AT&T Real-Time Network Security Overview
|
|
- Cornelia Hancock
- 8 years ago
- Views:
Transcription
1 AT&T Real-Time Network Security Overview Dan Solero Director of Security Technology, AT&T
2 Know Your Enemy: Security Threats Extend Beyond Viruses & Worms Distributed Denial of Service Spam for Hire Social Engineering Phishing, Sniffing, Keylogging, etc. Data Leakage Lost/Stolen Laptops, Unsecured Servers Insider Threats 2
3 AT&T s Proactive Security Strategy Web-Based Information Collection Broad Network Mapping Service Vulnerability Exploitation DDOS Zombie Code Installation Use of Stolen Accounts for Attack Social Engineering Targeted Scan Password Guessing System File Delete Log File Changes Reconnaissance Scanning System Access Damage Track Coverage Preventive Phase (Defense) Reactive Phase (Defense) AT&T Focuses protection toward these phases of Attack Lifecycle Indications and Warning Threshold (Defense) Other alert tools gather their information in the latter phases of an Attack 3
4 AT&T Real-Time Security Management 24/7 Situational Cyber Security Awareness Threat Management Interface AT&T Global Network Operations Center Management Servers, Consoles, and Database ~40 Cases/Day AT&T Custom Database Technology Daytona System (Data Mining Algorithms) Customized Event Parsers and Consolidators ~170 Alerts/Day ~270 Million Events/Day AT&T Enterprise and Internet Feeds IDS Alarms Firewall Logs DLP Alarms Netflow Proxy Logs Server Alarms Internet Alarms DDOS Detection VPN Logs Honey Pots 4
5 Bot Detection Sampling of identified botnets analyzed Visibility of roughly 10% of total Internet Approximately 16M unique IPs 16 months Hundreds of malware files captured 60+% not detected by Anti-Virus 5
6 Uses of Botnet Data Spam-source Blocking Alerting Improved Detection Vision: Botnet-Aware Network 6
7 AT&T Internet Protect SM Alert A Increased scanning on port 23/tcp (Feb 8, 2006) Description: AT&T Internet Protect has been able to identify a botnet that is actively scanning on port 23/tcp and is targeting Cisco devices such as routers for exploit and access. The activity has taken place in multiple short-term durations; targeting a variety of Internet address segments. Multiple successful exploits have been identified; gaining "enable" and/or "console" passwords for the devices. The exploit is not limited to weak passwords. At this time, it is not clear exactly what exploit is being used to attack the routers nor for what function the routers might be used. However, this capability could be used by malicious users to launch DDoS attacks, sniff private network traffic, change routing on networks, subvert Access Control Lists, and/or use the routers to create logical private networks for the malicious users. Recommendations: Users of Cisco devices should block Internet-facing access to any management services. If it is absolutely necessary to perform management from Internet facing interfaces, use Access Control Lists (ACLs) to restrict access only from IP sources/hosts that are authorized to perform these management actions. * Try to avoid using telnet as a remote access method, and use TACACS+ or RADIUS for authentication. * Make sure IOS patch levels are up to date. * Inspect routers for possible misconfiguration that may have granted telnet access to outside users. * Logs or flow records may be helpful to determine if any unauthorized connections are taking place. * If the router is compromised, there may be no direct evidence since the exploit is capturing passwords. If there is a possibility the router may have been compromised, take actions to prevent further compromise and immediately change passwords. 7
8 Indicators of the StormWorm (W32/Nuwar, Trojan.Peacomm) active on changing udp ports Storm Worm Tracker Storm worm transitions to new port Storm worm continuing to utilize ports 11275/udp and 16275/udp 8
9 Global StormWorm Activity Malware update June 3, 2008 Typical day in
