Real-Time Remote Log Collect-Monitoring System with Characteristic of Cyber Forensics
|
|
- Brendan French
- 8 years ago
- Views:
Transcription
1 Real-Time Remote Log Collect-Monitoring System with Characteristic of Cyber Forensics Tung-Ming Koo, Chih-Chang Shen, Hong-Jie Chen Abstract--The science of computer forensics is often used to judge computer crime. However, if the evidences are lack of reliability, these digital evidences will not be accepted by the court. Therefore, Digital evidence must satisfy two cyber forensics requirements in order to be valid in the court. First of all, evidence acquired must be original; avoid any human intervention or fabrication. Secondly, the evidence should be coherent with its analyzed output. This research proposes an advanced mechanism which enables remote log monitoring and real-time evidence acquisition while ensuring data reliability, integrity and validity. This mechanism can be integrated into SOC framework to further guarantee enterprise security system. Index Terms-- Computer Forensics, SOC, Log, Digital Evidences, Computer Crime. I. INTRODUCTION he internet network which has great influence on people s T life nowadays, because of its borderless characteristic, leaping time and space, make people be engaged in all kinds of activity on the internet, for example, Trading of the goods, searching the materials, exchange information and viewing the video. Although the internet lets our life be more convenient, if it is utilized its characteristic by the criminals of some intentions against the law, looking for loophole and waiting for an opportunity to attack, will cause greatest losses. In recent years, the intrusions on the internet keep pouring in and the governments and enterprises of various countries have already begun to face this question, making relevant decrees and safeguard procedures of taking online security. The purpose is checking and hindering these criminals, decreasing the arising of information security events. Safeguard procedures or the security system at present improve continuously too to renovate with crime, this is an attacking and defending war to both sides, attack on the internet just like tidewater perhaps will cause the consequence that can't be retrieved. And Protect system can collect and monitor these network message effectively, when abnormality happen, can address the alert and take the corresponding emergency measure immediately. But in fact it is difficult to Tung-Ming Koo is Professor of information management department and chief of Computer Center in National Yunlin University of Science & Technology.( koo@yuntech.edu.tw). Chih-Chang Shen is at National Yunlin University of Science & Technology, Ph.D. graduate student of department of Information Management ( g @yuntech.edu.tw). Hong-Jie Chen is at National Yunlin University of Science & Technology, graduate student of department of Information Management ( g @yuntech.edu.tw). stop up all attacks effectively. For this reason, Computer Forensics is spring up. The theory of computer forensics is a new developing research field in recent years. The purposes are looking for the evidence of invading from the electronic medium. It is divided into two steps of searching evidence live and lab analysis. Electronic information has characteristics: easy to carry and revise, so how to obtain the most representative materials effectively, it is one of the focal points collecting the materials in this field. Although there is a science of computer forensics science to help, show a fact from the historical materials and every case, namely user's historical information which have already been destroyed, even has not set up initially, will cause information that can be use too little and unable to analyze. Therefore, we will lose the best evidence to declare guilty and this is difficulty on computer forensics. Maintaining the computer is a system administrator's daily most important affair, however, complexity and efficiency of system management is closely related to range of management, the amount of computer and the computer s type. However, the host computer is one close system and a lot of cases are pointed out, the system which makes a mistake, even influence the operation of organization seriously, unable to check and what happens effectively, the greatest reason is not recording. So, the concept of record of an incident (LOGs) is widely used on system management. Through the mechanism of LOGs, the operation of host computer system can be effectively recorded and enable the system administrator to follow the mark to find out the problem too, for systematic administrator, the existence of log file is definitely essential. [1] SOC (security operation center), the structure has offered the characteristic which controlled wholly. SOC focuses on pinpointing the problems and handling problems in time. However, the follow-up procedure after intrusion is still weak. So this Research s purpose lies in combining structure of SOC and setting up a real-time remote log collect-monitoring system with characteristic of cyber forensics. Through real-time remote log collect-monitoring system, we can is make sure reliability of collecting log data and these data can stand for the original data completely. They can be regarded as the crime evidence on the court. II. LITERATURE REVIEW A. Computer Forensics Computer forensics is considered as an important link in crime judgment. The purpose is getting several electronic 35
