Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Size: px
Start display at page:

Download "Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies"

Transcription

1 Cyber Security in Taiwan's Government Institutions: From APT To Investigation Policies Ching-Yu, Hung Investigation Bureau, Ministry of Justice, Taiwan, R.O.C. Abstract In this article, we introduce some policies used to investigate cybercrimes and to protect network security in Taiwan's government institutions. First, we start from two recent case studies to explain the threats we are facing have been evolved to be more insensible and more targeted. We not only need to strength the capabilities of cybercrime investigation, but also to construct an infrastructure to prevent and disturb the malicious activities from the internet. By the joint efforts of the law enforcement units and information security operation center in Taiwan, we hopefully establish a more safety network environment. Keywords: Targeted Attack, Cyber Security, Network Defense Policy 1. Introduction The government networks have been being targeted by hackers for a long time, which include public websites, endpoint PC of officials and inner services systems. With the attacks from all aspect on the internet, such as a rising issue in cyber security, the advanced persistent threat (APT), which employs social engineering, Trojan horses, injection attacks, vulnerability exploitations and many other methods to control victims' computers and extract data, protection of the government networks and investigation of malicious activities become more difficult and need more effort. The investigation bureau of ministry of justice (MJIB) is an important law enforcement agency in Taiwan and its primary missions are protecting national security and investigating major crimes. While the government networks are suffering from a great amount of attacks, one of the responsibilities of MJIB is to protect system safety and information integrity in the region, so we have developed some efficient investigation procedures to find the malicious activities on the internet and trace the sources of attacks, and besides the procedures, we also want to propose some policies to construct a safety network environment according to the accumulated experiences on cybercrime investigations. In the next chapter, we study 2 cases of APT targeting to the government institutions, which is uncovered in the cybercrime investigations recently, to explain the threats we are facing have been evolved to be more insensible and more targeted. Next, we introduce some checklists and standard operation procedures in cybercrime investigation and malware analysis. In the fourth chapter, we further propose 3 policies applied in Taiwan s government for cyber threat mitigation and prevention. Last, we make a conclusion of the importance of

2 cyber security. 2.Case Studies 2.1 APT Targeting Particular Personnel Recently in an information security check in Taiwan s government institutions, we found a document, annexed to an official's , titled "The 18th CPC (Communist Party of China) National Congress Situation and the Afterward Relationship between China and Taiwan.doc" in Chinese. The document is a malicious file and exploits Windows Common Controls vulnerability (MS12-027) to execute malicious codes packed in it. The main function of the malicious codes is to fetch communication log in infected computers and upload to the C&C servers. The files added and modified are shown in Figure 1. According to the title and content of the document, this kind of malware is targeting the researchers, officers and scholars who are interested in political affairs of China. And it is a typical example of social engineering attacks. Figure 1. Files added and modified after open the malicious document. 2.2 Data Burglary through Cloud Storage In an investigation of government data leakage, we found a malware in a victim's computer that secretly uploaded sensitive data to the Google Cloud storage. There are at least 2 advantages for the malwares that extract data to commercial cloud storages. First, the IP of the cloud storages are always in the white list of the firewalls and intrusion detection systems (IDS), and the cloud storages can be easily used as legal C&C servers. Second, the packet flow of the malwares uploading data to cloud storages is encrypted by SSL protocol and has no difference to normal internet surfing traffic, which make it hardly aware from outward appearance monitored by IDS and other network security guards. In this example, the malware's source code is written by GO Language, which is developed by Google and is

3 uncommon in Taiwan, therefore it may confuse the analyst in static malware analysis. In another case, a malware with the same function, but is written in C# and includes APIs provided by Dropbox, steals user account and password from victim's computers, and uploads the password files to the Dropbox storage. Figure 2. The malware uploading data to Google Cloud. 3. Investigation Procedures in MJIB 3.1 Checklist to Unearth the Malicious Activities According to the criminal law in Taiwan, entering account code and password, breaking computer protection, or taking advantage of the system loophole of such other accesses another s computer or relating equipment without reason is considered illicit. As a law enforcement agency, we have a responsibility to investigate cybercrimes, and we use some technique like packet sniffer, computer log survey or malware analysis to find the malicious activities and the attack sources. With the packet flow of government network monitored by Security Operations Center, which we will discuss later, and the information security check of government institutions every year, we can collect the indications of network activities and find the vulnerabilities of systems. The information security check items include network framework, network activity analysis, and endpoint computer or server examination, as shown in Table 1. If there are indications of malicious activities, we further analysis the records to find out the invasion time, attack sources and the amount of damages of the cybercrimes. The information security check can reduce the threat of malicious activities. Item Explain Network Framework Targeting to the vulnerabilities of network framework, including deployment logic, infrastructure and attack prevention.

