USE HONEYPOTS TO KNOW YOUR ENEMIES
|
|
- Caitlin French
- 8 years ago
- Views:
Transcription
1 USE HONEYPOTS TO KNOW YOUR ENEMIES SHERIF MOUSA (EG-CERT) 9 MAY 2012
2 WHAT ARE WE GOING TO TALK ABOUT? What exactly happens on the end of your Internet connection. Open Source tools to set up your own Honeypot and IDS setup and how to tie them together. LAB
3 YOUR INTERNET CONNECTION (IMAGINED)
4 YOUR INTERNET CONNECTION (REALITY)
5 YOUR INTERNET CONNECTION (WITH HONEYPOTS)
6 BASIC HONEYNET
7 HONEYPOT Generally a computer that appears to be legitimate, but in reality is a trap for malware and hackers to monitor their actions and tactics. There should be no legit traffic to the honeypot, so any traffic it sees is immediately suspicious. A darknet is similar, but on a much bigger scale, say an entire /24 subnet
8 TYPES High Interaction Honeypots Make use of the actual vulnerable service or software. Usually complex solutions as they involve real operating systems and applications. Help in identifying unknown vulnerabilities. Big headache. Low/Medium Interaction Honeypots Allow only limited interaction for an attacker or malware. All services offered are emulated. Save many headaches.
9 NEPENTHES Nepenthes is a low interaction honeypot. It emulate _known_ vulnerabilities to collect information about potential attacks. Nepenthes is designed to emulate vulnerabilities worms use to spread, and to capture these worms. As there are many possible ways for worms to spread, Nepenthes is modular.
10 HOW NEPENTHES WORKS Vulnerability Modules emulates various services which look ripe for compromise to an attacker (lsass, dcom, veritas, dameware, etc). Shellcode Handlers and Emulators allows Nepenthes to interact with the malware. Download Modules will download the binary (http, ftp, curl, etc). Submission Modules will submit the binary for analysis (Norman, CWSandbox, postgres, etc)
11 NEPENTHES KEY LOG FILES/DIRECTORIES /var/lib/nepenthes/binaries Captured binaries are named after their md5sums, and they are stored in the above directory /var/log/nepenthes/logged_submissions This log file indicates how and where each binary is obtained. var/log/nepenthes/nepenthes.log
12 NEPENTHES PHARM PHARM is an Open Source client/server and web portal package, which provides central reporting and analysis of your distributed Nepenthes based honeypots. PHARM Clients are installed on along with your Nepenthes installs, PHARM clients listen for any changes in nepenthes log files (logged_submissions and nepenthes.log) and sends over the logged data and malware collected over to the server running the PHARM server. PHARM server gets all the data collected from PHARM Clients and provides analysis/report of your honeypots through the PHARM Web portal.
13 PHARM MALWARE DATA
14 PHARM nepenthes.log DATA
15 KIPPO Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. Features Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included. Possibility of adding fake file contents so the attacker can 'cat' files such as /etc/passwd. Only minimal file contents are included. Session logs stored in an UML compatible format for easy replay with original timings. Kippo saves files downloaded with wget for later inspection.
16 SESSION TTY LOG REAL SAMPLE
17 KIPPO-GRAPH Kippo-Graph is a full featured script to visualize statistics from a Kippo SSH honeypot. Kippo-Graph currently shows 24 charts, including: Top 10 passwords, top 10 username/password combos. Connections per IP, connections per country. ssh clients. Others. There are also geolocation data extracted and displayed with Google visualization technology using a Google Map.
18 TOP 10 PASSWORDS
19 TOP 10 IP ADDRESSES
20 GEO-LOCATION
21 SNORT An open source network intrusion prevention and detection system. It uses a rule-based language combining signature, protocol and anomaly inspection methods. The most widely deployed intrusion detection and prevention technology. Gold standard in opensource IDS systems. Many frontends (BASE, SGUIL, SNORBY,...). Free + free rules updates.
22 SNORT USES Packet sniffer: capture and display packets from the network with different levels of detail on the console. Packet logger: log data in text file. Honeypot monitor: deceiving hostile parties. NIDS: network intrusion detection system.