2 evidences and offers the court as evidence, so we must focus on the usability and uniqueness of the evidence. Therefore the evidence can be recognized as standing for the condition at that time. [2] And its methods and basic principles are [3]: (1)Obtain the primitive evidence in case of not changing or destroying the evidence. (2) Prove the evidence collected from the proof that is detained. (3) Analyze the evidence in case of not changing the proof. B. One-Way Hash Function with Public Key One-way hash function with public key is also calling message authentication code (MAC) [4]. MAC has a lot of the same characteristics as general one-way hash functions, what s different is adding the public key into MAC; In other words, only the people who have the key can verify MAC. And this kind of MAC based on the cipher theory is called HMAC. MAC is usually used in the information verification among different users, or is used for looking over whether the file is revised. While looking over whether the file is altered, the user can get MAC from the file and store the output value of MAC. When the file is altered, we can find the difference between old and new MAC. In this situation, if we only use general hash function, we can not find if this file is altered. In case of adopting HMAC, unless the key is cracked, anyone without authorization is unable to make correct HMAC value. C. Digital Evidence Digital evidence is to utilize computer or network to produce binary type of data as evidences that can be stored or transmitted. In addition, digital evidences have characteristics of difficult obtaining, easy duplicating, and easy eliminating and easily altered. If you want to get relevant digit evidences after the incident of information safety happens, there must be a perfect method of collection, pick fetching, analyzing and keeping the evidence. Usually enterprise will monitor and audit the system by inside network equipment or protecting software like network servers, proxy servers, fire walls or intrusion detection systems. And the most common checking way is that let meaningful system or network incidents, log files store in the place the enterprise appoints to. For the administrator, these records that collect at ordinary times can also be the digit evidence which assert the crime of the network. D. Mechanism of Analyzing Incident Records The concept of record of an incident (LOGs) is widely used on system management. Through the mechanism of LOGs, the operation of host computer system can be effectively recorded and enable the system administrator to follow the mark to find out the problem too, for systematic administrator, the existence of log file is definitely essential. The concept of information security is more and more important nowadays. Log files are necessary to system and can write down all operational step effectively. We can trace what happened at that time through log mechanism. This is the greatest advantage of log, however, the problem that exits for a long time is how to store effectively. In enterprises, except for saving important files, the saving of system log files is beginning to be paid attention to too. We can see this trend from BS7799 norm. The supplier who focuses on the network service and computer service especially pay attention to the system log files. When you proceed to analyze of invading, the existence of incident records is the key to computer forensics. How to perfectly save incident records has been the important affair of information security. E. The Problem of Log Analysis The existence of log files can offer administrators a tool that can track back to what happened at that moment. However, the log analysis is a quite huge burden, the reason is as follows: There are too many kinds of log files. The content of the record is too huge. The record only reflects the state at that time. It is difficult to keep the record. Moreover, although log files can write down the systematic state loyally, the judging and reading of what is a unusual incident and finding out what s the problem quickly are not every system manager can be competent, especially with numbers of the log files. So filtering the log file and appearing the content of the log file effectively become key factors whether the mechanism of log analysis success. F. Security Operation Center (SOC) Security Operation Center (SOC) is an integrated security control mechanism. The purpose lies in managing and monitoring many computers with different platforms and making a response when detecting the behavior of intrusion. A SOC will include following five subsystems: event generations, collection system, formatted messages database, analysis system and reaction system. Through the cooperation of five systems, we can monitor remote computers in center and make the correct response while encountering the information security incident at any time. [5] SOC can no doubt offer a complete mechanism in security management, but the structure of SOC is too huge. Moreover, for the systematic complexity, we should have SOC made to order to fit every enterprise s requirements and cost a large amount of money buying software, hardware and training people. So it is necessary to set up Light-SOC. III. PROPOSED ARCHITECTURE Our research will develop a real-time remote log collect-monitoring system with characteristic of cyber forensics [6] and the administrator can manage and monitor remote computers on the website. Based on computer forensics, it not only can offer the reliability of data transmission and the usability of information but hasten dealing with the procedure of computer forensics. To the influenced computer, it can be recovered with higher speed without shutting down when searching for the evidence. Under the normal situation, Light-SOC system will continue monitoring and can notify the 36
