Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections
|
|
|
- Ronald Harvey
- 8 years ago
- Views:
Transcription
1 Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections Abhinav Srivastava and Jonathon Giffin School of Computer Science Georgia Institute of Technology
2 Attacks Victim System Bot Strange processes Strange connections Backdoor Spyware Worm Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 2
3 Goals Detect and block outbound malicious network connections Detect and prevent remote attackers from connecting to local malware Remain tamper-resistant from direct attacks Victim System Bot Spyware Backdoor Worm Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 3
4 Network Firewall Internet Victim System Firewall Block Firewall Coarse policies Incomplete view Network App Tamper resistant Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 4
5 Host Firewall Internet Fine grained policies Complete view Victim System Network App Firewall Not tamper resistant Firewall Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 5
6 Virtualization-based Firewall Security VM Fine grained policies Complete view Victim VM Network App Driver Firewall Bridge Tamper resistant Driver Backend Shared Memory Driver Frontend Xen Physical Hardware Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 6
7 Challenges Correlate IP/port and corresponding process in guest VM Solution: Virtual Machine Introspection (VMI) Extract semantic information from raw memory Solution: OS knowledge to parse data structures Impose low overhead Solution: Selective introspection Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 7
8 Threat Model Hypervisor & security VM are secure Both user and kernel-level attacks are possible Expect to find the data structures at known places Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 8
9 Prototype System: Security VM User-space Kernel-space User Component Firewall Kernel Component Tamper resistance Independence Lightweight verification Xen Physical Hardware Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 9
10 Kernel Module Architecture Security VM User-space Kernel-space User Component Firewall Kernel Component Xen Physical Hardware Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 10
11 Kernel Module Architecture Security VM User-space Kernel-space Kernel Component Firewall Xen Physical Hardware Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 11
12 Kernel Module Architecture User-space Security VM Kernel-space Kernel Component Rule Table Packet Queue P1 P2 Driver Bridge Driver Backend Xen Physical Hardware Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 12
13 User Agent Architecture User-space Security VM Kernel-space Kernel Component Rule Table Packet Queue P1 P2 Driver Bridge Driver Backend Xen Physical Hardware Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 13
14 User Agent Architecture Security VM User Agent User-space Kernel-space Xen Physical Hardware Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 14
15 User Agent Architecture Security VM Victim VM System. map Whitelist User-space Kernel-space User Agent CR3 Page Directory Page Table User-space Kernel-space Kernel Data Structure Xen Physical Hardware Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 15
16 Kernel Data Structures Traversal Ports: Process: inet_hashinfo task_struct Linked list iteration hlist_head hlist_head hlist_head hlist_head Array iteration Linked list iteration task_struct hlist_node files_struct fdtable file file file sock Match Array Iteration hlist_node Return: Process information from task_struct Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 16
17 Security Evaluation Name Type Connection Type Result Blackhole Backdoor Inbound Blocked Gummo Backdoor Inbound Blocked Bdoor Backdoor Inbound Blocked Ovas0n Backdoor Inbound Blocked Cheetah Backdoor Inbound Blocked Apache-ssl Worm Blocked Apache-linux Worm Blocked Backdoor-Rev.b Worm Blocked Q8 Bot Blocked Kaiten Bot Blocked Coromputer Dunno Bot Blocked Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 17
18 Legitimate Connections Name rcp rsh yum rlogin ssh scp wget tcp client thttpd tcp server sshd Connection Type Inbound Inbound Inbound Result Allowed Allowed Allowed Allowed Allowed Allowed Allowed Allowed Allowed Allowed Allowed Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 18
19 Performance Evaluation Directions Inbound Connection to Victim VM Connection from Victim VM TCP Introspection Time (µs) UDP Introspection Time (µs) Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 19
