C. Universal Threat Management C.4. Defenses

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "C. Universal Threat Management C.4. Defenses"

Transcription

1 UTM I&C School Prof. P. Janson September 2014 C. Universal Threat Management C.4. Defenses 1 of 20

2 Over vulnerabilities have been found in existing software These vulnerabilities are under constant attacks 24x7 plus criminals are targeting naïve users with social engineering & spam 2 of 20

3 What means exist to prevent, detect, recover from attacks? 3 of 20

4 Intrusion defenses Figures Approaches Prevention Surveillance Detection Correction Tools Information sources 4 of 20

5 Intrusion surveillance: monitoring, reporting, and logging = Security Information & Event Management (SIEM) Needs to be secured Distributed vs. centralized Control center Control center 5 of 20

6 Intrusion detection Recommendation = run from CD-ROM to ensure integrity against disabling malware Intrusion symptoms Methods taxonomy Practical tools Filtering Challenge Digital forensics 6 of 20

7 Intrusion symptoms Symptoms of data exfiltration Swells in Data in unusual places Specific file requests Database read volume HTML response sizes Outbound network traffic Symptoms of data alteration / intrusion / infection / repudiation Suspicious changes in registry or system files Anomalous system patching (attacker locking system against other attackers) Symptoms of abuse Anomalies in DNS requests Web requests with unhuman behavior Port-application traffic mismatches Availability / performance (DoS / smokescreen for more pernicious attacks) Symptoms of identity theft Anomalies in Privileged account activity Geographical origin activity Other log-in activity Mobile device profile changes 7 of 20

8 Methods taxonomy Host- & network-based intrusion detection systems Call- & traffic-based intrusion detection systems Real-time & off-line intrusion detection systems Signature- & anomaly-/behavior-based intrusion detection systems 8 of 20

9 Host- & network-based intrusion detection systems (HIDS & NIDS) Complementary methods Different focus NIDS Focus on events inside network Traffic at network nodes e.g. routers HIDS Focus on events around the network Events at attached hosts e.g. servers & clients Traffic in/out System calls Critical file events Malware detection NIDS HIDS HIDS 9 of 20

10 Call- & traffic-based intrusion detection systems Complementary methods Different focus Traffic-based systems focus on traffic-related events Packet type, size, volume, sequence, source, destination, etc. Traversing network nodes in NIDS Entering and leaving systems in HIDS Call-based systems focus on system calls in HIDS System call types, sequences, arguments, results, etc. 10 of 20

11 Real-time prevention & off-line detection of intrusions Complementary methods Different timescale Off-line IDSs collect + log events as they happen but analyze logs off line May detect but cannot block attacks On-line IDSs collect + log events as they happen and analyze logs continuously May detect and block attacks 11 of 20

12 Signature- & anomaly-/behavior-based intrusion detection systems How to separate the wheat (legitimate activities) from the chaff (attacking activities) Complementary methods Different approaches Attacks as well as legitimate activities can be identified by signatures Characteristic events, packet sequences, sizes, volumes, origins, etc. in traffic-based IDSs Characteristic system calls, sequences, arguments, etc. in call-based IDSs 12 of 20

13 Signature- & anomaly-/behavior-based intrusion detection systems Signature-based IDSs try to recognize attacks + flag them while ignoring everything else Raise alarms when recognizing something matching signature of known attack Suffer from initial false negatives = failing to recognize new attacks Must maintain up-to-date cumulative black-lists of attack signatures Anomaly-/behavior-based IDSs try to recognize legitimate activities and flag everything else Raise alarms when recognizing something not matching signature of legitimate activity Suffer from initial false positives = failing to recognize new legitimate activities Must maintaining up-to-date dynamic white-lists of legitimate activity signatures 13 of 20

14 Practical tools Malware scanners (Critical system) file monitors Honeypots 14 of 20

15 Malware (detection) scanners vs. (prevention) filters Malware filters use black-listed signatures to prevent malware infiltration from outside Filter may fail => malware may still infect network New malware => no signature yet Filter signature file out of date Malware imported over unfiltered path e.g. XCS or a USB key brought by careless employee Malware scanners use black-listed signatures to detect malware that escaped filters 15 of 20

16 Critical system file monitors Many attacks are stealth / hidden, especially latest, long-term APAs But extremely difficult / impossible to completely hide all traces of an attack => Monitor critical system files System registries System user accounts System and other hidden files Network, host, server, middleware, and application configuration files Network, host, server, middleware, application and any other event recording logs Tools maintain and monitor cryptographically signed hashes of critical system files 16 of 20