3 administrator by the way of setting up many kinds of early warning notices. Our research will combine the advantage of SOC and computer forensics to develop the Light SOC with characteristic of cyber forensics. A. Real Time Collection of Log That there are many kinds of methods can be used in data synchronization. For example, the backup of different places is often used rsync package through the method of synchronization, and it obtains the data of remote host in order to prevent missing of data. However, the feature of log is produced reports to original log file anytime (such as linux, it will be produced at /var/log/message). Therefore, the traditional regular synchronization transmission is not suitable for this framework which we propose. Fortunately, the syslogd[7] provides the mode of remote synchronization and remote record to users to obtain data. Through setting command (syslogd -r -m 0 is the command which used to start remote record host up), it can be achieved a collecting host which could record log data of many monitoring host. Remote Log Collection-Monitoring mechanism use UDP protocol to send data. Normally, UDP is not a reliable protocol because it can not ensure the reliability of the log data. Log data miss may be result in the judgment will be overruled in the cyber forensics. So all log data can be ensured that correctly received by client and real-time synchronization. It is the key point of this research. This research will use Syslog-ng[8] to replace syslog. Syslog-ng can use its syslog protocol that can confirm transmission method or TCP protocol to transfer remote record. It can solve the program that syslog use UDP to transfer data. B. The Structure of Light SOC The purpose of SOC is setting up the monitor center of network node on a large scale and collects the information extensively from all computers in the monitoring range. Information collected includes the information of the package, checking system state of the host computer, A perfect security centre must consider every situation that properly happens, however, the enterprise limited to the funds, can not set up so perfect monitoring structure. If we only focus on log information of the network equipment and monitoring hosts, we can still achieve the goal of making alerts and informing the administrator immediately when something wrong. Therefore, our research proposes a structure of Light SOC that can be installed easily and monitor remote computers effectively. The structure of Light SOC is as fig. 1. C. Remote Host Information Agent subsystem (RHIA) Remote host information agent subsystem (RHIA) which combines with the mechanism of log collection in time offers users to set up collection mechanism on remote host, remote host computers that are monitored must be set up this agent in these computers. RHIA will offer the dependability of transmission and will transmit the log information which remote monitored host produce to the central host computer immediately. Therefore, RHIA is the first subsystem of this structure that can offer the necessary information controlled in the range. D. Event Log Collection Subsystem (ELC) The main purpose of event log collection subsystem (ELC) is receiving log information form the RHIA. RHIA will turn primitive Log data into the hash code and finish transmission through TCP. And ELC will classify the service depending on the type of transmission data and separate the log messages adding to the hash code from the original log messages. The log information from RHIA will be received by ELC. Fig. 1. The Structure of Light SOC E. Data Formatting (DF) Data formatting (DF) offers the function of cutting log messages mainly. Except that the log type is complicated via collecting the log information from remote hosts, how to classify and store effectively influences the judgment of abnormal state and the inference result. Therefore, the purpose of the DF lies in utilizing formatting rule that is designed to format the log messages. While storing in the conclusion database after formatting, those log information will be handled by the inference engine subsystem. DF makes use of the database to preserve the log data and the database is used for preserving log messages and its hash code. This database is no longer changed after being once preserved and you can use the secondary facility to backup these data. The purpose lies in offering complete information about monitored host and can solve the problem of collecting the evidence incompletely in the procedure of traditional computer forensics. Moreover, we can verify the uniqueness log data. F. Inference Engine Subsystem (IE) The inference engine subsystem (IE) can offer the inference result about the unusual state to the center host. Log information will reflect the state of remote monitored host at present, however, too much log information users are unable to 37