4 Network Activity Endpoint Computer or Server Examination Packet Sniffer Placing a packet sniffer in the gateway of and the network, observing abnormal connections, DNS queries and malicious IP of C&C servers. Network Device Reviewing firewall, intrusion prevention Log log files to find abnormal connection records and indications of malicious activities. Malwares and Examining Endpoint Computers and Suspicious Files Servers to find malwares and suspicious Searching files involving malicious activities. PC Scanning the versions and vulnerabilities Vulnerabilities of OS, applications and anti-virus Scanning softwares in personal computer. Table 1. Information Security Check list in Cybercrime Investigation 3.2 Malware Forensic Flow For the prevalence of the APT nowadays, the government network suffers a great amount of threats from phishing, Trojan horse, software-vulnerability attack. For that reason, we have developed a standard operation process of malware forensic, which is used to find the sources, functions and infection paths of the malwares, to fast discover the infection of the network. First, we start our forensic from the suspicious computers. And depending on the status, we can apply network packet sniffer and analysis, volatile data collection and system image backup of the computers. Next, we further use dynamic and static analysis to search the malicious and suspicious files, and apply sandbox analysis, disassembly analysis and other approaches to confirm the behaviors and the sources of C&C servers, and further by comparing with the network analysis and memory dump analysis, we construct a database of the memory clips and packet patterns of the malware. The complete forensic flow is shown in Figure 3.

5 Start Memory Dump Power On Computer Status? Shutdown YES Sniffer And Analyze Network Packet at Gateway Network Forensic? NO Collect Volatile Data and System Snapshot Scanning system memory YES Computer Can Be Shutdown? Make Live Image NO Dynamic Start Image in Virtual Eviroment Jump to Power- On Forensic Process Make System Image or Disk Bit-Stream Copy Dynamic or Static Static Analyze Suspicious Files hy Mounting the Image Compare with Blacklist and Online Databases Extract all suspicious Files Sandbox DisassemblY Is Malware? No Yes Compare with Netowrk Forensic and Memory Dump Constructing Database End Figure 3. Flow of Malware Forensic 4. Mitigation and Prevention of Cyber Threat to Government 4.1 Government Configuration Baseline The government configuration baseline (GCB) standardizes the consistency of the security setting of endpoint device such as personal computers and local servers. In order to reduce the chance of attacks to the vulnerabilities caused by weak settings, we need to configure the operating environment we are using as faultlessly as possible. The check item of the GCB includes the length and complexity of password, system update period, dangerous function exclusion and other security settings of the OS and browser, which is widely used in Taiwan s

6 government units. By reference of the GCB provided by the U.S government, we construct a version of our own, which contains 396 items including account policies, Windows 7 & Firewall settings and IE8 settings, as shown in Table 2. By implementing the GCB in every government units, we can basically guarantee a secure operating environment. Class Name Sum subtotal Windows 7 GCB Account Policy GCB Windows 7 Computer Energy Policy 4 GCB Windows 7 Computer Settings 225 GCB Windows 7 User Settings 8 Windows 7 GCB Windows 7 Firewall Settings Firewall Internet Explorer 8 GCB Internet Explorer 8 Computer Settings GCB Internet Explorer 8 User Settings 5 Total 396 Table 2. Items of the GCB 4.2 Construction of Local Security Operations Center The Taiwan s government is strengthening the construction of local Security Operations Center (SOC), which is a centralized unit that monitors and deals with network security issues. At present, there is a central SOC that monitor the overall packet flow in real time from the main gateway of the central government in Taiwan, but it is not enough to control the flow at the main gateway since some endpoint PCs and servers in the government units have been taken by malwares and backdoors are already opened. The local SOCs can guarantee the discovery and prevention of extraordinary flows in real time by supervising the local systems, such as Active Directory servers of Microsoft and electronic official document exchange systems. More importantly, through cooperating with information security companies and training students who major in information management, we can get more professionals and improve awareness of system defense of local personnel. 4.3 Networking Attack Drill Every year, the National Information and Communication Security Taskforce (NICST) in Taiwan would hold a networking attack drill to excavate system vulnerabilities and assess the safety in every government institution. The NICST invited security experts from all over the country as intruders to invade the computer systems using approaches from social engineering, website penetration, loophole exploitation and many other methods, and the experts listed the deficiencies and score the security of each local system after invasion. Next, a situational drill would take place in written or video chat mode, to simulate agencies