23 SNORBY Snorby is a ruby on rails web application for network security monitoring that interfaces with current popular IDS s (Snort, Suricata and Sagen). Free and opensource.
24 DASHBOARD
25 SAMPLE EVENT
26 SECURITY ONION Security Onion is a Linux distro for IDS (Intrusion Detection) and NSM (Network Security Monitoring). It's based on Xubuntu and contains Snort, Suricata, Sguil, Squert, Snorby, Bro, NetworkMiner, Xplico, and many other security tools. We ll use it just for Snort and Snorby.
27 TEST ENVIRONMENT NETWORK TOPOLOGY HINT: where x.x.x.0/24 is a public class C network. This topology is not secure for production.
28 SUMMARY Internet connection reality. Nepenthes. Pharm project. Kippo. Kippo-graph. Snort. Snorby. Security Onion.
29 LAB Check the lab manual (Lab_Manual.pdf)
30 REFERENCES Nepenthes >> PHARM Project >> Kippo >> BruteForce Lab's Blog >> Snort >> Snorby >> Security Onion >> & THC-Hydra >> Zenmap >>
31 QUESTIONS?
32 CONTACT INFORMATION
S N O R T I D S B L A S T C O U R S E
S N O R T I D S B L A S T C O U R S E General Description In this course, we will use the Security Onion operating system. Security Onion is based on Ubuntu Linux distro. It contains the Snort IDS, Suricata,
More informationSecurity Onion. Peel Back the Layers of Your Network in Minutes. Doug Burks
Security Onion Peel Back the Layers of Your Network in Minutes Doug Burks tcpdump -nnai eth1 -s0 grep -A5 "Doug Burks" About Doug Burks: Christian, husband, father Corporate Incident Handler for Mandiant
More informationTowards Automated Botnet Detection and Mitigation
Towards Automated Botnet Detection and Mitigation Stopping the Root Cause of Spam Pi1 - Laboratory for Dependable Distributed Systems Outline Motivation Tools & techniques for botnet detection nepenthes
More informationNetwork Security Controls. CSC 482: Computer Security
Network Security Controls Topics 1. Firewalls 2. Virtual Private Networks 3. Intrusion Detection and Prevention 4. Honeypots What is a Firewall? A software or hardware component that restricts network
More informationNETWORK SECURITY. Scott Hand. Melanie Rich-Wittrig. Enrique Jimenez
NETWORK SECURITY Scott Hand Melanie Rich-Wittrig Enrique Jimenez Chapter 2 In Which Firewalls Are Erected, Packets Are Snorted, And Pwnage Denied TOPICS COVERED Host Software Firewalls iptables Network
More informationPeeling Back the Layers of the Network Security with Security Onion Gary Smith, Pacific Northwest National Laboratory
Peeling Back the Layers of the Network Security with Security Onion Gary Smith, Pacific Northwest National Laboratory A Little Context! The Five Golden Principles of Security! Know your system! Principle
More informationAnalyzing Internet Attacks with Honeypots. Ioannis Koniaris ikoniaris@gmail.com
Analyzing Internet Attacks with Honeypots Ioannis Koniaris ikoniaris@gmail.com Workshop outline About me Workshop outline Cyber threats and countermeasures Information and systems security Human threat
More informationMultifaceted Approach to Understanding the Botnet Phenomenon
Multifaceted Approach to Understanding the Botnet Phenomenon Christos P. Margiolas University of Crete A brief presentation for the paper: Multifaceted Approach to Understanding the Botnet Phenomenon Basic
More informationNetwork Intrusion Analysis (Hands-on)
Network Intrusion Analysis (Hands-on) TCP/IP protocol suite is the core of the Internet and it is vital to understand how it works together, its strengths and weaknesses and how it can be used to detect
More informationIDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
More informationMissing the Obvious: Network Security Monitoring for ICS
Missing the Obvious: Network Security Monitoring for ICS If ICS are so vulnerable, why haven t we seen more attacks? We aren t looking! Two Key Reasons Intent Visibility Intent Why are targeted attacks
More informationHow to build and use a Honeypot. Ralph Edward Sutton, Jr. DTEC 6873 Section 01
How to build and use a Honeypot By Ralph Edward Sutton, Jr DTEC 6873 Section 01 Abstract Everybody has gotten hacked one way or another when dealing with computers. When I ran across the idea of a honeypot
More informationCompliance Solu.ons with a Budget in Mind
Compliance Solu.ons with a Budget in Mind complex, expensive PCI requirements tools to aid in mee7ng these requirements These tools will cost you exactly Open Source / Free Caveats May require more technical
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationCS 558 Internet Systems and Technologies
CS 558 Internet Systems and Technologies Dimitris Deyannis deyannis@csd.uoc.gr 881 Heat seeking Honeypots: Design and Experience Abstract Compromised Web servers are used to perform many malicious activities.
