Automatic Network Protection Scenarios Using NetFlow
|
|
- Meagan Haynes
- 8 years ago
- Views:
Transcription
1 Automatic Network Protection Scenarios Using NetFlow Vojt ch Krmí ek, Jan Vykopal {krmicek FloCon 2012 January 9-12, Austin, Texas
2 Part I Flow-based Network Protection Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 2 / 23
3 Goals and Components Goals of Network Protection Using NetFlow data to protect network. Defending perimeter against attacks from outside. Automated attack detection. Suitable for high speed networks (10 Gbps+). System Parts Sensors ( NetFlow data). Control center ( commands). Active network components ( blocking/filtering). HAMOC platform both sensor and active component. Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 3 / 23
4 General Architecture of Network Protection Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 4 / 23
5 NfSen/NFDUMP Collector Toolset Architecture Web Front-End User Plugins Command-Line Interface Periodic Update Tasks and Plugins NetFlow v5/v9 NFDUMP Backend NfSen NetFlow Sensor NFDUMP NetFlow display Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 5 / 23
6 Methods for Data Analysis TCP SYN scanning detection Simple, e ective general method, low false positive rate. Honeypot monitoring Uses subnet allocated for high- and low-interaction honeypots. Eliminates false positives, mainly catches hosts from outside. Brute force attack detection Similar flows may be symptoms of this attack. Suitable even for encrypted services such as SSH. Round trip time anomaly detection (D)DOSes overwhelm servers and increase response time. Abrupt increase of RTT may point to attack/misconfiguration. Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 6 / 23
7 HAMOC Hardware Platform Features Tra c distribution among multiple CPU cores. Network applications with hardware acceleration. Capable of concurrent monitoring/blocking/filtering/etc. Low-speed networks SW alternative (NetFlow/iptables). Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 7 / 23
8 Network Protection Deployment Scenarios Scenarios NetFlow probes + control center + RTBH 1 filtering HAMOC as NetFlow probe and firewall HAMOC as redirection to quarantine (phishing) HAMOC as NetFlow probe and active attack tool HAMOC as NetFlow probe and tra c limiter 1 Remote Triggered Black Hole Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 8 / 23
9 Part II Network Protection Scenarios Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 9 / 23
10 NetFlow Probes + Control Center + RTBH Filtering Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 10 / 23
11 HAMOC as NetFlow Probe and Firewall Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 11 / 23
12 HAMOC as Redirection to Quarantine (Phishing) Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 12 / 23
13 HAMOC as NetFlow Probe and Active Attack Tool Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 13 / 23
14 HAMOC as NetFlow Probe and Tra c Limiter Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 14 / 23
15 Part III Network Protection Use Case: SSH Dictionary Attack and HAMOC Firewall Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 15 / 23
16 I. Attacker Performs SSH Horizontal Scan Attacker Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 16 / 23
17 II. Attacker Starts SSH Dictionary Attack Attacker Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 17 / 23
18 III. Center Detects Attack/Inserts Blocking Rule Attacker Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 18 / 23
19 IV. New SSH Attack, Blocked at the Border Attacker Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 19 / 23
20 V. Regular User Can Access Network, Attacker Not Attacker Regular User Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 20 / 23
21 Part IV Conclusion Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 21 / 23
22 Conclusion Role of IP Flow Monitoring in High Speed Networks Flow-based monitoring suitable for large networks. Observe and automatically inspect 24x7 network data. Possible future deployment in 10Gbps/40Gbps/100Gbps networks. Automatic Network Protection Class of attacks can be detected automatically. Automatic network protection supports operators. Detect and block attacks before hosts are infected. Not usable in every situation limitations. Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 22 / 23
23 Thank you for your attention! Automatic Network Protection Scenarios Using NetFlow Vojt ch Krmí ek et al. {krmicek Project CYBER This material is based upon work supported by the Czech Ministry of Defence under Contract No. OVMASUN Krmicek et al. Automatic Network Protection Scenarios Using NetFlow 23 / 23
Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík
Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík {celeda velan jirsik}@ics.muni.cz Part I Introduction P. Čeleda et al. Network Security Monitoring and Behavior
More informationDetecting Botnets with NetFlow
Detecting Botnets with NetFlow V. Krmíček, T. Plesník {vojtec plesnik}@ics.muni.cz FloCon 2011, January 12, Salt Lake City, Utah Presentation Outline NetFlow Monitoring at MU Chuck Norris Botnet in a Nutshell
More informationFlow-based detection of RDP brute-force attacks
Flow-based detection of RDP brute-force attacks Martin Vizváry vizvary@ics.muni.cz Institute of Computer Science Masaryk University Brno, Czech Republic Jan Vykopal vykopal@ics.muni.cz Institute of Computer
More informationNfSen Plugin Supporting The Virtual Network Monitoring
NfSen Plugin Supporting The Virtual Network Monitoring Vojtěch Krmíček krmicek@liberouter.org Pavel Čeleda celeda@ics.muni.cz Jiří Novotný novotny@cesnet.cz Part I Monitoring of Virtual Network Environments
More informationRevealing Botnets Using Network Traffic Statistics
Revealing Botnets Using Network Traffic Statistics P. Čeleda, R. Krejčí, V. Krmíček {celeda vojtec}@ics.muni.cz, radek.krejci@mail.muni.cz Security and Protection of Information 2011, 10-12 May 2011, Brno,
More informationCisco Network Foundation Protection Overview
Cisco Network Foundation Protection Overview June 2005 1 Security is about the ability to control the risk incurred from an interconnected global network. Cisco NFP provides the tools, technologies, and
More informationNetwork Security Monitoring and Behavior Analysis Best Practice Document
Network Security Monitoring and Behavior Analysis Best Practice Document Produced by CESNET led working group on network monitoring (CBPD133) Author: Pavel Čeleda September 2011 TERENA 2011. All rights
More informationDistributed Systems. Firewalls: Defending the Network. Paul Krzyzanowski pxk@cs.rutgers.edu
Distributed Systems Firewalls: Defending the Network Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution
More informationFirewalls and System Protection
Firewalls and System Protection Firewalls Distributed Systems Paul Krzyzanowski 1 Firewalls: Defending the network inetd Most UNIX systems ran a large number of tcp services as dæmons e.g., rlogin, rsh,
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationMonitoring backbone networks
R O N E N N M A N I A D U C A T I O E T W O R K Ro Net Edu Monitoring backbone networks Manuel Șubredu, Valeriu Vraciu RoEduNet Chișinău, September 9, 2014 Agenda Why? What? How? Tools? Facts! Why? A picture
More informationIntroduction of Intrusion Detection Systems
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty
EMERGING THREATS & STRATEGIES FOR DEFENSE Stephen Coty Chief Security Evangelist @StephenCoty Industry Analysis 2014 Data Breaches - Ponemon Ponemon 2014 Data Breach Report *Statistics from 2013 Verizon
More informationOn the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks
CIBSI 2013 Panama City, Panama, October 30 th, 2013 On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks Paulo Simões, Tiago Cruz, Jorge Gomes, Edmundo Monteiro psimoes@dei.uc.pt
More informationNemea: Searching for Botnet Footprints
Nemea: Searching for Botnet Footprints Tomas Cejka 1, Radoslav Bodó 1, Hana Kubatova 2 1 CESNET, a.l.e. 2 FIT, CTU in Prague Zikova 4, 160 00 Prague 6 Thakurova 9, 160 00 Prague 6 Czech Republic Czech
More informationRadware s Attack Mitigation Solution On-line Business Protection
Radware s Attack Mitigation Solution On-line Business Protection Table of Contents Attack Mitigation Layers of Defense... 3 Network-Based DDoS Protections... 3 Application Based DoS/DDoS Protection...
More informationCERT-GOV-GE Activities & International Partnerships
CERT-GOV-GE Activities & International Partnerships Zurich, Switzerland 2014 CERT-GOV-GE Manager David Kvatadze www.dea.gov.ge CERT-GOV-GE - Structural unit was formed within the Information Security and
More informationNetwork forensics 101 Network monitoring with Netflow, nfsen + nfdump
Network forensics 101 Network monitoring with Netflow, nfsen + nfdump www.enisa.europa.eu Agenda Intro to netflow Metrics Toolbox (Nfsen + Nfdump) Demo www.enisa.europa.eu 2 What is Netflow Netflow = Netflow
More informationLoad Balancing Security Gateways WHITE PAPER
Load Balancing Security Gateways WHITE PAPER Table of Contents Acceleration and Optimization... 4 High Performance DDoS Protection... 4 Web Application Firewall... 5 DNS Application Firewall... 5 SSL Insight...