17 Honeypots (honey nets, honey tokens, honey files) Honeypots = fake networks, systems, servers, containers, applications, accounts (e.g. ) Attract attackers by faked name, purported function, pretended content Designed to be attacked and let attacks proceed under close monitoring Ultimate honeypot is powerful server Bearing many unused IP addresses Advertising applications / ports Mimicking real server Any IP packet or port scan landing there is suspect = Darknet / Internet Background Noise (IBR) (~ 1 PB / month!!) 17 of 20

18 Filtering challenge: false positives & false negatives Key challenge of IDSs is filtering reams of alerts Mostly benign Some unjustified = false positives Some missed = false negatives Two quality parameters: Precision = no. of true positives / no. of true positives + false positives (% unwanted items) Recall = no. of true positives / no. of true positives + false negatives (% missed items) Best IDSs interoperate with others => perspective view of things Comparing agreeing alerts to filter out benign alerts Comparing disagreeing alerts to disambiguate false positives and false negatives 18 of 20

19 Digital forensics Classical forensics search for transfer of matter or traces between suspect, victim and environment Digital forensics search for transfers of information (loads and stores) Always write-protect => copy => archive any storage device under investigation Any attack is very likely to leave visible traces in or around systems they target Cradle-to-grave encryption of all information => the end of digital forensics Ethical and legal issue whether suspect can be forced to surrender crypto keys (comparable to search-warrant but harder to enforce) 19 of 20

20 Incident response / recovery Isolate affected systems Report intrusion to management and nearest CERT Correct damage always have BCR plan Restore system beware of infected back-ups Restart operations Analyze evidence to understand attack computer forensics Upgrade defenses to prevent repetition 20 of 20

Taxonomy of Intrusion Detection System

Taxonomy of Intrusion Detection System Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use

More information

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline

More information

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013 CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

CSCI 4250/6250 Fall 2015 Computer and Networks Security

CSCI 4250/6250 Fall 2015 Computer and Networks Security CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP

More information

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University Module II. Internet Security Chapter 7 Intrusion Detection Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 7.1 Threats to Computer System 7.2 Process of Intrusions

More information

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection

More information

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.

More information

Name. Description. Rationale

Name. Description. Rationale Complliiance Componentt Description DEEFFI INITION Network-Based Intrusion Detection Systems (NIDS) Network-Based Intrusion Detection Systems (NIDS) detect attacks by capturing and analyzing network traffic.

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Intrusion Detection and Intrusion Prevention. Ed Sale VP of Security Pivot Group, LLC

Intrusion Detection and Intrusion Prevention. Ed Sale VP of Security Pivot Group, LLC Intrusion Detection and Intrusion Prevention Ed Sale VP of Security Pivot Group, LLC Presentation Goals Describe IDS and IPS Why They Are Important Deployment and Use Major Players The IT Security Camera

More information

Second-generation (GenII) honeypots

Second-generation (GenII) honeypots Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they

More information

Intrusion Detection. Tianen Liu. May 22, 2003. paper will look at different kinds of intrusion detection systems, different ways of

Intrusion Detection. Tianen Liu. May 22, 2003. paper will look at different kinds of intrusion detection systems, different ways of Intrusion Detection Tianen Liu May 22, 2003 I. Abstract Computers are vulnerable to many threats. Hackers and unauthorized users can compromise systems. Viruses, worms, and other kinds of harmful code

More information

Cisco IPS Tuning Overview

Cisco IPS Tuning Overview Cisco IPS Tuning Overview Overview Increasingly sophisticated attacks on business networks can impede business productivity, obstruct access to applications and resources, and significantly disrupt communications.

More information

Introduction of Intrusion Detection Systems

Introduction of Intrusion Detection Systems Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

Cybersecurity Health Check At A Glance

Cybersecurity Health Check At A Glance This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not

More information

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

More information

On-Premises DDoS Mitigation for the Enterprise

On-Premises DDoS Mitigation for the Enterprise On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has

More information

74% 96 Action Items. Compliance

74% 96 Action Items. Compliance Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated

More information

Firewalls and Intrusion Detection

Firewalls and Intrusion Detection Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

Data Loss Prevention in the Enterprise

Data Loss Prevention in the Enterprise Data Loss Prevention in the Enterprise ISYM 525 Information Security Final Paper Written by Keneth R. Rhodes 12-01-09 In today s world data loss happens multiple times a day. Statistics show that there

More information

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014 Endpoint & Server Protection Brent Biernat First Vice President Network Services May 13, 2014 The Evolution of Cyber Crime 1878 Bell Telephone Teenage Switchboard Operator Disconnected calls, eavesdropped,