20 Performance Evaluation Directions Without Time (s) With Time (s) Overhead File Transfer from Security VM to Victim VM % File Transfer from Victim VM to Security VM % Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 20
21 Performance Evaluation Directions Without Time (µs) With Time (µs) Overhead Time(µs) Connection from Security VM to Victim VM Connection from Victim VM to Security VM Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 21
22 Security Analysis Kernel data structures modification attacks Semantic kernel integrity [Petroni et al. Usenix Security 2006] Process renaming attacks Tripwire or disk introspection Code injection attacks DoS attacks Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 22
23 Conclusions provides tamper-resistant firewalling framework Combines both host and network level views Provides fine grained application-level filtering Imposes low overhead Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 23
24 Questions?. or send us Abhinav Srivastava Jonathon Giffin Thanks to: Steve Dawson (SRI International) Monirul Sharif (Georgia Tech) Bryan D. Payne (Georgia Tech) Andrea Lanzi (Georgia Tech) Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 24
25 Related Work Distributed Firewalling [Bellovin] Centralized Policy Design Distributed Enforcement of Policy Implementation of Distributed Firewalling [Ioannidis CCS 2000] Flexible OS Support Infrastructure [Garfinkel HotOS 2006] Virtual Machines for supporting distributed firewalling Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 25
26 Performance Evaluation Directions Without Time (µs) With Time (µs) Overhead Inbound Initiated Initiated Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections 26
Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections
Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections Abhinav Srivastava and Jonathon Giffin School of Computer Science, Georgia Institute of Technology {abhinav,giffin}@cc.gatech.edu
Automatic Discovery of Parasitic Malware
Automatic Discovery of Parasitic Malware Abhinav Srivastava and Jonathon Giffin School of Computer Science, Georgia Institute of Technology, USA {abhinav,giffin}@cc.gatech.edu Abstract. Malicious software
Soft-Timer Driven Transient Kernel Control Flow Attacks and Defense
Soft-Timer Driven Transient Kernel Control Flow Attacks and Defense Jinpeng Wei, Bryan D. Payne, Jonathon Giffin, Calton Pu Georgia Institute of Technology Annual Computer Security Applications Conference
End to End Defense against Rootkits in Cloud Environment Sachin Shetty
End to End Defense against Rootkits in Cloud Environment Sachin Shetty Associate Professor Electrical and Computer Engineering Director, Cybersecurity Laboratory Tennessee State University Tennessee State
Secure In-VM Monitoring Using Hardware Virtualization
Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif Georgia Institute of Technology Atlanta, GA, USA msharif@cc.gatech.edu Wenke Lee Georgia Institute of Technology Atlanta, GA, USA wenke@cc.gatech.edu
Firewalls and IDS. Sumitha Bhandarkar James Esslinger
Firewalls and IDS Sumitha Bhandarkar James Esslinger Outline Background What are firewalls and IDS? How are they different from each other? Firewalls Problems associated with conventional Firewalls Distributed
Operating System Interface Obfuscation and the Revealing of Hidden Operations
Operating System Interface Obfuscation and the Revealing of Hidden Operations Abhinav Srivastava 1 Andrea Lanzi 1,2 Jonathon Giffin 1 1 School of Computer Science, Georgia Institute of Technology 2 Dipartimento
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
Firewall Design Principles Firewall Characteristics Types of Firewalls
Firewall Design Principles Firewall Characteristics Types of Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for these slides. Fall 2008
Run-Time Deep Virtual Machine Introspection & Its Applications
Run-Time Deep Virtual Machine Introspection & Its Applications Jennia Hizver Computer Science Department Stony Brook University, NY, USA Tzi-cker Chiueh Cloud Computing Center Industrial Technology Research
Second-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they
Chapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
Abstract. 1. Introduction. 2. Threat Model
Beyond Ring-3: Fine Grained Application Sandboxing Ravi Sahita (ravi.sahita@intel.com), Divya Kolar (divya.kolar@intel.com) Communication Technology Lab. Intel Corporation Abstract In the recent years