10 AT&T Internet Protect SM Alert A Pop-up spam activity on ports 1026/udp and 1027/udp (May 6, 2008) Description: Internet Protect has observed a significant increase in activity on ports 1026/udp and 1027/udp. Microsoft Net Messenger opens a listener on these ports to receive net messages. This service was initially developed to permit network administrators to send messages to all the clients connected to their network. Today the messenger service is mainly used by pop-up message spammers who send bulk messages to many IP addresses. These messages often contain advertisements and links to web sites. Clicking on these links frequently results in the computer becoming infected. Recommendations: To avoid infection: * Always block any unused ports and services. * If business needs permit, block/filter all traffic to ports 1026/udp and 1027/udp. * Ensure that all the latest Operating Systems and application patches have been applied. * Perform a virus scan with the latest antivirus signatures. * Educate users about the safe internet browsing. * Establish a complex alphanumeric password policy. 10
11 AT&T Internet Protect Alerts Events in downadup/conficker evolution Alert 895 Early indicator RPC scanning Nov 4 Alert 901 Early Indicator SMB scanning Nov 13 Alert 907 Increased traffic from worm variants Nov 21 Alert 913 Increased scanning from Downadup.A and other malware Dec 15 Alert 915 Increased SMB scanning Dec 31 Alert 916 Downadup.B and other malware spreading Jan 5 Alert 934 Downadup.B++ (Conficker.C) worm update Mar 19 10/23 Advisory Microsoft Announces MS Out of Cycle RPC Patch 11
12 Conficker Worm April 01, ,136 visible members, 8 control servers, tracked since 7/
13 AT&T Threat Recon Index (TRI) Downward Trend - SASSER Diminishin g DownAdUp /Conficker Activity Pop-up spam Activity 13
14 Fucuzzy September 01, ,136 visible members, 8 control servers Tracked Since July 2006 Page 14
15 Security Services Expansion Security Enforcement Capabilities DDoS/Botnet protection Firewall rule enforcement Intrusion Detection/Prevention Worm and virus filtering URL filtering Mail filtering Data leakage prevention solution Botnet/threat-aware DNS solution Customer Benefits Minimal initial investment Scalability Professional Support Global Enforcement Nodes Security Operations Center Early Cyber Threat Warnings Metadata collection, Behavior and Anomaly-Based Analysis 24x7 Data Fusion 15
16 AT&T s Security Capabilities How we protect your network infrastructure Employ the network as the first line of defense Utilize AT&T s predictive security capabilities Implement a defense-in-depth strategy Provide a broad portfolio of security services Quick Facts about AT&T Managed Security End to end Security Capabilities- from end point to the cloud Security integrated with AT&T services as appropriate In the Cloud security industry recognition More than 1,400 world-class security experts and support professionals SAS70 Compliant services Customer access to reports and tools via AT&T BusinessDirect Portal 16
17 Thank You! 17
18 Backup slides 18
19 What is a Botnet? Group of compromised computers with common control points that run software autonomously and automatically Used for malicious or unauthorized purposes Common Terms Bot an individual machine that is compromised Botnet a collection of bots that are under common control Botnet controller (a la C&C) server that relays commands and responses Botnet operator the person or people that initiates a bot Pictures from a document by CERT India Page 19
20 Types of Botnet Threats Numerous malicious applications Distributed Denial of Service (DDoS) attack Spam Phishing Sniffing, key-logging and collecting traffic Host rogue network-based applications Fraudulent ad clicking Dead drop points for collection & dissemination of malware Massive and distributed storage capacity for distribution Massive distributed computing power Page 20
21 Illustrative Power of Botnets Just a few bots can disrupt business operations Power Required to Disrupt a Business Power Required to Disrupt Typical ISP or Hosting Provider Page 21
22 Top 10 Bots Potential threats identified, yet still active and waiting NOTES: Actual size could be at least 10-20x larger This report only covers top 10 active IRC-based botnets. Page 22
23 Flow Record Analysis AT&T processes designed to identify suspicious traffic patterns Source_Addr Dest_Addr Port Flags Pkts Bytes Time APRSF :48: S :48: APRSF :48: AP-S :52: APRSF :53: APRS :54: AP-SF :58: AP-SF :16: A--SF :16: APRSF :16: AP-SF :17:05 Analog of Call detail records for Internet traffic Represents one side of conversation Unique flow for each SIP, DIP, protocol, Sport, Dport Page 23