More information

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human

More information

The Comprehensive Guide to PCI Security Standards Compliance

The Comprehensive Guide to PCI Security Standards Compliance The Comprehensive Guide to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment

More information

Intrusion Detection for Mobile Ad Hoc Networks

Intrusion Detection for Mobile Ad Hoc Networks Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems

More information

Intrusion Detection Systems

Intrusion Detection Systems Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics

More information

Banking Security using Honeypot

Banking Security using Honeypot Banking Security using Honeypot Sandeep Chaware D.J.Sanghvi College of Engineering, Mumbai smchaware@gmail.com Abstract New threats are constantly emerging to the security of organization s information

More information

CorreLog Alignment to PCI Security Standards Compliance

CorreLog Alignment to PCI Security Standards Compliance CorreLog Alignment to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment

More information

GE Measurement & Control. Cyber Security for NEI 08-09

GE Measurement & Control. Cyber Security for NEI 08-09 GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4

More information

N4SECURE SERVICES TECHNICAL DESCRIPTION PUBLIC NODE4 LIMITED 25/04/2016

N4SECURE SERVICES TECHNICAL DESCRIPTION PUBLIC NODE4 LIMITED 25/04/2016 N4SECURE SERVICES TECHNICAL DESCRIPTION PUBLIC NODE4 LIMITED 25/04/2016 INTRODUCTION N4Secure is a Threat Intelligence managed service. By monitoring network traffic, server traffic, scanning for internal

More information

IS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS

More information

Smarter Security for Smarter Local Government. Craig Sargent, Solutions Specialist

Smarter Security for Smarter Local Government. Craig Sargent, Solutions Specialist Smarter Security for Smarter Local Government Craig Sargent, Solutions Specialist SUMMARY 1 Trustwave and SpiderLabs 2 Penetration Testing 3 Web Application Firewall (WAF) 4 Security Information & Event

More information

A Proposed Architecture of Intrusion Detection Systems for Internet Banking

A Proposed Architecture of Intrusion Detection Systems for Internet Banking A Proposed Architecture of Intrusion Detection Systems for Internet Banking A B S T R A C T Pritika Mehra Post Graduate Department of Computer Science, Khalsa College for Women Amritsar, India Mehra_priti@yahoo.com

More information

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton

More information

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security

More information

Concierge SIEM Reporting Overview

Concierge SIEM Reporting Overview Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts

More information

WHITE PAPER WHAT HAPPENED?

WHITE PAPER WHAT HAPPENED? WHITE PAPER WHAT HAPPENED? ENSURING YOU HAVE THE DATA YOU NEED FOR EFFECTIVE FORENSICS AFTER A DATA BREACH Over the past ten years there have been more than 75 data breaches in which a million or more

More information

Intrusion Detection Systems (IDS)

Intrusion Detection Systems (IDS) Intrusion Detection Systems (IDS) Presented by Erland Jonsson Department of Computer Science and Engineering Contents Motivation and basics (Why and what?) IDS types and detection principles Key Data Problems

More information

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

Locking down a Hitachi ID Suite server

Locking down a Hitachi ID Suite server Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime

More information

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013 CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access

More information

information security and its Describe what drives the need for information security.

information security and its Describe what drives the need for information security. Computer Information Systems (Forensics Classes) Objectives for Course Challenges CIS 200 Intro to Info Security: Includes managerial and Describe information security and its critical role in business.

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls

More information

RSA Security Analytics

RSA Security Analytics RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources

More information

Developing A Successful Patch Management Process

Developing A Successful Patch Management Process Developing A Successful Patch Management Process White Paper FoxGuard Solutions, Inc. August 2014 Introduction Almost every day, new vulnerabilities are discovered and disclosed to software vendors, who

More information

INTRUSION DETECTION SYSTEMS and Network Security

INTRUSION DETECTION SYSTEMS and Network Security INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS

More information

Traffic Monitoring : Experience

Traffic Monitoring : Experience Traffic Monitoring : Experience Objectives Lebah Net To understand who and/or what the threats are To understand attacker operation Originating Host Motives (purpose of access) Tools and Techniques Who

More information

Stop the Maelstrom: Using Endpoint Sensor Data in a SIEM to Isolate Threats

Stop the Maelstrom: Using Endpoint Sensor Data in a SIEM to Isolate Threats Stop the Maelstrom: Using Endpoint Sensor Data in a SIEM to Isolate Threats Jody C. Patilla The Johns Hopkins University Session ID: TECH-107 Session Classification: Intermediate Objectives Get more out