Computer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 9 Firewalls and Intrusion Prevention Systems First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Firewalls and Intrusion
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 6, Nov. 10, 2010 Firewalls, Intrusion Prevention, Intrusion Detection
A1.1.1.11.1.1.2 1.1.1.3S B
CS Computer 640: Network AdityaAkella Lecture Introduction Networks Security 25 to Security DoS Firewalls and The D-DoS Vulnerabilities Road Ahead Security Attacks Protocol IP ICMP Routing TCP Security
Firewall Firewall August, 2003
Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also
Firewalls. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Firewall Design Principles
Firewalls Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Configurations
Firewalls. Chapter 3
Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border
Exploiting the x86 Architecture to Derive Virtual Machine State Information
2010 Fourth International Conference on Emerging Security Information, Systems and Technologies Exploiting the x86 Architecture to Derive Virtual Machine State Information Jonas Pfoh, Christian Schneider,
Evasion Resistant Intrusion Detection Framework at Hypervisor Layer in Cloud
Proc. of Int. Conf. on Advances in Communication, Network, and Computing, CNC Evasion Resistant Intrusion Detection Framework at Hypervisor Layer in Cloud Bhavesh Borisaniya and Dr. Dhiren Patel NIT Surat,
Securely Isolating Malicious OS Kernel Modules Using Hardware Virtualization Support
Journal of Computational Information Systems 9: 13 (2013) 5403 5410 Available at http://www.jofcis.com Securely Isolating Malicious OS Kernel Modules Using Hardware Virtualization Support Zhixian CHEN
Detecting Computer Worms in the Cloud
Detecting Computer Worms in the Cloud Sebastian Biedermann and Stefan Katzenbeisser Security Engineering Group Department of Computer Science Technische Universität Darmstadt {biedermann,katzenbeisser}@seceng.informatik.tu-darmstadt.de
Providing Flexible Security as a Service Model for Cloud Infrastructure
Providing Flexible Security as a Service Model for Cloud Infrastructure Dr. M. Newlin Rajkumar, P. Banu Priya, Dr. V. Venkatesakumar Abstract Security-as-a-Service model for cloud systems enable application
ProMoX: A Protocol Stack Monitoring Framework
ProMoX: A Protocol Stack Monitoring Framework Elias Weingärtner, Christoph Terwelp, Klaus Wehrle Distributed Systems Group Chair of Computer Science IV RWTH Aachen University http://ds.cs.rwth-aachen.de
Advanced Security Services with Trend Micro Deep Security and VMware NSX Platforms
A Trend Micro Technical White Paper June 2015 Advanced Security Services with Trend Micro and VMware NSX Platforms >> This document is targeted at virtualization, security, and network architects interested
Rootkit Detection on Virtual Machines through Deep Information Extraction at Hypervisor-level
Rootkit Detection on Virtual Machines through Deep Information Extraction at Hypervisor-level Xiongwei Xie Department of SIS UNC Charlotte Charlotte, NC 28223 Email: xxie2@uncc.edu Weichao Wang Department
Virtualization System Security
Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability
Efficient Monitoring of Untrusted Kernel-Mode Execution
Efficient Monitoring of Untrusted Kernel-Mode Execution Abhinav Srivastava and Jonathon Giffin School of Computer Science, Georgia Institute of Technology {abhinav,giffin}@cc.gatech.edu Abstract Recent
Outline. Introduction. State-of-the-art Forensic Methods. Hardware-based Workload Forensics. Experimental Results. Summary. OS level Hypervisor level
Outline Introduction State-of-the-art Forensic Methods OS level Hypervisor level Hardware-based Workload Forensics Process Reconstruction Experimental Results Setup Result & Overhead Summary 1 Introduction
Penetration Test Methodology on Information-Security Product Utilizing the Virtualization Technology
Penetration Test Methodology on Information-Security Product Utilizing the Virtualization Technology JungDae Kim (jdcom@ksel.co.kr) ByongKi Park (bgbak@ksel.co.kr) CONTENTS 1 Background Information 2 Vulnerability
OfficeScan 10 Enterprise Client Firewall Updated: March 9, 2010
OfficeScan 10 Enterprise Client Firewall Updated: March 9, 2010 What is Trend Micro OfficeScan? Trend Micro OfficeScan Corporate Edition protects campus networks from viruses, Trojans, worms, Web-based
CIT 480: Securing Computer Systems. Firewalls