24 Flow Record Analysis AT&T processes designed to identify suspicious traffic patterns Source_Addr Dest_Addr Port Flags Pkts Bytes Time APRSF :48: S :48: APRSF :48: AP-S :52: APRSF :53: APRS :54: AP-SF :58: AP-SF :16: A--SF :16: APRSF :16: AP-SF :17:05 Analog of Call detail records for Internet traffic Represents one side of conversation Unique flow for each SIP, DIP, protocol, Sport, Dport Page 24
25 Example-Internet Anomalies Tracked by AT&T Significant increase in sources scanning port 23/tcp Page 25
26 Scan Activity Targeting Telnet The characteristics that highlight the activity Unique source IP addresses scanning Number of probes Page 26
27 Early Indications of Worm Activity Evolution and status of worm variants Variant B++ Feb 06 Variant C Mar 05 New Variant D Mar 17 New Variant E April 07 Variant A Nov 21 Variant B Dec 29 Variant C/D Activation Variant E Self delete May 03 Page 27
28 Propagation and Communication Widespread, proliferating, and reporting back to hacker Propagation methods Network Exploit 445/tcp scanning for vulnerable systems MS (10/23/08) File shares with null or weak passwords Infected removable devices (e.g., USB drives) Variant C does not make attempts to propagate Variant E scans on tcp/445 again Check-in / Bot Control Methods Bot control hasn t been observed yet Connects via http (80/tcp) to pseudo-randomly generated domains 250 possible domains per day (A to B++ variants) It is believed that these were not used by the botnet security researchers preregistered many of these to track botnet size 50,000 possible domains per day (C variant after 4/1/09) connection attempt every 2 hours (B, B++) or 3 hours (A) Geolocation & External IP address discovery P2P (UDP & TCP) Variant E will self terminate on May 03, 2009 Page 28
29 Worm s Defensive Capabilities Intelligence to turn off security and stay hidden Anti-Mitigation Blocks DNS requests to many security, anti-virus and product update sites (by modifying the kernel driver providing DNS on the machine) Locks certain registry keys so even admin can t change (only system) Terminates anti-virus software Anti-Analysis Gets system time from HTML of public web sites (such as google, facebook, yahoo) so changing system time has no affect Double-packed/encoded executable (not including encryption for updates) Terminates some monitoring tools May detect virtual environments (VMWare) and other anti-debugging features Self-Updating Check-in to pseudo-random domains may facilitate updates Inefficient P2P while scanning on 445/tcp, if finds already infected bot with newer software, it will copy that software Improved P2P (Variant C and later) Finds and connects to peers based on an algorithmic mapping of IP address to pseudorandom port Only properly digitally encrypted (RC4) and signed executables will be installed Page 29
30 AT&T Network-Based Firewall Service Features Transparent, stateful firewall Intrusion Detection / Intrusion Protection Central application of outbound or Inbound/Outbound security policies across many locations Fully managed solution for simplified design, deployment & management Virus screening and spam filtering Service from 1.55Mbps to 135Mbps per gateway (higher bandwidths available) Branch Internet DSL/Dial Customer IP Enabled Frame & ATM Wide Area Network Partner Benefits Main Location/HQ Customer Network DMZ Remote Employees Easily upgrade speeds & sites as traffic grows Web Radius SMTP Leverage WAN investments Reports via customer accessible website Page 30
31 AT&T DDoS Defense Service IP Backbone Scrubbing Legitimate Attacker DIP DIP AT&T OSS Monitor AT&T IP Backbone DIP: Tunnel Scrubber Head-Ends 7606 AT&T 24/7 DDOS Analysis Console DIP Scrubber Scrubber Scrubber Cisco (Riverhead) Guards Server IP: Server IP: Page 31
Glasnost or Tyranny? You Can Have Secure and Open Networks!
AT&T is a proud sponsor of StaySafe Online Glasnost or Tyranny? You Can Have Secure and Open Networks! Steven Hurst CISSP Director - AT&T Security Services and Technology AT&T Chief Security Office 2009
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationInnovations in Network Security
Innovations in Network Security Michael Singer April 18, 2012 AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies.