More information

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow Anatomy of a Breach: A case study in how to protect your organization Presented By Greg Sparrow Agenda Background & Threat landscape Breach: A Case Study Incident Response Best Practices Lessons Learned

More information

D. Best Practices D.2. Administration The 6 th A

D. Best Practices D.2. Administration The 6 th A Best Practices I&C School Prof. P. Janson September 2014 D. Best Practices D.2. Administration The 6 th A 1 of 26 The previous section described how to improve IT security through use of better development

More information

Endpoint Security: Moving Beyond AV

Endpoint Security: Moving Beyond AV Endpoint Security: Moving Beyond AV An Ogren Group Special Report July 2009 Introduction Application whitelisting is emerging as the security technology that gives IT a true defense-in-depth capability,

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Global Partner Management Notice

Global Partner Management Notice Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with

More information

Networking for Caribbean Development

Networking for Caribbean Development Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n

More information

Protecting Point-of-Sale Environments Against Multi-Stage Attacks

Protecting Point-of-Sale Environments Against Multi-Stage Attacks SOLUTION BRIEF: PROTECTING POS DEVICES & BROADER ENVIRONMENT........................................ Protecting Point-of-Sale Environments Against Multi-Stage Attacks Who should read this paper Point-of-Sale

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

TECHNICAL NOTE 10/03 DEPLOYMENT GUIDANCE FOR INTRUSION DETECTION SYSTEMS

TECHNICAL NOTE 10/03 DEPLOYMENT GUIDANCE FOR INTRUSION DETECTION SYSTEMS TECHNICAL NOTE 10/03 DEPLOYMENT GUIDANCE FOR INTRUSION DETECTION SYSTEMS 19 NOVEMBER 2003 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor

More information

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more

More information

Security Analytics The Beginning of the End(Point)

Security Analytics The Beginning of the End(Point) Security Analytics The Beginning of the End(Point) Arie Joosse Arie.Joosse@nexthink.com It s 10am, what do you know about your endpoints? What applications are running? New ones that you didn t deploy

More information

IDS : Intrusion Detection System the Survey of Information Security

IDS : Intrusion Detection System the Survey of Information Security IDS : Intrusion Detection System the Survey of Information Security Sheetal Thakare 1, Pankaj Ingle 2, Dr. B.B. Meshram 3 1,2 Computer Technology Department, VJTI, Matunga,Mumbai 3 Head Of Computer TechnologyDepartment,

More information

Why The Security You Bought Yesterday, Won t Save You Today

Why The Security You Bought Yesterday, Won t Save You Today 9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About

More information

THE ROLE OF IDS & ADS IN NETWORK SECURITY

THE ROLE OF IDS & ADS IN NETWORK SECURITY THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker

More information

Seven Strategies to Defend ICSs

Seven Strategies to Defend ICSs INTRODUCTION Cyber intrusions into US Critical Infrastructure systems are happening with increased frequency. For many industrial control systems (ICSs), it s not a matter of if an intrusion will take

More information

Denial of Service attacks: analysis and countermeasures. Marek Ostaszewski

Denial of Service attacks: analysis and countermeasures. Marek Ostaszewski Denial of Service attacks: analysis and countermeasures Marek Ostaszewski DoS - Introduction Denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended

More information

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become

More information

Security Toolsets for ISP Defense

Security Toolsets for ISP Defense Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.

More information

A Case for Managed Security

A Case for Managed Security A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction

More information

SPAM FILTER Service Data Sheet

SPAM FILTER Service Data Sheet Content 1 Spam detection problem 1.1 What is spam? 1.2 How is spam detected? 2 Infomail 3 EveryCloud Spam Filter features 3.1 Cloud architecture 3.2 Incoming email traffic protection 3.2.1 Mail traffic

More information

RSA Security Anatomy of an Attack Lessons learned

RSA Security Anatomy of an Attack Lessons learned RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack

More information

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM Internet Security Protecting Your Business Hayden Johnston & Rik Perry WYSCOM Introduction Protecting Your Network Securing Your Information Standards & Best Practices Tools & Options Into The Future Creating

More information

Network Based Intrusion Detection Using Honey pot Deception

Network Based Intrusion Detection Using Honey pot Deception Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.