More informationHEY! YOU! GET OFF MY CLOUD! ATTACKS AGAINST CLOUD HONEYPOTS. Martin Lee Neil Rankin
HEY! YOU! GET OFF MY CLOUD! ATTACKS AGAINST CLOUD HONEYPOTS Martin Lee Neil Rankin Cloud Adoption Choose two: Fast Cheap Good Cloud Models Public IaaS PaaS SaaS Private Cloud Models Public IaaS PaaS SaaS
More informationSecond-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they
More informationProceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 31, December 2014, Ernakulam, India
INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) ISSN 0976 6367(Print) ISSN 0976
More informationNetwork Security Monitoring
Network Security Coleman Kane Coleman.Kane@ge.com September 24, 2014 Cyber Defense Overview Network Security 1 / 23 Passive Passive 2 Alert Alert Passive monitoring analyzes traffic with the intention
More informationBEGINNER S GUIDE to. Open Source Intrusion Detection Tools. www.alienvault.com
BEGINNER S GUIDE to Open Source Intrusion Detection Tools www.alienvault.com IDS Basics If you aren t already running network IDS, you should be. There are two types of Network IDS: Signature Detection
More informationTraffic Monitoring : Experience
Traffic Monitoring : Experience Objectives Lebah Net To understand who and/or what the threats are To understand attacker operation Originating Host Motives (purpose of access) Tools and Techniques Who
More informationAdvancement in Virtualization Based Intrusion Detection System in Cloud Environment
Advancement in Virtualization Based Intrusion Detection System in Cloud Environment Jaimin K. Khatri IT Systems and Network Security GTU PG School, Ahmedabad, Gujarat, India Mr. Girish Khilari Senior Consultant,
More informationBanking Security using Honeypot
Banking Security using Honeypot Sandeep Chaware D.J.Sanghvi College of Engineering, Mumbai smchaware@gmail.com Abstract New threats are constantly emerging to the security of organization s information
More informationIntrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS) What are They and How do They Work? By Wayne T Work Security Gauntlet Consulting 56 Applewood Lane Naugatuck, CT 06770 203.217.5004 Page 1 6/12/2003 1. Introduction Intrusion
More informationTaxonomy of Hybrid Honeypots
2011 International Conference on Network and Electronics Engineering IPCSIT vol.11 (2011) (2011) IACSIT Press, Singapore Taxonomy of Hybrid Honeypots Hamid Mohammadzadeh.e.n 1, Masood Mansoori 2 and Roza
More informationHoneypots & Honeynets Overview. Adli Wahid Security Specialist, APNIC.net adli@apnic.net
Honeypots & Honeynets Overview Adli Wahid Security Specialist, APNIC.net adli@apnic.net 1 Contents 1. ObjecCves 2. DefiniCon of Honeypot & Honeynets 3. Benefits & Risk consideracon 4. Example of Honeypot
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationHONEYD (OPEN SOURCE HONEYPOT SOFTWARE)
HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) Author: Avinash Singh Avinash Singh is a Technical Evangelist currently worksing at Appin Technology Lab, Noida. Educational Qualification: B.Tech from Punjab Technical
More informationNetwork Security Monitoring
CEENET/GEANT Security Workshop Sofia, 2014 Network Security Monitoring An Introduction to the world of Intrusion Detection Systems Irvin Homem irvin@dsv.su.se Stockholm University Who am I? Of Indian and
More informationCIT 480: Securing Computer Systems. Incident Response and Honeypots
CIT 480: Securing Computer Systems Incident Response and Honeypots Incident Response What is an Incident? Phases of Incident Response 1. Preparation 2. Identification 3. Containment 4. Damage Assessment
More informationNetwork Based Intrusion Detection Using Honey pot Deception
Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.