More informationWhite Paper A10 Thunder and AX Series Load Balancing Security Gateways
White Paper A10 Thunder and AX Series Load Balancing Security Gateways June 2013 WP_LB FW 062013 Disclaimer This document does not create any express or implied warranty about A10 Networks or about its
More informationHow To Create A Network Monitoring System (Flowmon) In Avea-Tech (For Free)
Network Traffic Performance & Security Monitoring Project proposal minimal project Orsenna;Invea-Tech FLOWMON PROBES 1000 & 100 Contents 1. Introduction... 2 1.1. General System Requirements... 2 1.2.
More informationMonitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX
Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX Martin Elich 1,3, Matěj Grégr 1,2 and Pavel Čeleda1,3 1 CESNET, z.s.p.o., Prague, Czech Republic 2 Brno University of Technology,
More informationnfdump and NfSen 18 th Annual FIRST Conference June 25-30, 2006 Baltimore Peter Haag 2006 SWITCH
18 th Annual FIRST Conference June 25-30, 2006 Baltimore Peter Haag 2006 SWITCH Some operational questions, popping up now and then: Do you see this peek on port 445 as well? What caused this peek on your
More informationDenial of Service Attacks
2 Denial of Service Attacks : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013 its335y13s2l06, Steve/Courses/2013/s2/its335/lectures/malicious.tex,
More informationWatch your Flows with NfSen and NFDUMP 50th RIPE Meeting May 3, 2005 Stockholm Peter Haag
Watch your Flows with NfSen and NFDUMP 50th RIPE Meeting May 3, 2005 Stockholm Peter Haag 2005 SWITCH What I am going to present: The Motivation. What are NfSen and nfdump? The Tools in Action. Outlook
More informationHOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT
HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT The frequency and sophistication of Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Most of the earliest
More informationSecurity Event Management. February 7, 2007 (Revision 5)
Security Event Management February 7, 2007 (Revision 5) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 CRITICAL EVENT DETECTION... 3 LOG ANALYSIS, REPORTING AND STORAGE... 7 LOWER TOTAL COST
More informationHoneyBOT User Guide A Windows based honeypot solution
HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3
More informationSystem Specification. Author: CMU Team
System Specification Author: CMU Team Date: 09/23/2005 Table of Contents: 1. Introduction...2 1.1. Enhancement of vulnerability scanning tools reports 2 1.2. Intelligent monitoring of traffic to detect
More informationComprehensive IP Traffic Monitoring with FTAS System
Comprehensive IP Traffic Monitoring with FTAS System Tomáš Košňar kosnar@cesnet.cz CESNET, association of legal entities Prague, Czech Republic Abstract System FTAS is designed for large-scale continuous
More informationNetwork Monitoring and Management NetFlow Overview
Network Monitoring and Management NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationFortigate Features & Demo
& Demo Prepared and Presented by: Georges Nassif Technical Manager Triple C Firewall Antivirus IPS Web Filtering AntiSpam Application Control DLP Client Reputation (cont d) Traffic Shaping IPSEC VPN SSL
More informationFortiWeb for ISP. Web Application Firewall. Copyright Fortinet Inc. All rights reserved.