4 observe one and find out the problem. Therefore, IE utilizes the way of positive inference to filter out log information that reflect something wrong and adopt the way of negative inference to reduce the production of false alerts which confusing the administrator. False alerts will be ignored directly and real alerts will be recorded in the database to export the pre- warning alert by the log control monitor console. G. Log Monitor Console Subsystem (LMC) The log monitor console (LMC) is a management mechanism based on the web and the concept of global design is from the structure of SOC. And LMC can solve the problem of management across time and space, offer a integrated mechanism of management to a system manager too and deal with the problem efficiency. LMC has four functions including: Real time monitor: Real time monitors the log status in the system. Search log messages can also achieve the objective of find suspected event to prevent it and find it as quickly as possible. The analysis of risk in security: we can view the risk level at present of computer monitored in the form of statistical chart. It can express the purpose of a large number of information, make the administrator find out the degree of risk index and decide the opportunity to deal with. System status: Each monitored detailed status of host, include warning, attacked information, status at present, can aim at each host to proceed from further judgment of detailed information. The pre-warning depending on levels: Except instant monitoring system, it is a point that the notice of the incident. Through the notice of the pre-warning alert, the administrator can pinpoint the problems as soon as possible to solve the problem fast. Therefore, except for informing the administrator incidents in security, the administrator can decide the grade of notice of the pre-warning alert flexibly to reduce unnecessary information. H. Adding the Mechanism of HMAC HMAC often uses in different users message checking or whether the document is modified or not. If there is able a key to effectively manage, then HMAC is also able used to check the identity whether it is modified or not. (1) When Syslog-ng receive the log data from host, it will add the secret key(k) of the host in the front of the log messages and send to the Hash function to produce Digest value. Then the original log message and its Digest value will be saved to the database and use TCP protocol to send these data to remote central collection server. (2) Collection server will save log messages with(d) in its proposed database. Each host that in SOC monitor range will all have its secret key(k) and be managed by SOC manager to let log messages be checked if security event happen. Each host or server has independent (K), so it can be checked for which host or server send. Plus (K) and log messages that be saved in collection Server can be checked whether messages be falsified or not. Then check that saved in host s or server s original log messages will let it be the second confirm message to check whether falsified or not. (3) The log messages that will been monitored host or server produced log messages has been saved in the collection server database. The follow work will use the has been defined SOC analysis rule etc. to filter and show the event or information. Let SOC manager do real time monitor work. Fig. 2. Diagram of HMAC Framework IV. CONCLUSION This research brings up a Real-Time Remote Log Collect-Monitoring System with Characteristic of Cyber Forensics for organization that has not enough budget or facilities. It can monitor system and network node in proposed monitor range. If security event happens, the saved data can let analysis unit effective and usable to further cyber forensics works. Let the effect substantially reduced for cyber forensics process. ACKNOWLEDGEMENT This work was supported in part by TWISC@NCKU, National Science Council under the Grants NSC P Y and part by NSC E REFERENCES [1] S. Axelsson, U. Lindqvist, U. Gustafson, E. Jonsson, An Approach to UNIX Security Logging Proc. 21st NIST-NCSC National Information Systems Security Conference,1998 [2] Kruse, W. & Heiser, J. (2002). Computer forensics: Incident response essentials, Boston: Addison Wesley. 38
5 [3] G. Kruse II and J. G. Heiser, Computer Forensic: Incident Response Essentials, Addison Wesley, 2002, pp:2-8, [4] W. Stallings, Cryptography and Network Security: Principles and Practice, 3rd ed., Prentice Hall, August [5] R. Bidou, Security Operation Center Concepts & Implementation, Iv2 Technologies,. oncept.pdf [6] J. Marcella, S. Greenfield, Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, Auerbach Publications, [7] C. Lonvick, RFC The BSD syslog Protocol,, IETF Network Working Group, [8] Syslog-ng, 39
Information Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationDigital Evidence Search Kit
Digital Evidence Search Kit K.P. Chow, C.F. Chong, K.Y. Lai, L.C.K. Hui, K. H. Pun, W.W. Tsang, H.W. Chan Center for Information Security and Cryptography Department of Computer Science The University
More informationNetwork Security Monitoring
CEENET/GEANT Security Workshop Sofia, 2014 Network Security Monitoring An Introduction to the world of Intrusion Detection Systems Irvin Homem irvin@dsv.su.se Stockholm University Who am I? Of Indian and
More informationCover. White Paper. (nchronos 4.1)
Cover White Paper (nchronos 4.1) Copyright Copyright 2013 Colasoft LLC. All rights reserved. Information in this document is subject to change without notice. No part of this document may be reproduced
More informationIntroducing the product
Introducing the product The challenge Database Activity Monitoring provides privileged user and application access monitoring that is independent of native database logging and audit functions. It can
More informationsyslog-ng Store Box PRODUCT DESCRIPTION Copyright 2000-2009 BalaBit IT Security All rights reserved. www.balabit.com
syslog-ng Store Box PRODUCT DESCRIPTION Copyright 2000-2009 BalaBit IT Security All rights reserved. www.balabit.com Introduction Log messages contain information about the events happening on the hosts.