More informationJK0 015 CompTIA E2C Security+ (2008 Edition) Exam
JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationNetwork Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000
Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business
More informationModular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
More informationZscaler Internet Security Frequently Asked Questions
Zscaler Internet Security Frequently Asked Questions 1 Technical FAQ PRODUCT LICENSING & PRICING How is Zscaler Internet Security Zscaler Internet Security is licensed on number of Cradlepoint devices
More informationData Loss Prevention in the Enterprise
Data Loss Prevention in the Enterprise ISYM 525 Information Security Final Paper Written by Keneth R. Rhodes 12-01-09 In today s world data loss happens multiple times a day. Statistics show that there
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationINTRODUCTION TO FIREWALL SECURITY
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationIntroduction of Intrusion Detection Systems
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
More informationA Critical Investigation of Botnet
Global Journal of Computer Science and Technology Network, Web & Security Volume 13 Issue 9 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationInformation Security Threat Trends
Talk @ Microsoft Security Day Sep 2005 Information Security Threat Trends Mr. S.C. Leung 梁 兆 昌 Senior Consultant 高 級 顧 問 CISSP CISA CBCP M@PISA Email: scleung@hkcert.org 香 港 電 腦 保 安 事 故 協 調 中 心 Introducing
More informationEmail David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000
Information Technology Information and Systems Security/Compliance Northwestern University 1800 Sherman Av Suite 209 Evanston, IL 60201 Email David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationMalicious Network Traffic Analysis
Malicious Network Traffic Analysis Uncover system intrusions by identifying malicious network activity. There are a tremendous amount of network based attacks to be aware of on the internet today and the
More information13 Ways Through A Firewall
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More informationDescription: Course Details:
Course: Malicious Network Traffic Analysis Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: There are a tremendous amount of network based attacks to be aware of on the internet
More informationHögskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :
Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh Written Exam in Network Security ANSWERS May 28, 2009. Allowed aid: Writing material. Name (in block letters)
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationTop tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
More informationBlackRidge Technology Transport Access Control: Overview
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
More informationCyb T er h Threat D f e ense S l o uti tion Moritz Wenz, Lancope 1
C b Th Cyber Threatt Defense D f S Solution l ti Moritz Wenz, Lancope 1 The Threat Landscape is evolving Enterprise Response Antivirus (Host-Based) IDS/IPS (Network Perimeter) Reputation (Global) and Sandboxing
More informationCountry Case Study on Incident Management Capabilities CERT-TCC, Tunisia
Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia Helmi Rais CERT-TCC Team Manager National Agency for Computer Security, Tunisia helmi.rais@ansi.tn helmi.rais@gmail.com Framework
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationFirewall Introduction Several Types of Firewall. Cisco PIX Firewall
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls
More informationSecurity Administration R77
Security Administration R77 Validate your skills on the GAiA operating system Check Point Security Administration R77 provides an understanding of the basic concepts and skills necessary to configure Check
More informationBigData and (in)security Considerations
BigData and (in)security Considerations Technology Trends Reshaping Business Cloud Computing Amazing Applications That Change Our World Fast, Widespread Wireless/Wireline IP Networks Powerful Mobile Computing
More informationCisco & Big Data Security
Cisco & Big Data Security 巨 量 資 料 的 傳 輸 保 護 Joey Kuo Borderless Networks Manager hskuo@cisco.com The any-to-any world and the Internet of Everything is an evolution in connectivity and collaboration that
More informationSecure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More informationDetecting peer-to-peer botnets
Detecting peer-to-peer botnets Reinier Schoof & Ralph Koning System and Network Engineering University of Amsterdam mail: reinier.schoof@os3.nl, ralph.koning@os3.nl February 4, 2007 1 Introduction Spam,
More informationWeb App Security Audit Services
locuz.com Professional Services Web App Security Audit Services The unsecured world today Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System
More informationNetwork Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
More informationState of Texas. TEX-AN Next Generation. NNI Plan
State of Texas TEX-AN Next Generation NNI Plan Table of Contents 1. INTRODUCTION... 1 1.1. Purpose... 1 2. NNI APPROACH... 2 2.1. Proposed Interconnection Capacity... 2 2.2. Collocation Equipment Requirements...
More information13 Ways Through A Firewall What you don t know will hurt you
Scientech 2013 Symposium: Managing Fleet Assets and Performance 13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter VP Industrial Security Waterfall Security Solutions andrew. ginter
More informationTunisia s experience in building an ISAC. Haythem EL MIR Technical Manager NACS Head of the Incident Response Team cert-tcc
Tunisia s experience in building an ISAC Haythem EL MIR Technical Manager NACS Head of the Incident Response Team cert-tcc 1 Agenda Introduction ISAC objectives and benefits Tunisian approach SAHER system
More informationHong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望
Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination
More informationControlling Risk, Conserving Bandwidth, and Monitoring Productivity with Websense Web Security and Websense Content Gateway
Controlling Risk, Conserving Bandwidth, and Monitoring Productivity with Websense Web Security and Websense Content Gateway Websense Support Webinar January 2010 web security data security email security
More informationWEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World
Securing Your Web World WEBTHREATS Constantly Evolving Web Threats Require Revolutionary Security ANTI-SPYWARE ANTI-SPAM WEB REPUTATION ANTI-PHISHING WEB FILTERING Web Threats Are Serious Business Your
More informationData Center security trends
Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:
More informationG/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy
For Public Use G/On Basic Best Practice Reference Guide Version 6 Make Connectivity Easy 2006 Giritech A/S. 1 G/On Basic Best Practices Reference Guide v.6 Table of Contents Scope...3 G/On Server Platform
More informationSecond-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they
More informationSymantec enterprise security. Symantec Internet Security Threat Report April 2009. An important note about these statistics.