More information

INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad

INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad OUTLINE Security incident Attack scenario Intrusion detection system Issues and challenges Conclusion

More information

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities

More information

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

Detecting Threats Via Network Anomalies. Paul Martini Cofounder and CEO iboss Cybersecurity

Detecting Threats Via Network Anomalies. Paul Martini Cofounder and CEO iboss Cybersecurity Detecting Threats Via Network Anomalies Paul Martini Cofounder and CEO iboss Cybersecurity Why is Anomaly Detection Important? Largest enterprises with the biggest investment in prevention are still getting

More information

Unified Security Management

Unified Security Management Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

Security workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013

Security workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013 Security workshop Belnet Aris Adamantiadis Brussels 18 th April 2013 Agenda What is a botnet? Symptoms How does it work? Life cycle How to fight against botnets? Proactive and reactive NIDS 2 What is a

More information

Attachment A. Identification of Risks/Cybersecurity Governance

Attachment A. Identification of Risks/Cybersecurity Governance Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year

More information

SURVEY OF INTRUSION DETECTION SYSTEM

SURVEY OF INTRUSION DETECTION SYSTEM SURVEY OF INTRUSION DETECTION SYSTEM PRAJAPATI VAIBHAVI S. SHARMA DIPIKA V. ASST. PROF. ASST. PROF. MANISH INSTITUTE OF COMPUTER STUDIES MANISH INSTITUTE OF COMPUTER STUDIES VISNAGAR VISNAGAR GUJARAT GUJARAT

More information

Radware s Smart IDS Management. FireProof and Intrusion Detection Systems. Deployment and ROI. North America. International. www.radware.

Radware s Smart IDS Management. FireProof and Intrusion Detection Systems. Deployment and ROI. North America. International. www.radware. Radware s Smart IDS Management FireProof and Intrusion Detection Systems Deployment and ROI North America Radware Inc. 575 Corporate Dr. Suite 205 Mahwah, NJ 07430 Tel 888 234 5763 International Radware

More information

Strategies to Mitigate Targeted Cyber Intrusions Mitigation Details

Strategies to Mitigate Targeted Cyber Intrusions Mitigation Details CYBER SECURITY OPERATIONS CENTRE 13/2011 21 July 2011 Strategies to Mitigate Targeted Cyber Intrusions Mitigation Details INTRODUCTION 1. This document provides further information regarding DSD s list

More information

Austin Peay State University

Austin Peay State University 1 Austin Peay State University Identity Theft Operating Standards (APSUITOS) I. PROGRAM ADOPTION Austin Peay State University establishes Identity Theft Operating Standards pursuant to the Federal Trade

More information

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2 Texas Wesleyan Firewall Policy Purpose... 1 Scope... 1 Specific Requirements... 1 PURPOSE Firewalls are an essential component of the Texas Wesleyan information systems security infrastructure. Firewalls

More information

LogRhythm and PCI Compliance

LogRhythm and PCI Compliance LogRhythm and PCI Compliance The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent

More information

Critical Security Controls

Critical Security Controls Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security

More information

OS Security. Malware (Part 2) & Intrusion Detection and Prevention. Radboud University Nijmegen, The Netherlands. Winter 2015/2016

OS Security. Malware (Part 2) & Intrusion Detection and Prevention. Radboud University Nijmegen, The Netherlands. Winter 2015/2016 OS Security Malware (Part 2) & Intrusion Detection and Prevention Radboud University Nijmegen, The Netherlands Winter 2015/2016 A short recap Different categories of malware: Virus (self-reproducing, needs

More information

Intrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis

Intrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis Intrusion Detection Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

SIEM Orchestration. How McAfee Enterprise Security Manager can drive action, automate remediation, and increase situational awareness

SIEM Orchestration. How McAfee Enterprise Security Manager can drive action, automate remediation, and increase situational awareness SIEM Orchestration How McAfee Enterprise Security Manager can drive action, automate remediation, and increase situational awareness Scott Taschler, Solution Architect, McAfee Table of Contents Introduction

More information

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa.

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa. Global Partner Management Notice Subject: Visa Data Security Alert Malicious Software and Internet Protocol Addresses Dated: April 10, 2009 Announcement: The protection of account information is a responsibility

More information

Architecture Overview

Architecture Overview Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and

More information

IDS Categories. Sensor Types Host-based (HIDS) sensors collect data from hosts for

IDS Categories. Sensor Types Host-based (HIDS) sensors collect data from hosts for Intrusion Detection Intrusion Detection Security Intrusion: a security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts

More information

Network- vs. Host-based Intrusion Detection

Network- vs. Host-based Intrusion Detection Network- vs. Host-based Intrusion Detection A Guide to Intrusion Detection Technology 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free: 800.776.2362 Fax: 678.443.6477

More information

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates

More information

Intrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science

Intrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science A Seminar report On Intrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science SUBMITTED TO: www.studymafia.org SUBMITTED BY: www.studymafia.org

More information

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know

More information

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security

More information

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN flooding: attacker

More information