More informationA Review on Network Intrusion Detection System Using Open Source Snort
, pp.61-70 http://dx.doi.org/10.14257/ijdta.2016.9.4.05 A Review on Network Intrusion Detection System Using Open Source Snort Sakshi Sharma and Manish Dixit Department of CSE& IT MITS Gwalior, India Sharmasakshi1009@gmail.com,
More informationISO 27001 COMPLIANCE WITH OBSERVEIT
ISO 27001 COMPLIANCE WITH OBSERVEIT OVERVIEW ISO/IEC 27001 is a framework of policies and procedures that include all legal, physical and technical controls involved in an organization s information risk
More informationLecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation
Computer Forensics and Digital Investigation Computer Security EDA263, lecture 14 Ulf Larson Lecture outline! Introduction to Computer Forensics! Digital investigation! Conducting a Digital Crime Scene
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationNetwork Monitoring & Management Log Management
Network Monitoring & Management Log Management Network Startup Resource Center www.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationSignificance of Hash Value Generation in Digital Forensic: A Case Study
International Journal of Engineering Research and Development e-issn : 2278-067X, p-issn : 2278-800X, www.ijerd.com Volume 2, Issue 5 (July 2012), PP. 64-70 Significance of Hash Value Generation in Digital
More informationRed Condor Syslog Server Configurations
Red Condor Syslog Server Configurations May 2008 2 Red Condor Syslog Server Configurations This application note describes the configuration and setup of a syslog server for use with the Red Condor mail
More informationHIDS and NIDS Hybrid Intrusion Detection System Model Design Zhenqi Wang 1, a, Dankai Zhang 1,b
Advanced Engineering Forum Online: 2012-09-26 ISSN: 2234-991X, Vols. 6-7, pp 991-994 doi:10.4028/www.scientific.net/aef.6-7.991 2012 Trans Tech Publications, Switzerland HIDS and NIDS Hybrid Intrusion
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationtechsafe Features Technology Partners - 2955 20th Street - Vero Beach, FL 32960 - www.techpart.net - (772) 299-5178 Page 1/9 0910080-01
techsafe Features Page 1/9 Contents 3 Introduction 3 Ease-of-Use Simple Installation Automatic Backup Off-Site Storage Scalability File Restoration 24/7 5 Security File Compression Encryption Transmission
More informationSCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards
SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which
More informationWeb-Based Data Backup Solutions
"IMAGINE LOSING ALL YOUR IMPORTANT FILES, IS NOT OF WHAT FILES YOU LOSS BUT THE LOSS IN TIME, MONEY AND EFFORT YOU ARE INVESTED IN" The fact Based on statistics gathered from various sources: 1. 6% of
More informationSecurity FAQs (Frequently Asked Questions) for Xerox Remote Print Services
Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services February 30, 2012 2012 Xerox Corporation. All rights reserved. Xerox and Xerox and Design are trademarks of Xerox Corporation
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationThe Comprehensive Guide to PCI Security Standards Compliance
The Comprehensive Guide to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
More informationLOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE As part of the Tripwire VIA platform, Tripwire Log Center offers out-of-the-box integration with Tripwire Enterprise to offer visibility
More informationComputer Hacking Forensic Investigator v8
CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! Computer Hacking Forensic Investigator v8 Course Description: EC-Council releases the most advanced Computer
More informationCorreLog Alignment to PCI Security Standards Compliance
CorreLog Alignment to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
More informationNetwork Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶
Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course
More informationNEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus
NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus CSCI - 440 Network Security and Perimeter Protection 3-0-3 CATALOG DESCRIPTION This
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationDepartment of Computer & Information Sciences. INFO-450: Information Systems Security Syllabus
Department of Computer & Information Sciences INFO-450: Information Systems Security Syllabus Course Description This course provides a deep and comprehensive study of the security principles and practices
More informationIntrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS) What are They and How do They Work? By Wayne T Work Security Gauntlet Consulting 56 Applewood Lane Naugatuck, CT 06770 203.217.5004 Page 1 6/12/2003 1. Introduction Intrusion
More informationIBM Security QRadar Vulnerability Manager Version 7.2.1. User Guide
IBM Security QRadar Vulnerability Manager Version 7.2.1 User Guide Note Before using this information and the product that it supports, read the information in Notices on page 61. Copyright IBM Corporation
More informationSOFTNIX LOGGER Centralized Logs Management
SOFTNIX LOGGER Centralized Logs Management STANDARD, RELIABLE, SECURITY Softnix Logger Our goal is not only regulate data follow by cyber law but also focus on the most significant such as to storage data
More informationNetwork Monitoring & Management Log Management
Network Monitoring & Management Log Management These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) Syslog
More informationIHE Secure Node Tests
Integrating the Healthcare Enterprise IHE Secure Node Tests Electronic Radiology Laboratory Mallinckrodt Institute of Radiology 510 South Kingshighway Blvd. St. Louis, MO 63110 314.362.6965 (Voice) 314.362.6971
More informationHow To Understand And Understand The Ssl Protocol (Www.Slapl) And Its Security Features (Protocol)
WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP581 - L22 1 Outline of this Lecture Brief Information on SSL and TLS Secure Socket Layer (SSL) Transport Layer Security
More informationTABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY
IT FIREWALL POLICY TABLE OF CONTENT 1. INTRODUCTION... 3 2. TERMS AND DEFINITION... 3 3. PURPOSE... 5 4. SCOPE... 5 5. POLICY STATEMENT... 5 6. REQUIREMENTS... 5 7. OPERATIONS... 6 8. CONFIGURATION...
