User:Vborcan/sandbox

WANGUARD
	File:WANGUARD logo.png
Developer(s)	Andrisoft SRL
Initial release	March 1, 2006
Stable release	5.3 / December 23, 2013
Written in	C, PHP, JavaScript, Perl
Operating system	Linux
Available in	English
Type	Network monitoring, DDoS mitigation
License	Proprietary EULA
Website	http://www.andrisoft.com

This is the user sandbox of Vborcan. A user sandbox is a subpage of the user's user page. It serves as a testing spot and page development space for the user and is not an encyclopedia article. Create or edit your own sandbox here.

Other sandboxes: Main sandbox | Template sandbox

Finished writing a draft article? Are you ready to request review of it by an experienced editor for possible inclusion in Wikipedia? Submit your draft for review!

Andrisoft WANGUARD is a commercial software that monitors IP traffic and protects networks from DDoS attacks by filtering the malicious packets and by black-holing destinations.
Its web interface provides customizable Dashboards with real-time traffic graphs and tops, complex reports with aggregated data for hosts, departments, interfaces, applications, ports, protocols and more.

Features

The key features of the product are:

Distributed traffic monitoring – it uses software sensors that can be deployed across the network to monitor IP traffic by Port mirroring, NetFlow, SFlow or IPFIX.
Web Interface – the integrated Ajax-based web portal provides centralized management and a network-wide visibility of traffic flows, events and other collected data.
DDoS detection – DDoS attacks are detected by a traffic anomaly detection engine that can use user-defined traffic policies or Holt-Winters-based traffic behaviour analysis.
DDoS mitigation – it generates Iptables rules that block attacking IP Addresses; spoof attacks are filtered by applying dynamic rules for source or destination TCP and UDP ports, IP protocols, TTL, TCP SYN etc.
Collector of flows and packets – it provides a flow collector and a web-based, Wireshark-like Packet analyzer that can save packets or flows.
Real-time reporting – the traffic analysis engine updates graphs, tops and statistics every 5 seconds; histograms appear animated.
Historical reporting – every data retention parameter can be configured from 1 day to 10 years; reports can be generated for any custom time period.
Scheduled reporting – consolidated reports can be automatically generated and emailed at preconfigured intervals of time.
Automatic responses – it includes modules for sending emails, executing custom scripts, notify SIEM systems though SNMP traps etc.; responses to threats can be extended though an open API.

Editions

Since 2012 Andrisoft is also releasing a "lite" version of WANGUARD called WANSIGHT that doesn't contain features related to traffic anomalies.

Releases

Date	Release	Notes
1 March 2006	1.0^[1]	First public release
1 March 2008	2.0^[2]	Major performance improvements and a completely rewritten web console
5 January 2009	3.0^[3]	Major performance improvements, bug fixes, 10 Gigabit Ethernet packet sniffing, Netflow sampling support and improved AS Numbers support
8 May 2010	4.0^[4]	Adds a brand new Web User Interface, performance improvements, partial SFlow support, 95th percentile, greatly improved traffic accounting and traffic graphs support, advanced permissions for user roles, FreeBSD 8 support, LDAP and Active Directory support, Events Reporting, Scheduled Reports, Tables and Logs can be exported in Excel, VLAN & MPLS support, PF_RING support for improved 10 Gbps packets sniffing, RAM storage method for IP graphs, RRDCache support, NetFlow archive, 4 Console themes, DNS reverse lookups for IP addresses
20 October 2012	5.0^[5]	WANGuard is renamed WANGUARD. It adds extensible traffic decoders, a new traffic thresholds system, NetFlow v9, native SFlow, IPFIX, traffic capturing framework, Combined Reports and Dashboard, full IPv6 support, new decoders, multiple CPU support for packet sniffing, in-NIC hardware filters, IPv4 and IPv6 mask restrictions to BGP announcements

External Links

References

^ First release at http://web.archive.org/web/20071011091644/http://andrisoft.com/
^ Andrisoft announces WANGuard 2.0 http://www.andrisoft.com/company/news/wanguard-platform-2-released
^ Andrisoft announces WANGuard 3.0 http://www.andrisoft.com/company/news/wanguard-platform-3-released
^ Andrisoft announces WANGuard 4.0 http://www.andrisoft.com/company/news/wanguard-4-0-released
^ Andrisoft announces WANGUARD 5.0 http://www.andrisoft.com/company/news/wanguard-5

Category:System administration Category:Network management Category:Network performance Category:Network analyzers Category:Network software stubs Category:Intrusion detection systems Category:Firewall software Category:Internet Protocol based network software

[1] First release at http://web.archive.org/web/20071011091644/http://andrisoft.com/

[2] Andrisoft announces WANGuard 2.0 http://www.andrisoft.com/company/news/wanguard-platform-2-released

[3] Andrisoft announces WANGuard 3.0 http://www.andrisoft.com/company/news/wanguard-platform-3-released

[4] Andrisoft announces WANGuard 4.0 http://www.andrisoft.com/company/news/wanguard-4-0-released

[5] Andrisoft announces WANGUARD 5.0 http://www.andrisoft.com/company/news/wanguard-5

[1]

[2]

[3]

[4]

[5]

Features

Editions

Releases

See also

External Links

References