More informationNAVAL POSTGRADUATE SCHOOL THESIS
NAVAL POSTGRADUATE SCHOOL MONTEREY, CALIFORNIA THESIS TESTING DECEPTIVE HONEYPOTS by Aymen Yahyaoui September 2014 Thesis Advisor: Second Reader: Neil C. Rowe J. D. Fulp Approved for public release; distribution
More informationPROFESSIONAL SECURITY SYSTEMS
PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security
More informationYou Don t Know What You Can t See: Network Security Monitoring in ICS Rob Caldwell
You Don t Know What You Can t See: Network Security Monitoring in ICS Rob Caldwell Mandiant, a FireEye company [2014 SANS European ICS Summit] About me Currently: Principal Consultant on Mandiant s Industrial
More informationGuidelines for Web applications protection with dedicated Web Application Firewall
Guidelines for Web applications protection with dedicated Web Application Firewall Prepared by: dr inŝ. Mariusz Stawowski, CISSP Bartosz Kryński, Imperva Certified Security Engineer INTRODUCTION Security
More informationInternational Journal of Enterprise Computing and Business Systems ISSN (Online) : 2230-8849
WINDOWS-BASED APPLICATION AWARE NETWORK INTERCEPTOR Ms. Shalvi Dave [1], Mr. Jimit Mahadevia [2], Prof. Bhushan Trivedi [3] [1] Asst.Prof., MCA Department, IITE, Ahmedabad, INDIA [2] Chief Architect, Elitecore
More informationCatching hackers using a virtual honeynet: A case study
Catching hackers using a virtual honeynet: A case study D.N. Pasman d.n.pasman@student.utwente.nl ABSTRACT This paper presents an evaluation of honeypots used for gathering information about the methods
More informationHoneyBOT User Guide A Windows based honeypot solution
HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3
More informationSecuring the system using honeypot in cloud computing environment
Volume: 2, Issue: 4, 172-176 April 2015 www.allsubjectjournal.com e-issn: 2349-4182 p-issn: 2349-5979 Impact Factor: 3.762 M. Phil Research Scholar, Department of Computer Science Vivekanandha College
More informationAdvanced Honeypot System for Analysing Network Security
ISSN: 2347-3215 Volume 2 Number 4 (April-2014) pp. 65-70 www.ijcrar.com Advanced Honeypot System for Analysing Network Security Suruchi Narote 1* and Sandeep Khanna 2 1 Department of Computer Engineering.
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationSecurity Event Management. February 7, 2007 (Revision 5)
Security Event Management February 7, 2007 (Revision 5) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 CRITICAL EVENT DETECTION... 3 LOG ANALYSIS, REPORTING AND STORAGE... 7 LOWER TOTAL COST
More informationHoneypots and Honeynets Technologies
New Mexico State University Honeypots and Honeynets Technologies Hussein Al-Azzawi Final Paper CS 579 Special Topics / Computer Security Nov. 27, 2011 Supervised by Mr. Ivan Strnad Table of contents: 1.
More informationAn Open Source IPS. IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan
An Open Source IPS IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan Introduction IPS or Intrusion Prevention System Uses a NIDS or Network Intrusion Detection System Includes
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationDynamic Rule Based Traffic Analysis in NIDS
International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 14 (2014), pp. 1429-1436 International Research Publications House http://www. irphouse.com Dynamic Rule Based
More informationMedium Interaction Honeypots
Medium Interaction Honeypots Georg Wicherski April 7, 2006 Abstract Autonomously spreading malware has been a global threat to the Internet Community ever since the existence of the Internet as a large-scale
More informationWhat happens when you use nmap or a fuzzer on an ICS?