Symantec enterprise security Symantec Internet Security Threat Report April 00 Regional Data Sheet Latin America An important note about these statistics The statistics discussed in this document are based
More informationJK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates
More informationToday s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, 2009. Concepts.
Protect - Detect - Respond A Security-First Strategy HCCA Compliance Institute April 27, 2009 1 Today s Topics Concepts Case Study Sound Security Strategy 2 1 Security = Culture!! Security is a BUSINESS
More informationHoneyBOT User Guide A Windows based honeypot solution
HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3
More informationTargeted attacks: Tools and techniques
Targeted attacks: Tools and techniques Performing «red-team» penetration tests Lessons learned Presented on 17/03/2014 For JSSI OSSIR 2014 By Renaud Feil Agenda Objective: Present tools techniques that
More informationGuide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst
INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security
More informationNetwork Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík
Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík {celeda velan jirsik}@ics.muni.cz Part I Introduction P. Čeleda et al. Network Security Monitoring and Behavior
More informationAbout Botnet, and the influence that Botnet gives to broadband ISP
About net, and the influence that net gives to broadband ISP Masaru AKAI BB Technology / SBB-SIRT Agenda Who are we? What is net? About Telecom-ISAC-Japan Analyzing code How does net work? BB Technology
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationDomain 6.0: Network Security
ExamForce.com CompTIA Network+ N10-004 Study Guide 1 Domain 6.0: Network Security Chapter 6 6.1 Explain the function of hardware and software security devices Network based firewall, Host based firewall
More informationFrom Network Security To Content Filtering
Computer Fraud & Security, May 2007 page 1/10 From Network Security To Content Filtering Network security has evolved dramatically in the last few years not only for what concerns the tools at our disposals
More informationNETWORK TO NETWORK INTERFACE PLAN
AT&T will provide interconnect points at both the Network Security Operations Center (NSOC) and the Sam Houston Building (SHB), the prescribed DIR locations via AT&T s VPN (AVPN) service. The standards-based
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationNetwork Incident Report
To submit copies of this form via facsimile, please FAX to 202-406-9233. Network Incident Report United States Secret Service Financial Crimes Division Electronic Crimes Branch Telephone: 202-406-5850
More informationThis chapter covers the following topics:
This chapter covers the following topics: Components of SAFE Small Network Design Corporate Internet Module Campus Module Branch Versus Headend/Standalone Considerations for Small Networks C H A P T E
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationSpyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.
Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References
More informationUnderstanding Security Testing
Understanding Security Testing Choosing between vulnerability assessments and penetration testing need not be confusing or onerous. Arian Eigen Heald, M.A., Ms.IA., CNE, CISA, CISSP I. Introduction Many
More informationProtecting Critical Infrastructure
Protecting Critical Infrastructure SCADA Network Security Monitoring March 20, 2015 Table of Contents Introduction... 4 SCADA Systems... 4 In This Paper... 4 SCADA Security... 4 Assessing the Security
More informationSecurity workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013
Security workshop Belnet Aris Adamantiadis Brussels 18 th April 2013 Agenda What is a botnet? Symptoms How does it work? Life cycle How to fight against botnets? Proactive and reactive NIDS 2 What is a
More informationCALNET 3 Category 7 Network Based Management Security. Table of Contents
State of California IFB STPD 12-001-B CALNET 3 Category 7 Network Based Security Table of Contents 7.2.1.4.a DDoS Detection and Mitigation Features... 1 7.2.2.3 Email Monitoring Service Features... 2 7.2.3.2
More informationIntrusion Detection Systems
Intrusion Detection Systems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/
More informationGame changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE
Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to
More informationBigData and (in)security Considerations
BigData and (in)security Considerations Technology Trends Reshaping Business Cloud Computing Amazing Applications That Change Our World Fast, Widespread Wireless/Wireline IP Networks Powerful Mobile Computing
More informationGlobal Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team
Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team The Internet is in the midst of a global network pandemic. Millions of computers
More informationNetwork Monitoring Tool to Identify Malware Infected Computers
Network Monitoring Tool to Identify Malware Infected Computers Navpreet Singh Principal Computer Engineer Computer Centre, Indian Institute of Technology Kanpur, India navi@iitk.ac.in Megha Jain, Payas
More informationGlobal Partner Management Notice
Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationBotnets: The Advanced Malware Threat in Kenya's Cyberspace
Botnets: The Advanced Malware Threat in Kenya's Cyberspace AfricaHackon 28 th February 2014 Who we Are! Paula Musuva-Kigen Research Associate Director, Centre for Informatics Research and Innovation (CIRI)
More informationAutomate your IT Security Services
Automate your IT Security Services Presenter: Cyberoam Our Products Network Security Appliances - UTM, NGFW (Hardware & Virtual) Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. Modem
More informationPlugging Network Security Holes using NetFlow. Loopholes in todays network security solutions and how NetFlow can help
Plugging Network Security Holes using NetFlow Loopholes in todays network security solutions and how NetFlow can help About ManageEngine Network Servers & Applications Desktop ServiceDesk Windows Infrastructure
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationCurrent Threat Scenario and Recent Attack Trends
Current Threat Scenario and Recent Attack Trends Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Objectives Current Cyber space Nature of cyberspace and associated risks
More informationDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...
More informationIntegrated Protection for Systems. João Batista Joao_batista@mcafee.com Territory Manager
Integrated Protection for Systems João Batista Joao_batista@mcafee.com Territory Manager 2 McAfee Overview Proven Expertise And what it means to you Proof of Expertise Impact of Expertise 1 17 100 300
More informationStop DDoS Attacks in Minutes
PREVENTIA Forward Thinking Security Solutions Stop DDoS Attacks in Minutes 1 On average there are more than 7,000 DDoS attacks observed daily. You ve seen the headlines. Distributed Denial of Service (DDoS)
More informationAttacks from the Inside
Attacks from the Inside Eddy Willems, G Data Righard J. Zwienenberg, Norman Attacks from the Inside. Agenda - Social Networking / Engineering - Where are the threats coming from - Infection vectors - The
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationCyber Security Where Do I Begin?
ISPE Automation Forum Cyber Security Where Do I Begin? Don Dickinson Project Engineer Phoenix Contact ..50% more infected Web pages Click in the on one last and three you months won t of notice 2008 than
More informationInternet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM
Internet Security Protecting Your Business Hayden Johnston & Rik Perry WYSCOM Introduction Protecting Your Network Securing Your Information Standards & Best Practices Tools & Options Into The Future Creating
More informationWildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks
WildFire Reporting When malware is discovered on your network, it is important to take quick action to prevent spread of the malware to other systems. To ensure immediate alerts to malware discovered on
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationIBM Internet Security Systems
IBM Global Services IBM Internet Security Systems Norberto Gazzoni Italy Channel Manager norberto_gazzoni@it.ibm.com +39 347 3499617 IBM Internet Security Systems Ahead of the threat. 2006 IBM Corporation
More informationAvailability Digest. www.availabilitydigest.com. Prolexic a DDoS Mitigation Service Provider April 2013
the Availability Digest Prolexic a DDoS Mitigation Service Provider April 2013 Prolexic (www.prolexic.com) is a firm that focuses solely on mitigating Distributed Denial of Service (DDoS) attacks. Headquartered
More informationAVeS Cloud Security powered by SYMANTEC TM
Protecting your business from online threats should be simple, yet powerful and effective. A solution that secures your laptops, desktops, and servers without slowing down your systems and distracting
More informationSecurity A to Z the most important terms
Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationIBM. Vulnerability scanning and best practices
IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration
More informationOn and off premises technologies Which is best for you?
On and off premises technologies Which is best for you? We don t mind what you buy, as long as it is YELLOW! Warren Sealey and Paul-Christian Garpe On Premises or in the cloud? 1 Agenda Why Symantec? Email
More informationProtecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More information