FortiWeb for ISP Web Application Firewall Copyright Fortinet Inc. All rights reserved. Agenda Introduction to FortiWeb Highlights Main Features Additional FortiWEB Services for the ISP FortiWeb Family
More informationMONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN
MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN Kanika 1, Renuka Goyal 2, Gurmeet Kaur 3 1 M.Tech Scholar, Computer Science and Technology, Central University of Punjab, Punjab, India
More informationSecure and Effective IT Infrastructure
Secure and Effective IT Infrastructure Purpose of this document The IT infrastructure complexity is increasing in today s modern world. New products are constantly being released as well as new types of
More informationSecurity Toolsets for ISP Defense
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
More informationDDoS Mitigation Techniques
DDoS Mitigation Techniques Ron Winward, ServerCentral CHI-NOG 03 06/14/14 Consistent Bottlenecks in DDoS Attacks 1. The server that is under attack 2. The firewall in front of the network 3. The internet
More informationCERT-GOV-GE Activities & Services
CERT-GOV-GE Activities & Services Tbilisi, Georgia 2014 CERT-GOV-GE Manager David Kvatadze www.dea.gov.ge CERT-GOV-GE - Structural unit was formed within the Information Security and Policy division of
More informationAdvanced approach to network security and performance monitoring
Advanced approach to network security and performance monitoring Michal Drozd TrustPort Threat Intelligence Product Manager 18 slides Agenda Network monitoring Security and performance problems Common
More informationJUST FOR THOSE WHO CAN T TOLERATE DOWNTIME WE ARE NOT FOR EVERYONE
WE ARE NOT FOR EVERYONE JUST FOR THOSE WHO CAN T TOLERATE DOWNTIME Don t let a DDoS attack bring your online business to a halt we can protect any server in any location DON T GET STUCK ON THE ROAD OF
More informationProject Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology. Project Proposal 1
Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology Project Proposal 1 Project Proposal 2 Abstract Honeypot systems are readily used by organizations large and
More informationUnified Security Management and Open Threat Exchange
13/09/2014 Unified Security Management and Open Threat Exchange RICHARD KIRK SENIOR VICE PRESIDENT 11 SEPTEMBER 2014 Agenda! A quick intro to AlienVault Unified Security Management (USM)! Overview of the
More informationIntroduction to Netflow
Introduction to Netflow Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationHigh Speed Data Transfer from the APS. Kenneth Sidorowicz September 27, 2006
High Speed Data Transfer from the APS Kenneth Sidorowicz September 27, 2006 Deep Inspection Firewalls Secure Computing G2 Model 4150 firewalls were installed during the September 2004 accelerator shutdown
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationIntrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS)
ISCA Journal of Engineering Sciences ISCA J. Engineering Sci. Intrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS) Abstract Tiwari Nitin, Solanki Rajdeep
More informationSecond-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they
More informationStephen Coty Director, Threat Research
Emerging threats facing Cloud Computing Stephen Coty Director, Threat Research Cloud Environments 101 Cloud Adoption is Gaining Momentum Cloud market revenue will increase at a 36% annual rate Analyst
More informationData Sheet. V-Net Link 700 C Series Link Load Balancer. V-NetLink:Link Load Balancing Solution from VIAEDGE
Data Sheet V-Net Link 700 C Series Link Load Balancer V-NetLink:Link Load Balancing Solution from VIAEDGE V-NetLink : Link Load Balancer As the use of the Internet to deliver organizations applications
More informationFirewalls and Network Defence
Firewalls and Network Defence Harjinder Singh Lallie (September 12) 1 Lecture Goals Learn about traditional perimeter protection Understand the way in which firewalls are used to protect networks Understand
More informationPilot Deployment of Metering Points at CESNET Border Links
CESNET Technical Report 5/2012 Pilot Deployment of Metering Points at CESNET Border Links VÁCLAV BARTOš, PAVEL ČELEDA, TOMÁš KREUZWIESER, VIKTOR PUš, PETR VELAN, MARTIN ŽÁDNÍK Received 12. 12. 2012 Abstract
More informationTELCO challenge: Learning and managing the network behavior
TELCO challenge: Learning and managing the network behavior M.Sc. Ljupco Vangelski CEO, Scope Innovations Kiril Oncevski NOC, ISP Neotel Skopje Presentation overview Challenges for the modern network monitoring
More informationInstalling and Configuring Nessus by Nitesh Dhanjani
Unless you've been living under a rock for the past few years, it is quite evident that software vulnerabilities are being found and announced quicker than ever before. Every time a security advisory goes
More informationIntego Enterprise Software Deployment Guide
Intego Enterprise Software Deployment Guide www.intego.com Intego Enterprise Software Deployment Guide! Page 1 Table of Contents Introduction!... 3 Managing Macs in the Enterprise!... 4 Using Remote Management
More informationNetwork Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion
Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann
More informationIntroducing FortiDDoS. Mar, 2013
Introducing FortiDDoS Mar, 2013 Introducing FortiDDoS Hardware Accelerated DDoS Defense Intent Based Protection Uses the newest member of the FortiASIC family, FortiASIC-TP TM Rate Based Detection Inline
More informationDOCUMENT REFERENCE: SQ309-002-EN. SAMKNOWS TEST METHODOLOGY Web-based Broadband Performance White Paper. July 2015
DOCUMENT REFERENCE: SQ309-002-EN SAMKNOWS TEST METHODOLOGY Web-based Broadband Performance White Paper July 2015 SAMKNOWS QUALITY CONTROLLED DOCUMENT. SQ REV LANG STATUS OWNER DATED 309 03 EN FINAL SC
More informationNFSEN - Update 13th TF-CSIRT Meeting 23. September 2004 Malta Peter Haag
NFSEN - Update 13th TF-CSIRT Meeting 23. September 2004 Malta Peter Haag 2004 SWITCH NFSEN ( NetFlow Sensor ) 12th TF-CSIRT Meeting Hamburg: 2004 SWITCH 2 NFSEN http://www.terena.nl/tech/task-forces/tf-csirt/meeting12/nfsen-haag.pdf
More informationReducing the impact of DoS attacks with MikroTik RouterOS
Reducing the impact of DoS attacks with MikroTik RouterOS Alfredo Giordano Matthew Ciantar WWW.TIKTRAIN.COM 1 About Us Alfredo Giordano MikroTik Certified Trainer and Consultant Support deployment of WISP
More informationHow To Set Up Foglight Nms For A Proof Of Concept
Page 1 of 5 Foglight NMS Overview Foglight Network Management System (NMS) is a robust and complete network monitoring solution that allows you to thoroughly and efficiently manage your network. It is
More informationAlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide
AlienVault Unified Security Management (USM) 4.x-5.x Deployment Planning Guide USM 4.x-5.x Deployment Planning Guide, rev. 1 Copyright AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationCyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014
Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014 Introduction: Cyber attack is an unauthorized access to a computer
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationLecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
More informationSANS Dshield Webhoneypot Project. OWASP November 13th, 2009. The OWASP Foundation http://www.owasp.org. Jason Lam
SANS Dshield Webhoneypot Project Jason Lam November 13th, 2009 SANS Internet Storm Center jason@networksec.org The Foundation http://www.owasp.org Introduction Who is Jason Lam Agenda Intro to honeypot
More informationTraffic Monitoring : Experience
Traffic Monitoring : Experience Objectives Lebah Net To understand who and/or what the threats are To understand attacker operation Originating Host Motives (purpose of access) Tools and Techniques Who
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationFlowMon. Complete solution for network monitoring and security. INVEA-TECH info@invea-tech.com
FlowMon Complete solution for network monitoring and security INVEA-TECH info@invea-tech.com INVEA-TECH University spin-off company 10 years of development, participation in EU funded projects project
More informationExperiences Deploying and Operating a Large-Scale Monitoring Infrastructure
1 Experiences Deploying and Operating a Large-Scale Monitoring Infrastructure 25 th NORDUnet conference Arne Øslebø arne.oslebo@uninett.no Outline Background and motivation Typical setup Deployment map
More informationMonitoring applications to increase security in 40G and 100G networks
Monitoring applications to increase security in 40G and 100G networks Cyber Security and Today s Communication Technologies TPEB workshop, 30.1.2014 Petr Kastovsky kastovsky@invea.com Company Introduction
More informationDescription: Objective: Attending students will learn:
Course: Introduction to Cyber Security Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: In 2014 the world has continued to watch as breach after breach results in millions of
More informationDLP Detection with Netflow
DLP Detection with Netflow Christopher Poetzel Network Security Engineer Argonne National Laboratory FloCon 2011 Jan 11, 2012 Who Am I? Christopher Joseph Poetzel University of Wisconsin-Madison BS Computer
More informationIntrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS) What are They and How do They Work? By Wayne T Work Security Gauntlet Consulting 56 Applewood Lane Naugatuck, CT 06770 203.217.5004 Page 1 6/12/2003 1. Introduction Intrusion
More informationIS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS
More informationUNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING AND NETWORK SECURITY SEMESTER TWO EXAMINATIONS 2014/2015 NETWORK SECURITY MODULE NO: CPU6004
[CRT14] UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING AND NETWORK SECURITY SEMESTER TWO EXAMINATIONS 2014/2015 NETWORK SECURITY MODULE NO: CPU6004 Date: Wednesday 27 th May 2015 Time: 14:00 16:00
More informationFirewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationNetflow Collection with AlienVault Alienvault 2013
Netflow Collection with AlienVault Alienvault 2013 CONFIGURE Configuring NetFlow Capture of TCP/IP Traffic from an AlienVault Sensor or Remote Hardware Level: Beginner to Intermediate Netflow Collection
More informationCYBER SECURITY. Overview This event provides recognition for FBLA members who understand security needs for technology.