NSM 101 for ICS About me Chris Sistrunk, PE Electrical Engineer Sr. ICS Security Consultant Control system security assessments ICS Village (DEF CON & RSA Conference) Entergy (11+ years) SCADA Engineer
More informationMake a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.
CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationIDS and Penetration Testing Lab ISA 674
IDS and Penetration Testing Lab ISA 674 Ethics Statement Network Security Student Certification and Agreement I,, hereby certify that I read the following: University Policy Number 1301: Responsible Use
More informationNetwork Monitoring and Forensics
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320 088X IJCSMC, Vol. 2, Issue.
More informationThe Nepenthes Platform: An Efficient Approach to Collect Malware
The Nepenthes Platform: An Efficient Approach to Collect Malware Paul Baecher 1, Markus Koetter 1,ThorstenHolz 2, Maximillian Dornseif 2, and Felix Freiling 2 1 Nepenthes Development Team nepenthesdev@gmail.com
More informationUsing cyber intelligence to detect and localize botnets. ENRICO BRANCA Botconf'13 5-6 December 2013, Nantes, France.
Using cyber intelligence to detect and localize botnets ENRICO BRANCA Botconf'13 5-6 December 2013, Nantes, France. 1 IDEA Create a cyber intelligence system able to: Analyse network communications Detect
More informationAdaptability of IRC Botnet Detection Method to P2P Botnet Detection
Adaptability of IRC Botnet Detection Method to P2P Botnet Detection Ji, Yuan Department of Electrical Engineering and Computer Science University of California, Irvine yji1@uci.edu John, Robin Department
More informationSecurity workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013
Security workshop Belnet Aris Adamantiadis Brussels 18 th April 2013 Agenda What is a botnet? Symptoms How does it work? Life cycle How to fight against botnets? Proactive and reactive NIDS 2 What is a
More informationIntrusion Detection Systems
Intrusion Detection Systems Intrusion Detection Systems Intrusion Detection Systems: Overview IDS Acronyms & Definition Components Recognition & Response Security Interoperability & Cooperation HIDS NIDS
More informationIntrusion Detection Systems
Intrusion Detection Systems Advanced Computer Networks 2007 Reinhard Wallner reinhard.wallner@student.tugraz.at Outline Introduction Types of IDS How works an IDS Attacks to IDS Intrusion Prevention Systems
More informationUnit 3 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.
Running head: UNIT 3 RESEARCH PROJECT 1 Unit 3 Research Project Eddie S. Jackson Kaplan University IT540: Management of Information Security Kenneth L. Flick, Ph.D. 10/07/2014 UNIT 3 RESEARCH PROJECT 2
More informationPassive Logging. Intrusion Detection System (IDS): Software that automates this process
Passive Logging Intrusion Detection: Monitor events, analyze for signs of incidents Look for violations or imminent violations of security policies accepted use policies standard security practices Intrusion
More informationSome Tools for Computer Security Incident Response Team (CSIRT)
Some Tools for Computer Security Incident Response Team (CSIRT) AfNOG 12 30 th May 2011 10 th June 2011 Tanzania By Marcus K. G. Adomey Overview Some Unix Commands Some Selected Tools Snort AirSnort hping
More informationNetworks and Security Lab. Network Forensics
Networks and Security Lab Network Forensics Network Forensics - continued We start off from the previous week s exercises and analyze each trace file in detail. Tools needed: Wireshark and your favorite
More informationCOUNTERSNIPE WWW.COUNTERSNIPE.COM
COUNTERSNIPE WWW.COUNTERSNIPE.COM COUNTERSNIPE SYSTEMS LLC RELEASE 7.0 CounterSnipe s version 7.0 is their next major release and includes a completely new IDS/IPS leveraging high performance scalability
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More informationHotZone. Theory of Operations Configuration Management
HotZone Theory of Operations Configuration Management What is HotZone? Free low-interaction honeypot Source code available (not Open Source but freely downloadable) Designed to be kitted up as a standalone
More informationCSCI 4250/6250 Fall 2015 Computer and Networks Security
CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP
More informationChapter 1 Network Security
Chapter 1 Network Security 1.1 Network Security Router Functions Routers connect networks generally based on network addresses, usually IP network addresses. They create subnets (sub-networks) which isolate
More informationDynamic Honeypot Construction
Dynamic Honeypot Construction 2nd Annual Alaska Information Assurance Workshop Christopher Hecker U. of Alaska, Fairbanks 9-5-2006 Presentation l Brief Introduction l Project Overview l Future Work l References
More informationIntrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool
Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool Mukta Garg Assistant Professor, Advanced Educational Institutions, Palwal Abstract Today s society
More informationWorms, Trojan Horses and Root Kits
Worms, Trojan Horses and Root Kits Worms A worm is a type of Virus that is capable of spreading and replicating itself autonomously over the internet. Famous Worms Morris Internet worm (1988) Currently:
More informationCRYPTUS DIPLOMA IN IT SECURITY
CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information
More informationData Collection and Data Analysis in Honeypots and Honeynets
Data Collection and Data Analysis in Honeypots and Honeynets Pavol Sokol, Patrik Pekarčík, Tomáš Bajtoš pavol.sokol@upjs.sk, patrik.pekarcik@upjs.sk, tomas.bajtos@student.upjs.sk Institute of Computer
More informationEFFECTIVE IMPLEMENTATION OF DYNAMIC CLASSIFICATION FOR NETWORK FORENSIC AND TRAFFIC ANALYSIS
EFFECTIVE IMPLEMENTATION OF DYNAMIC CLASSIFICATION FOR NETWORK FORENSIC AND TRAFFIC ANALYSIS Manu Bansal Assistant Professor Department of IT University Institute of Engineering & Technology Panjab University,
More informationTunisia s experience in building an ISAC. Haythem EL MIR Technical Manager NACS Head of the Incident Response Team cert-tcc
Tunisia s experience in building an ISAC Haythem EL MIR Technical Manager NACS Head of the Incident Response Team cert-tcc 1 Agenda Introduction ISAC objectives and benefits Tunisian approach SAHER system
More informationnmap, nessus, and snort Vulnerability Analysis & Intrusion Detection
nmap, nessus, and snort Vulnerability Analysis & Intrusion Detection agenda Vulnerability Analysis Concepts Vulnerability Scanning Tools nmap nikto nessus Intrusion Detection Concepts Intrusion Detection
More informationNetwork Security EDA491 2011/2012. Laboratory assignment 4. Revision A/576, 2012-05-04 06:13:02Z
Network Security EDA491 2011/2012 Laboratory assignment 4 Revision A/576, 2012-05-04 06:13:02Z Lab 4 - Network Intrusion Detection using Snort 1 Purpose In this assignment you will be introduced to network
More informationSCADA Forensics with Snort IDS
Edith Cowan University Research Online ECU Publications Pre. 2011 2009 SCADA Forensics with Snort IDS Craig Valli Edith Cowan University This article was originally published as: Valli, C. (2009). SCADA
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationhttp://www.it-exams.com
-The fastest and guaranteed way to certy now! http://www.it-exams.com Exam Number : SY0-301 Exam Name : Security+ Certification Exam 2011 version Version : Demo QUESTION NO: 1 Actively monitoring data
More informationIntrusion Detection. Tianen Liu. May 22, 2003. paper will look at different kinds of intrusion detection systems, different ways of
Intrusion Detection Tianen Liu May 22, 2003 I. Abstract Computers are vulnerable to many threats. Hackers and unauthorized users can compromise systems. Viruses, worms, and other kinds of harmful code
More informationDevelopment of an Intrusion Detection and Prevention Course Project Using Virtualization Technology. Te-Shun Chou East Carolina University, USA
International Journal of Education and Development using Information and Communication Technology (IJEDICT), 20, Vol. 7, Issue 2, pp. 46-55. Development of an Intrusion Detection and Prevention Course
More informationHoneypots UNIVERSITÄT MANNHEIM. A quick overview. Pi1 - Laboratory for Dependable Distributed Systems
Honeypots A quick overview Pi1 - Laboratory for Dependable Distributed Systems Outline Motivation High-interaction vs. low-interaction honeypots Gen III honeynets honeyd nepenthes Examples Intro We see