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationNetwork Monitoring & Management Log Management
Network Monitoring & Management Log Management Network Startup Resource Center www.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationA Prevention & Notification System By Using Firewall. Log Data. Pilan Lin
A Prevention & Notification System By Using Firewall Log Data By Pilan Lin 1 Table Of Content ABSTRACT... 3 1 INTRODUCTION... 4 2. Firewall Log data... 6 2.1 How to collect log data... 6 3. Prevention
More informationA Study of Technology in Firewall System
2011 IEEE Symposium on Business, Engineering and Industrial Applications (ISBEIA), Langkawi, Malaysia A Study of Technology in Firewall System Firkhan Ali Bin Hamid Ali Faculty of Science Computer & Information
More informationThe Business Benefits of Logging
WHITEPAPER The Business Benefits of Logging Copyright 2000-2011 BalaBit IT Security All rights reserved. www.balabit.com 1 Table of Content Introduction 3 The Business Benefits of Logging 4 Security as
More informationThe syslog-ng Store Box 3 F2
The syslog-ng Store Box 3 F2 PRODUCT DESCRIPTION Copyright 2000-2014 BalaBit IT Security All rights reserved. www.balabit.com Introduction The syslog-ng Store Box (SSB) is a high-reliability and high-performance
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationSecurity Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1
JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us
More informationInformation Technology Audit & Forensic Techniques. CMA Amit Kumar
Information Technology Audit & Forensic Techniques CMA Amit Kumar 1 Amit Kumar & Co. (Cost Accountants) A perfect blend of Tax, Audit & Advisory services Information Technology Audit & Forensic Techniques
More informationIdentifying Data Integrity in the Cloud Storage
www.ijcsi.org 403 Identifying Data Integrity in the Cloud Storage Saranya Eswaran 1 and Dr.Sunitha Abburu 2 1 Adhiyamaan College of Engineering, Department of Computer Application, Hosur. 2 Professor and
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationOnline Backup Solution Features
CCC Technologies, Inc. 700 Nicholas Blvd., Suite 300 Elk Grove Village, IL 60007 877.282.9227 www.ccctechnologies.com Online Backup Solution Features Introduction Computers are the default storage medium
More informationEC-Council Ethical Hacking and Countermeasures
EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More informationOverview of Computer Forensics
Overview of Computer Forensics Don Mason, Associate Director National Center for Justice and the Rule of Law University of Mississippi School of Law [These materials are based on 4.3.1-4.3.3 in the National
More informationIoT Security Platform
IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there
More informationDisaster Recovery Configuration Guide for CiscoWorks Network Compliance Manager 1.8
Disaster Recovery Configuration Guide for CiscoWorks Network Compliance Manager 1.8 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel:
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationHow To Backup Your Hard Drive With Pros 4 Technology Online Backup
Pros 4 Technology Online Backup Features Introduction Computers are the default storage medium for most businesses and virtually all home users. Because portable media is quickly becoming an outdated and
More informationPCI DSS Requirements - Security Controls and Processes
1. Build and maintain a secure network 1.1 Establish firewall and router configuration standards that formalize testing whenever configurations change; that identify all connections to cardholder data
More informationBig Data Storage Architecture Design in Cloud Computing
Big Data Storage Architecture Design in Cloud Computing Xuebin Chen 1, Shi Wang 1( ), Yanyan Dong 1, and Xu Wang 2 1 College of Science, North China University of Science and Technology, Tangshan, Hebei,
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationIntroduction. Ease-of-Use
Remote Data Backup Introduction Computers are the default storage medium for most businesses and virtually all home users. Because portable media is quickly becoming an outdated and expensive method for
More informationCSC 474 Information Systems Security
CSC 474 Information Systems Security Introduction About Instructor Dr. Peng Ning, assistant professor of computer science http://www.csc.ncsu.edu/faculty/ning pning@ncsu.edu (919)513-4457 Office: Room
More informationConfiguring Syslog Server on Cisco Routers with Cisco SDM
Configuring Syslog Server on Cisco Routers with Cisco SDM Syslog is a standard for forwarding log messages in an Internet Protocol (IP) computer network. It allows separation of the software that generates