7 suffered severely targeted and consistent attacks and to test the authorities familiar or not with standard procedures, emergency handling, defense mechanisms and notification. Last, there was a seminar to discuss the process and result of the drill, and foreign experts were invited to share relevant experience. The result of the networking attack drill is a good reference resource for the network authorities of each government unit to repair vulnerabilities of their systems and enhance the defense consciousness. 5. Conclusion In this article, we introduced some procedures to investigate attacks in the government networks and proposed the countermeasures against network malicious activities. While the cyber war is happening secretly and new attack methods continuously brought up, the policies of information security shall be reviewed frequently. With the malicious activities always existing on the internet, not only the network authorities need to reinforce the capabilities to guard the government networks, but all staffs in the government institutions shall have a basic information security concept to resist different threats.

Security Intelligence Services. www.kaspersky.com

Security Intelligence Services. www.kaspersky.com Kaspersky Security Intelligence Services. Threat Intelligence Services www.kaspersky.com THREAT INTELLIGENCE SERVICES Tracking, analyzing, interpreting and mitigating constantly evolving IT security threats

More information

The Hillstone and Trend Micro Joint Solution

The Hillstone and Trend Micro Joint Solution The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry

More information

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

Hope is not a strategy. Jérôme Bei

Hope is not a strategy. Jérôme Bei Hope is not a strategy Jérôme Bei Press Highlights Conficker hits German Government! 3000 Clients down! Datatheft at German Telekom: 17.000.000 Customer Records lost! About 1.000.000 pieces of Malware

More information

WEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project

WEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project WEB SECURITY Oriana Kondakciu 0054118 Software Engineering 4C03 Project The Internet is a collection of networks, in which the web servers construct autonomous systems. The data routing infrastructure

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Detailed Description about course module wise:

Detailed Description about course module wise: Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference

More information

A Case for Managed Security

A Case for Managed Security A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction

More information

The Value of Physical Memory for Incident Response

The Value of Physical Memory for Incident Response The Value of Physical Memory for Incident Response MCSI 3604 Fair Oaks Blvd Suite 250 Sacramento, CA 95864 www.mcsi.mantech.com 2003-2015 ManTech Cyber Solutions International, All Rights Reserved. Physical

More information

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target

More information

Spyware Analysis. jan.monsch@csnc.ch. Security Event - April 28, 2004 Page 1

Spyware Analysis. jan.monsch@csnc.ch. Security Event - April 28, 2004 Page 1 Spyware Analysis jan.monsch@csnc.ch Security Event - April 28, 2004 Page 1 Content Definition & types of spyware Statistics Hooks Static vs. dynamic software analysis Test environment for spyware Analysis

More information

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2 Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

Streamlining Web and Email Security

Streamlining Web and Email Security How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

WildFire. Preparing for Modern Network Attacks

WildFire. Preparing for Modern Network Attacks WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

Network Incident Report

Network Incident Report To submit copies of this form via facsimile, please FAX to 202-406-9233. Network Incident Report United States Secret Service Financial Crimes Division Electronic Crimes Branch Telephone: 202-406-5850

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

An Overview of Cybersecurity and Cybercrime in Taiwan

An Overview of Cybersecurity and Cybercrime in Taiwan An Overview of Cybersecurity and Cybercrime in Taiwan I. Introduction To strengthen Taiwan's capability to deal with information and communication security issues, the National Information and Communication

More information

The Key to Secure Online Financial Transactions

The Key to Secure Online Financial Transactions Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on

More information

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa.

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa. Global Partner Management Notice Subject: Visa Data Security Alert Malicious Software and Internet Protocol Addresses Dated: April 10, 2009 Announcement: The protection of account information is a responsibility

More information

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A

More information

Effective Methods to Detect Current Security Threats

Effective Methods to Detect Current Security Threats terreactive AG. Swiss Cyber Storm 2015. Effective Methods to Detect Current Security Threats Taking your IT security to the next level, you have to consider a paradigm shift. In the past companies mostly

More information

Global Partner Management Notice

Global Partner Management Notice Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with

More information

Realize Innovation of Cyber-Security with Big Data. Qi Xiangdong

Realize Innovation of Cyber-Security with Big Data. Qi Xiangdong Realize Innovation of Cyber-Security with Big Data Qi Xiangdong I. Initiate the black-white list system based on big data Transform traditional antivirus with big data In the era of big data, 360 innovatively

