specific
technologies that are configured and customized for each
assessment
 Penetration test
– The penetration test is performed to isolate and exploit known or
unknown vulnerabilities of systems, services and installed web
applications. It attempts to quantify the threat level represented on
each system and the impact. This activity is carried out either
through a number of technologies that are configured and
customized per assessment, or manually for each service, system,
and application.
Distributed denial of service (DDOS) mitigation

 The DDOS Mitigation attempts to mitigate the

effects of a denial of service attack directed
at a critical function of a client’s web
infrastructure. It receives notification of an
attack on a client service. Countermeasures
are activated and evaluated. Traffic is
‘cleaned’ and re-re-routed. An ‘end-of-attack
notification’ is reported and logged.
Penetration test

 The penetration test is performed to isolate and

exploit known or unknown vulnerabilities of systems,
services and installed web applications. It attempts
to quantify the threat level represented on each
system and the impact. This activity is carried out
either through a number of technologies that are
configured and customized per assessment, or
manually for each service, system, and application.
Technical assistance

 The SOC can provide general technical

assistance for any issue regarding system
operation, system violations, system update,
security hardware and software update and
configuration. Technical assistance can be
provided remotely or on-site depending on
the level of service.
Difference B/w SOC & NOC
 NOC’s purpose has always been to ensure "power,
ping, and pipe" to computing resources and is
critically measured on uptime Service Level
Agreements (SLAs). Conversely, the SOC’s purpose
has been to "protect, detect, react, and recover" and
is critically measured on response time SLAs.
Combined, these Operations serve as both central
nervous and immune systems to ensure the
availability and integrity of IT assets
THANKS