CIT 480: Securing Computer Systems Firewalls Topics 1. What is a firewall? 2. Types of Firewalls 1. Packet filters (stateless) 2. Stateful firewalls 3. Proxy servers 4. Application layer firewalls 3. Configuring
Network Security: From Firewalls to Internet Critters Some Issues for Discussion
Network Security: From Firewalls to Internet Critters Some Issues for Discussion Slide 1 Presentation Contents!Firewalls!Viruses!Worms and Trojan Horses!Securing Information Servers Slide 2 Section 1:
CloudVMI: Virtual Machine Introspection as a Cloud Service
: Virtual Machine Introspection as a Service Hyun-wook Baek, Abhinav Srivastava and Jacobus Van der Merwe University of Utah Email: baekhw@cs.utah.edu, kobus@cs.utah.edu AT&T Labs - Research Email: abhinav@research.att.com
How To Stop A Malicious Process From Running On A Hypervisor
Hypervisor-Based Systems for Malware Detection and Prevention Yoshihiro Oyama ( 大 山 恵 弘 ) The University of Electro-Communications ( 電 気 通 信 大 学 ), Tokyo, Japan This Talk I introduce two hypervisor-based
Windows Server Virtualization & The Windows Hypervisor
Windows Server Virtualization & The Windows Hypervisor Brandon Baker Lead Security Engineer Windows Kernel Team Microsoft Corporation Agenda - Windows Server Virtualization (WSV) Why a hypervisor? Quick
FIREWALL POLICY DOCUMENT
FIREWALL POLICY DOCUMENT Document Id Firewall Policy Sponsor Laura Gibbs Author Nigel Rata Date May 2014 Version Control Log Version Date Change 1.0 15/05/12 Initial draft for review 1.1 15/05/14 Update
FORBIDDEN - Ethical Hacking Workshop Duration
Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once
Guardian: Hypervisor as Security Foothold for Personal Computers
Guardian: Hypervisor as Security Foothold for Personal Computers Yueqiang Cheng, Xuhua Ding Singapore Management University (SMU) The International Conference on Trust & Trustworthy Computing (TRUST),
Internet Security Firewalls
Overview Internet Security Firewalls Ozalp Babaoglu! Exo-structures " Firewalls " Virtual Private Networks! Cryptography-based technologies " IPSec " Secure Socket Layer ALMA MATER STUDIORUM UNIVERSITA
Digital evidence in virtual honeynets based on operating system level virtualization
Digital evidence in virtual honeynets based on operating system level virtualization Security and Protection of Information 2013, 22.-24.5.2013, Brno Pavol Sokol, Peter Pisarčík 2 Outline 1) Introduction
Virtualization for Cloud Computing
Virtualization for Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF CLOUD COMPUTING On demand provision of computational resources
Self-service Cloud Computing
Self-service Cloud Computing Published in Proceedings of ACM CCS 12 Shakeel Butt shakeelb@cs.rutgers.edu Abhinav Srivastava abhinav@research.att.com H. Andres Lagar-Cavilla andres@lagarcavilla.org Vinod
High-Availability Using Open Source Software
High-Availability Using Open Source Software Luka Perkov Iskon Internet, Zagreb, Croatia Nikola Pavković Ruđer Bošković Institute Bijenička cesta Zagreb, Croatia Juraj Petrović Faculty of Electrical Engineering
CS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
How To Protect Your Firewall From Attack From A Malicious Computer Or Network Device
Ch.9 Firewalls and Intrusion Prevention Systems Firewalls: effective means of protecting LANs Internet connectivity is essential for every organization and individuals introduces threats from the Internet
CSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Firewall 1 Basic firewall concept Roadmap Filtering firewall Proxy firewall Network Address Translation
ThreatSTOP Technology Overview
ThreatSTOP Technology Overview The Five Parts to ThreatSTOP s Service We provide 5 integral services to protect your network and stop botnets from calling home ThreatSTOP s 5 Parts: 1 Multiple threat feeds
Host-based Intrusion Prevention System (HIPS)
Host-based Intrusion Prevention System (HIPS) White Paper Document Version ( esnhips 14.0.0.1) Creation Date: 6 th Feb, 2013 Host-based Intrusion Prevention System (HIPS) Few years back, it was relatively
Seminar Computer Security
Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example
Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA
Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline
International Journal of Enterprise Computing and Business Systems ISSN (Online) : 2230-8849
WINDOWS-BASED APPLICATION AWARE NETWORK INTERCEPTOR Ms. Shalvi Dave [1], Mr. Jimit Mahadevia [2], Prof. Bhushan Trivedi [3] [1] Asst.Prof., MCA Department, IITE, Ahmedabad, INDIA [2] Chief Architect, Elitecore
Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.