More information

An New Approach to Security. Chris Ellis McAfee Senior System Engineer Chris_Ellis@McAfee.com

An New Approach to Security. Chris Ellis McAfee Senior System Engineer Chris_Ellis@McAfee.com An New Approach to Security Chris Ellis McAfee Senior System Engineer Chris_Ellis@McAfee.com Advanced Targeted Attack Challenges Criminal Theft Sabotage Espionage After the Fact Expensive Public Uncertainty

More information

INFORMATION SECURITY TRAINING CATALOG (2015)

INFORMATION SECURITY TRAINING CATALOG (2015) INFORMATICS AND INFORMATION SECURITY RESEARCH CENTER CYBER SECURITY INSTITUTE INFORMATION SECURITY TRAINING CATALOG (2015) Revision 3.0 2015 TÜBİTAK BİLGEM SGE Siber Güvenlik Enstitüsü P.K. 74, Gebze,

More information

Presented by Evan Sylvester, CISSP

Presented by Evan Sylvester, CISSP Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information

More information

Contents. vii. Preface. P ART I THE HONEYNET 1 Chapter 1 The Beginning 3. Chapter 2 Honeypots 17. xix

Contents. vii. Preface. P ART I THE HONEYNET 1 Chapter 1 The Beginning 3. Chapter 2 Honeypots 17. xix Honeynet2_bookTOC.fm Page vii Monday, May 3, 2004 12:00 PM Contents Preface Foreword xix xxvii P ART I THE HONEYNET 1 Chapter 1 The Beginning 3 The Honeynet Project 3 The Information Security Environment

More information

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD. Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD. Your Valuable Data In The Cloud? How To Get The Best Protection! A world safe for exchanging digital information

More information

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program. 2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program. Entry Name HFA Submission Contact Phone Email Qualified Entries must be received by

More information

Loophole+ with Ethical Hacking and Penetration Testing

Loophole+ with Ethical Hacking and Penetration Testing Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,

More information

24/7 Visibility into Advanced Malware on Networks and Endpoints

24/7 Visibility into Advanced Malware on Networks and Endpoints WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction

More information

Penetration Testing Service. By Comsec Information Security Consulting

Penetration Testing Service. By Comsec Information Security Consulting Penetration Testing Service By Consulting February, 2007 Background The number of hacking and intrusion incidents is increasing year by year as technology rolls out. Equally, there is no hiding place your

More information

CYBERTRON NETWORK SOLUTIONS

CYBERTRON NETWORK SOLUTIONS CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified

More information

Lessons from the DHS Cyber Test Bed Project

Lessons from the DHS Cyber Test Bed Project Lessons from the DHS Cyber Test Bed Project Theresa Payton President/CEO Fortalice, LLC Presented by: Kemal O. Piskin Senior Cyber Security Engineer Applied Research Associates, Inc. What We ll Discuss

More information

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4) Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware

More information

Effective Methods to Detect Current Security Threats

Effective Methods to Detect Current Security Threats terreactive AG. Swiss Cyber Storm 2015. Effective Methods to Detect Current Security Threats Enrico Petrov Director Managed Security Services terreactive October 21 st, 2015 terreactive Background. About

More information

Enterprise Incident Response: Network Intrusion Case Studies and Countermeasures

Enterprise Incident Response: Network Intrusion Case Studies and Countermeasures Enterprise Incident Response: Network Intrusion Case Studies and Countermeasures Eric J. Eifert Vice President, Cyber Defense Division ManTech s Mission, Cyber, & Technology Solutions Presentation Overview

More information

PART D NETWORK SERVICES

PART D NETWORK SERVICES CONTENTS 1 ABOUT THIS PART... 2 2 PUBLIC NETWORK... 2 Internet... 2 3 PRIVATE NETWORK... 3 Global WAN services... 3 4 SECURITY SERVICES... 3 Firewall... 4 Intrusion Prevention (Network)... 5 SSL/IPSEC

More information

FORBIDDEN - Ethical Hacking Workshop Duration

FORBIDDEN - Ethical Hacking Workshop Duration Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once

More information

Information Technology Audit & Forensic Techniques. CMA Amit Kumar

Information Technology Audit & Forensic Techniques. CMA Amit Kumar Information Technology Audit & Forensic Techniques CMA Amit Kumar 1 Amit Kumar & Co. (Cost Accountants) A perfect blend of Tax, Audit & Advisory services Information Technology Audit & Forensic Techniques