More informationDESIGN OF NETWORK SECURITY PROJECTS USING HONEYPOTS *
DESIGN OF NETWORK SECURITY PROJECTS USING HONEYPOTS * Karthik Sadasivam, Banuprasad Samudrala, T. Andrew Yang University of Houston Clear Lake 2700 Bay Area Blvd., Houston, TX 77058 (281) 283-3835, yang@cl.uh.edu
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationNetwork Monitoring Tool to Identify Malware Infected Computers
Network Monitoring Tool to Identify Malware Infected Computers Navpreet Singh Principal Computer Engineer Computer Centre, Indian Institute of Technology Kanpur, India navi@iitk.ac.in Megha Jain, Payas
More informationHONEYPOT SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
HONEYPOT SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationTaxonomy of Intrusion Detection System
Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use
More informationNetwork/Internet Forensic and Intrusion Log Analysis
Course Introduction Enterprises all over the globe are compromised remotely by malicious hackers each day. Credit card numbers, proprietary information, account usernames and passwords, and a wealth of
More informationConfiguring Snort as a Firewall on Windows 7 Environment
Configuring Snort as a Firewall on Windo Environment Moath Hashim Alsafasfeh a, Abdel Ilah Noor Alshbatat b a National university of Malaysia UKM, Selengor, Malaysia. b Tafila Technical University, Electrical
More informationRecon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins
Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins During initial stages of penetration testing it is essential to build a strong information foundation before you
More informationNetwork Security Monitoring
Network Security Monitoring Network Startup Resource Center www.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationConfiguring Snort as a Firewall on Windows 7 Environment
Journal of Ubiquitous Systems & Pervasive Networks Volume 3, No. 2 (2011) pp. 3- Configuring Snort as a Firewall on Windo Environment Moath Hashim Alsafasfeh a, Abdel Ilah Noor Alshbatat b a National University
More informationSix Days in the Network Security Trenches at SC14. A Cray Graph Analytics Case Study
Six Days in the Network Security Trenches at SC14 A Cray Graph Analytics Case Study WP-NetworkSecurity-0315 www.cray.com Table of Contents Introduction... 3 Analytics Mission and Source Data... 3 Analytics
More informationIntrusion Detection Systems with Correlation Capabilities
Intrusion Detection Systems with Correlation Capabilities Daniel Johansson danjo133@student.liu.se Pär Andersson paran213@student.liu.se Abstract Alert correlation in network intrusion detection systems
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationAnalysis and Evaluation of Network-Based Intrusion Detection and Prevention System in an Enterprise Network Using Snort Freeware
Analysis and Evaluation of Network-Based Intrusion Detection and Prevention System in an Enterprise Network Using Snort Freeware 1 Corresponding Author: lawal5@yahoo.com 1 O.B. Lawal Computer Science Department,
More informationHoneypot as the Intruder Detection System
Honeypot as the Intruder Detection System DAVID MALANIK, LUKAS KOURIL Department of Informatics and Artificial Intelligence Faculty of Applied Informatics, Tomas Bata University in Zlin nam. T. G. Masaryka
More informationUNMASKCONTENT: THE CASE STUDY
DIGITONTO LLC. UNMASKCONTENT: THE CASE STUDY The mystery UnmaskContent.com v1.0 Contents I. CASE 1: Malware Alert... 2 a. Scenario... 2 b. Data Collection... 2 c. Data Aggregation... 3 d. Data Enumeration...
More informationIntrusion Detection Architecture Utilizing Graphics Processors
Acta Informatica Pragensia 1(1), 2012, 50 59, DOI: 10.18267/j.aip.5 Section: Online: aip.vse.cz Peer-reviewed papers Intrusion Detection Architecture Utilizing Graphics Processors Liberios Vokorokos 1,
More informationDISTRIBUTED LOW-INTERACTION HONEYPOT SYSTEM TO DETECT BOTNETS
DISTRIBUTED LOW-INTERACTION HONEYPOT SYSTEM TO DETECT BOTNETS GONG JIAN 2 jgong@njnet.edu.cn Jiangsu Key Laboratory of Computer Networking Technology, China, Nanjing, Southeast University AHMAD JAKALAN
More information