More informationSufficiency of Windows Event log as Evidence in Digital Forensics
Sufficiency of Windows Event log as Evidence in Digital Forensics Nurdeen M. Ibrahim & A. Al-Nemrat, Hamid Jahankhani, R. Bashroush University of East London School of Computing, IT and Engineering, UK
More informationTime Synchronization of Computer in secure manner while using Teleclock & NTP Services
Time Synchronization of Computer in secure manner while using Teleclock & NTP Services Shilpa 1 and Parveen Sharma 2 1 Research Scholar Shri Krishan Institute of Engineering & Technology, Kurukshetra University,
More informationOverview. Timeline Cloud Features and Technology
Overview Timeline Cloud is a backup software that creates continuous real time backups of your system and data to provide your company with a scalable, reliable and secure backup solution. Storage servers
More informationHIPAA Security COMPLIANCE Checklist For Employers
Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major
More informationMANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But
More informationNetwork Security. Introduction. Security services. Players. Conclusions. Distributed information Distributed processing Remote smart systems access
Roadmap Introduction Network services X.800 RFC 2828 Players Marco Carli Conclusions 2 Once.. now: Centralized information Centralized processing Remote terminal access Distributed information Distributed
More informationNetwrix Auditor for SQL Server
Netwrix Auditor for SQL Server Quick-Start Guide Version: 7.1 10/26/2015 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment from
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationMANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both.
More informationDesign and Implementation of a Live-analysis Digital Forensic System
Design and Implementation of a Live-analysis Digital Forensic System Pei-Hua Yen Graduate Institute of Information and Computer Education, National Kaohsiung Normal University, Taiwan amber8520@gmail.com
More informationSVA Backup Plus Features
1221 John Q. Hammons Drive Madison, WI 53717 P.O. Box 44966, Madison, WI 53717 P: 608.826.2400 TF: 800.366.9091 F: 608.831.4243 www.sva.com Introduction Computers are the default storage medium for most
More informationIntelli-Restore as an Instantaneous Approach for Reduced Data Recovery Time
Intelli-Restore as an Instantaneous Approach for Reduced Data Recovery Time Leon Mugoh, Ismail Lukandu Ateya, Bernard Shibwabo Kasamani Faculty of Information Technology Strathmore University, Nairobi
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationMiami University. Payment Card Data Security Policy
Miami University Payment Card Data Security Policy IT Policy IT Standard IT Guideline IT Procedure IT Informative Issued by: IT Services SCOPE: This policy covers all units within Miami University that
More informationNovaTech NERC CIP Compliance Document and Product Description Updated June 2015
NovaTech NERC CIP Compliance Document and Product Description Updated June 2015 This document describes the NovaTech Products for NERC CIP compliance and how they address the latest requirements of NERC
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationNetwrix Auditor for Active Directory
Netwrix Auditor for Active Directory Quick-Start Guide Version: 7.1 10/26/2015 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment
More informationEvolved Backup Features Computer Box 220 5th Ave South Clinton, IA 52732 www.thecomputerbox.com 563-243-0016
Evolved Backup Features 1 Contents 3 Introduction 3 Ease-of-Use Simple Installation Automatic Backup Off-Site Storage Scalability File Restoration 24/7 6 Security File Compression Encryption Transmission
More informationTECHNICAL AUDITS FOR CERTIFYING EUROPEAN CITIZEN COLLECTION SYSTEMS
TECHNICAL AUDITS FOR CERTIFYING EUROPEAN CITIZEN COLLECTION SYSTEMS Technical audits in accordance with Regulation 211/2011 of the European Union and according to Executional Regulation 1179/2011 of the
More informationThe syslog-ng Store Box 3 LTS
The syslog-ng Store Box 3 LTS PRODUCT DESCRIPTION Copyright 2000-2012 BalaBit IT Security All rights reserved. www.balabit.com Introduction The syslog-ng Store Box (SSB) is a high-reliability and high-performance
More informationData Storage Security in Cloud Computing
Data Storage Security in Cloud Computing Prashant M. Patil Asst. Professor. ASM s, Institute of Management & Computer Studies (IMCOST), Thane (w), India E_mail: prashantpatil11@rediffmail.com ABSTRACT