More information

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN Albin Penič Technical Team Leader Eastern Europe Trend Micro 27 years focused on security software Headquartered

More information

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems IT 4823 Information Security Administration Securing Operating Systems June 18 Security Maintenance Practices Basic proactive security can prevent many problems Maintenance involves creating a strategy

More information

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions Security Awareness For Server Administrators State of Illinois Central Management Services Security and Compliance Solutions Purpose and Scope To present a best practice approach to securing your servers

More information

A Study on the Live Forensic Techniques for Anomaly Detection in User Terminals

A Study on the Live Forensic Techniques for Anomaly Detection in User Terminals A Study on the Live Forensic Techniques for Anomaly Detection in User Terminals Ae Chan Kim 1, Won Hyung Park 2 and Dong Hoon Lee 3 1 Dept. of Financial Security, Graduate School of Information Security,

More information

CRYPTUS DIPLOMA IN IT SECURITY

CRYPTUS DIPLOMA IN IT SECURITY CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information

More information

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know

More information

Security Intelligence Services. Cybersecurity training. www.kaspersky.com

Security Intelligence Services. Cybersecurity training. www.kaspersky.com Kaspersky Security Intelligence Services. Cybersecurity training www.kaspersky.com CYBERSECURITY TRAINING Leverage Kaspersky Lab s cybersecurity knowledge, experience and intelligence through these innovative

More information

Common Cyber Threats. Common cyber threats include:

Common Cyber Threats. Common cyber threats include: Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

Advanced & Persistent Threat Analysis - I

Advanced & Persistent Threat Analysis - I Advanced & Persistent Threat Analysis - I Burak Ekici ekcburak@hotmail.com Department of Computer Engineering, Yaşar University, Turkey. April 21, 2012 Burak Ekici (Dept. of Comp. Eng.) Advanced & Persistent

More information

Looking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015

Looking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015 WHITEPAPER Looking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015 Malcolm Orekoya Network & Security Specialist 30 th January 2015 Table of Contents Introduction... 2 Identity Defines

More information

Penetration Test Methodology on Information-Security Product Utilizing the Virtualization Technology

Penetration Test Methodology on Information-Security Product Utilizing the Virtualization Technology Penetration Test Methodology on Information-Security Product Utilizing the Virtualization Technology JungDae Kim (jdcom@ksel.co.kr) ByongKi Park (bgbak@ksel.co.kr) CONTENTS 1 Background Information 2 Vulnerability

More information

Ed Ferrara, MSIA, CISSP eferrara@temple.edu. Fox School of Business

Ed Ferrara, MSIA, CISSP eferrara@temple.edu. Fox School of Business MIS 5208 Week 4 Cybersecurity & Fraud Ed Ferrara, MSIA, CISSP eferrara@temple.edu Hacking Source: www.youtube.com Computer Crime A cyber breach is any event that intentionally or unintentionally causes

More information

Advanced Endpoint Protection Overview

Advanced Endpoint Protection Overview Advanced Endpoint Protection Overview Advanced Endpoint Protection is a solution that prevents Advanced Persistent Threats (APTs) and Zero-Day attacks and enables protection of your endpoints by blocking

More information

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.

More information

The Power of Dynamic Threat Intelligence to Stop APT s

The Power of Dynamic Threat Intelligence to Stop APT s The Power of Dynamic Threat Intelligence to Stop APT s Evren BILGIC Senior Sales Engineer, Mediterranean Region evren_bilgic@trendmicro.com The Headlines Tell Only Half The Story 2 Copyright 2015 Trend

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats WWW.COMODO.COM

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats WWW.COMODO.COM WHITE PAPER Endpoint Security and Advanced Persistent Threats The Invisible Threat They re out there waiting. Sitting at their computers hoping for you to make a mistake. And you will. Because no one is

More information

Defensible Strategy To. Cyber Incident Response

Defensible Strategy To. Cyber Incident Response Cyber Incident Response Defensible Strategy To Cyber Incident Response Cyber Incident Response Plans Every company should develop a written plan (cyber incident response plan) that identifies cyber attack

More information

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices

More information

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

5 Steps to Advanced Threat Protection

5 Steps to Advanced Threat Protection 5 Steps to Advanced Threat Protection Agenda Endpoint Protection Gap Profile of Advanced Threats Consensus Audit Guidelines 5 Steps to Advanced Threat Protection Resources 20 Years of Chasing Malicious

More information

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order

More information

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference

More information

IDS or IPS? Pocket E-Guide

IDS or IPS? Pocket E-Guide Pocket E-Guide IDS or IPS? Differences and benefits of intrusion detection and prevention systems Deciding between intrusion detection systems (IDS) and intrusion prevention systems (IPS) is a particularly

More information

Top Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009

Top Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009 Top Five Data Security Trends Impacting Franchise Operators Payment System Risk September 29, 2009 Top Five Data Security Trends Agenda Data Security Environment Compromise Overview and Attack Methods

More information

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004 A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:

More information

Keyword: Cloud computing, service model, deployment model, network layer security.