CYER SECURITY Overview This event provides recognition for FLA members who understand security needs for technology. Competencies The topics listed below are prioritized, listing first the most important
More informationConnecting North Carolina s Future Today. Application Monitoring: ClassScape Case Study. NCSU Centennial Networking Lab
Connecting North Carolina s Future Today Application Monitoring: ClassScape Case Study John Bass NCSU Centennial Networking Lab Carla S. Hunt MCNC 1 Overview About MCNC and the School Connectivity Initiative
More informationOn and off premises technologies Which is best for you?
On and off premises technologies Which is best for you? We don t mind what you buy, as long as it is YELLOW! Warren Sealey and Paul-Christian Garpe On Premises or in the cloud? 1 Agenda Why Symantec? Email
More informationConsiderations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.
Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet
More informationNfsight: NetFlow-based Network Awareness Tool
Nfsight: NetFlow-based Network Awareness Tool Robin Berthier Coordinated Science Laboratory Information Trust Institute University of Illinois Urbana-Champaign, IL, USA rgb@illinois.edu Michel Cukier The
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationCheap and efficient anti-ddos solution
Cheap and efficient anti-ddos solution Who am I? Alexei Cioban Experience in IT 13 years CEO & Founder IT-LAB 7 years IT trainings 5 years 2 About company Year of foundation - 2007 12 employees www.it-lab.md
More informationCSCI 4250/6250 Fall 2015 Computer and Networks Security
CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP
More informationData Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.
Data Centers Protection from DoS attacks. Trends and solutions Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.2010 Cybercrime Trends Page 2 Types of DoS attacks and classical
More informationWindows Remote Access
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
More informationNetwork Security: A Practical Approach. Jan L. Harrington
Network Security: A Practical Approach Jan L. Harrington ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of
More informationWeb Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com
Web Application Security Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com Security s Gaping Hole 64% of the 10 million security incidents tracked targeted port 80. Information Week
More informationAnomaly Detection in Backbone Networks: Building A Security Service Upon An Innovative Tool
Anomaly Detection in Backbone Networks: Building A Security Service Upon An Innovative Tool Wayne Routly, Maurizio Molina - (DANTE) Ignasi Paredes-Oliva - Universitat Politècnica de Catalunya (UPC) Ashish
More informationProtecting Critical Infrastructure
Protecting Critical Infrastructure SCADA Network Security Monitoring March 20, 2015 Table of Contents Introduction... 4 SCADA Systems... 4 In This Paper... 4 SCADA Security... 4 Assessing the Security
More informationSysAid IT On-Demand Architecture Including Security and Disaster Recovery Plan
SysAid IT On-Demand Architecture Including Security and Disaster Recovery Plan This document covers three aspects of SysAid IT On-Demand: Architecture Security Business Continuity and Disaster Recovery
More informationLesson 5: Network perimeter security
Lesson 5: Network perimeter security Alejandro Ramos Fraile aramosf@sia.es Tiger Team Manager (SIA company) Security Consulting (CISSP, CISA) Perimeter Security The architecture and elements that provide
More informationCaptIO Policy-Based Security Device
The Leader in Denial of Service Prevention CaptIO Policy-Based Security Device The CaptIO Policy-Based Security Device automatically detects, identifies, validates, and stops Denial of Service attacks
More informationSecurity perimeter. Internet. - Access control, monitoring and management. Differentiate between insiders and outsiders - Different types of outsiders
Network Security Part 2: protocols and systems (f) s and VPNs (overview) Università degli Studi di Brescia Dipartimento di Ingegneria dell Informazione 2014/2015 Security perimeter Insider - Access control,
More informationSESA Securing Email with Cisco Email Security Appliance Parts 1 and 2
Course Overview Securing Email with Cisco Email Security Appliance (SESA) combines Parts 1 and 2 (SESA1, SESA2) into a single three day course. Students learn to use Cisco Email Security Appliances (ESA's)
More informationCopyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.
PureMessage for Microsoft Exchange protects Microsoft Exchange servers and Windows gateways against email borne threats such as from spam, phishing, viruses, spyware. In addition, it controls information
More informationArray Networks & Microsoft Exchange Server 2010
Array Networks & Microsoft Exchange Server 2010 Array Networks Enables Highly Optimized Microsoft Exchange Server 2010 Services Microsoft Exchange Server is the industry leading messaging platform for
More information