More informationLecture II : Communication Security Services
Lecture II : Communication Security Services Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 What is Communication
More informationAn Introduction to Syslog. Rainer Gerhards Adiscon
An Introduction to Syslog Rainer Gerhards Adiscon What is Syslog? The heterogeneous network logging workhorse a system to emit/store/process meaningful log messages both a communications protocol as well
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More informationNetwrix Auditor for Windows Server
Netwrix Auditor for Windows Server Quick-Start Guide Version: 7.0 7/7/2015 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment from
More informationAn in-building multi-server cloud system based on shortest Path algorithm depending on the distance and measured Signal strength
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661,p-ISSN: 2278-8727, Volume 17, Issue 1, Ver. I (Jan Feb. 2015), PP 38-42 www.iosrjournals.org An in-building multi-server cloud system based
More informationReliable log data transfer
OWASP Switzerland Chapter December 2015 Reliable log data transfer About (r)syslog, logstash, and log data signing A field report pascal.buchbinder@adnovum.ch Agenda Why we need log data transfer Syslog
More informationIceWarp to IceWarp Server Migration
IceWarp to IceWarp Server Migration Registered Trademarks iphone, ipad, Mac, OS X are trademarks of Apple Inc., registered in the U.S. and other countries. Microsoft, Windows, Outlook and Windows Phone
More informationWindows Quick Start Guide for syslog-ng Premium Edition 5 LTS
Windows Quick Start Guide for syslog-ng Premium Edition 5 LTS November 19, 2015 Copyright 1996-2015 Balabit SA Table of Contents 1. Introduction... 3 1.1. Scope... 3 1.2. Supported platforms... 4 2. Installation...
More informationDETERMINATION OF THE PERFORMANCE
DETERMINATION OF THE PERFORMANCE OF ANDROID ANTI-MALWARE SCANNERS AV-TEST GmbH Klewitzstr. 7 39112 Magdeburg Germany www.av-test.org 1 CONTENT Determination of the Performance of Android Anti-Malware Scanners...
More informationExporting IBM i Data to Syslog
Exporting IBM i Data to Syslog A White Paper from Safestone Technologies By Nick Blattner, System Engineer www.safestone.com Contents Overview... 2 Safestone... 2 SIEM consoles... 2 Parts and Pieces...
More informationEnvironment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.
Cyber Security. Environment, Solutions and Case study. Special Telecommunications Service David Gabriel, Buciu Adrian Contact: gdavid13@sts.ro adibuciu@sts.ro Environment Network/services can be damaged
More informationProactive Security of E-business
I.J. Engineering and Manufacturing, 2012,4, 49-53 Published Online August 2012 in MECS (http://www.mecs-press.net) DOI: 10.5815/ijem.2012.04.06 Available online at http://www.mecs-press.net/ijem Proactive
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationCHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device
CHOOSING THE RIGHT PORTABLE SECURITY DEVICE A guideline to help your organization chose the Best Secure USB device Introduction USB devices are widely used and convenient because of their small size, huge
More informationSOUTHERN POLYTECHNIC STATE UNIVERSITY. Snort and Wireshark. IT-6873 Lab Manual Exercises. Lucas Varner and Trevor Lewis Fall 2013
SOUTHERN POLYTECHNIC STATE UNIVERSITY Snort and Wireshark IT-6873 Lab Manual Exercises Lucas Varner and Trevor Lewis Fall 2013 This document contains instruction manuals for using the tools Wireshark and
More informationDistributed syslog architectures with syslog-ng Premium Edition
Distributed syslog architectures with syslog-ng Premium Edition May 12, 2011 The advantages of using syslog-ng Premium Edition to create distributed system logging architectures. Copyright 1996-2011 BalaBit
More informationOn-line Payment and Security of E-commerce
ISBN 978-952-5726-00-8 (Print), 978-952-5726-01-5 (CD-ROM) Proceedings of the 2009 International Symposium on Web Information Systems and Applications (WISA 09) Nanchang, P. R. China, May 22-24, 2009,
More informationTIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13
COURSE TITLE : INFORMATION SECURITY COURSE CODE : 5136 COURSE CATEGORY : ELECTIVE PERIODS/WEEK : 4 PERIODS/SEMESTER : 52 CREDITS : 4 TIME SCHEDULE MODULE TOPICS PERIODS 1 Introduction to Computer Security
More informationSyslog Windows Tool Set (WTS) Configuration File Directives And Help
orrelog Syslog Windows Tool Set (WTS) Configuration File Directives And Help The CO-sysmsg.cnf file contains all the parameters and specifications related to the program s operation. This file is found
More information