Keyword: Cloud computing, service model, deployment model, network layer security. Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging

More information

Endpoint Security - HIPS. egambit, your defensive cyber-weapon system. You have the players. We have the game.

Endpoint Security - HIPS. egambit, your defensive cyber-weapon system. You have the players. We have the game. egambit Endpoint Security - egambit, your defensive cyber-weapon system. You have the players. We have the game. TEHTRI-Security 2010-2015 www.tehtri-security.com Endpoint Security In this document, we

More information

Anti-exploit tools: The next wave of enterprise security

Anti-exploit tools: The next wave of enterprise security Anti-exploit tools: The next wave of enterprise security Intro From malware and ransomware to increasingly common state-sponsored attacks, organizations across industries are struggling to stay ahead of

More information

Introduction to Cyber Security / Information Security

Introduction to Cyber Security / Information Security Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be

More information

Concierge SIEM Reporting Overview

Concierge SIEM Reporting Overview Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts

More information

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses

More information

Types of cyber-attacks. And how to prevent them

Types of cyber-attacks. And how to prevent them Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual

More information

THE ROLE OF IDS & ADS IN NETWORK SECURITY

THE ROLE OF IDS & ADS IN NETWORK SECURITY THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker

More information

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure

More information

Analyzing HTTP/HTTPS Traffic Logs

Analyzing HTTP/HTTPS Traffic Logs Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that

More information

Fighting Advanced Persistent Threats (APT) with Open Source Tools

Fighting Advanced Persistent Threats (APT) with Open Source Tools Fighting Advanced Persistent Threats (APT) with Open Source Tools What is APT? The US Air Force invented the term in 2006 APT refers to advanced techniques used to gain access to an intelligence objective

More information

Seven Strategies to Defend ICSs

Seven Strategies to Defend ICSs INTRODUCTION Cyber intrusions into US Critical Infrastructure systems are happening with increased frequency. For many industrial control systems (ICSs), it s not a matter of if an intrusion will take

More information

Networking for Caribbean Development

Networking for Caribbean Development Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n

More information

Alert (TA14-212A) Backoff Point-of-Sale Malware

Alert (TA14-212A) Backoff Point-of-Sale Malware Alert (TA14-212A) Backoff Point-of-Sale Malware Original release date: July 31, 2014 Systems Affected Point-of-Sale Systems Overview This advisory was prepared in collaboration with the National Cybersecurity

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

IIABSC 2015 - Spring Conference

IIABSC 2015 - Spring Conference IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber

More information

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2. Exit Conference...

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2. Exit Conference... NEA OIG Report No. R-13-03 Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning to detect vulnerabilities... 2 Area

More information

Total Defense Endpoint Premium r12

Total Defense Endpoint Premium r12 DATA SHEET Total Defense Endpoint Premium r12 Overview: Total Defense Endpoint Premium Edition r12 offers comprehensive protection for networks, endpoints and groupware systems from intrusions, malicious

More information

Security Challenges and Solutions for Higher Education. May 2011

Security Challenges and Solutions for Higher Education. May 2011 Security Challenges and Solutions for Higher Education May 2011 Discussion Topics Security Threats and Challenges Education Risks and Trends ACH and Wire Fraud Malware and Phishing Techniques Prevention

More information

Trends in Advanced Threat Protection

Trends in Advanced Threat Protection Trends in Advanced Threat Protection John Martin Senior Security Architect IBM Security Systems Division 1 2012 IBM Corporation John Martin Senior Security Architect IBM Security Systems Division Security

More information

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013 CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Recent Cyber Attack Cases in Taiwan

Recent Cyber Attack Cases in Taiwan Recent Cyber Attack Cases in Taiwan TWNCERT (National Center for Cyber Security Technology) Outline Cyber Attack Trends in Taiwan Cyber Attack Cases Studies Attack via Network Equipment Attack via AD Golden

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information