RimApp RoadBLOCK goes beyond simple filtering! Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes. However, traditional
Virtual Computing and VMWare. Module 4
Virtual Computing and VMWare Module 4 Virtual Computing Cyber Defense program depends on virtual computing We will use it for hands-on learning Cyber defense competition will be hosted on a virtual computing
Lares: An Architecture for Secure Active Monitoring Using Virtualization
Lares: An Architecture for Secure Active Monitoring Using Virtualization Bryan D. Payne Martim Carbone Monirul Sharif Wenke Lee School of Computer Science Georgia Institute of Technology Atlanta, Georgia
FATKit: A Framework for the Extraction and Analysis of Digital Forensic Data from Volatile System Memory p.1/11
FATKit: A Framework for the Extraction and Analysis of Digital Forensic Data from Volatile System Memory DFRWS 2006: Work in Progress (WIP) Aug 16, 2006 AAron Walters 4TΦ Research Nick L. Petroni Jr. University
Firewalls CSCI 454/554
Firewalls CSCI 454/554 Why Firewall? 1 Why Firewall (cont d) w now everyone want to be on the Internet w and to interconnect networks w has persistent security concerns n can t easily secure every system
Security: Attack and Defense
Security: Attack and Defense Aaron Hertz Carnegie Mellon University Outline! Breaking into hosts! DOS Attacks! Firewalls and other tools 15-441 Computer Networks Spring 2003 Breaking Into Hosts! Guessing
Access Control Based on Dynamic Monitoring for Detecting Software Malicious Behaviours
Access Control Based on Dynamic Monitoring for Detecting Software Malicious Behaviours K. Adi, L. Sullivan & A. El Kabbal Computer Security Research Laboratory http://w3.uqo.ca/lrsi NCAC'05 1 Motivation
Chapter 5 Cloud Resource Virtualization
Chapter 5 Cloud Resource Virtualization Contents Virtualization. Layering and virtualization. Virtual machine monitor. Virtual machine. Performance and security isolation. Architectural support for virtualization.
Honeypot-Architectures using VMI Techniques
Honeypot-Architectures using VMI Techniques Stefan Floeren Betreuer: Nadine Herold, Stephan Posselt Seminar Future Internet SS2013 Lehrstuhl Netzarchitekturen und Netzdienste Fakultät für Informatik, Technische
Firewalls P+S Linux Router & Firewall 2013
Firewalls P+S Linux Router & Firewall 2013 Firewall Techniques What is a firewall? A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network
How To Protect A Network From Attack From A Hacker (Hbss)
Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures DAVID COLE, DIRECTOR IS AUDITS, U.S. HOUSE OF REPRESENTATIVES Assessment Planning Assessment Execution Assessment
CIT 668: System Architecture
CIT 668: System Architecture Cloud Security Topics 1. The Same Old Security Problems 2. Virtualization Security 3. New Security Issues and Threat Model 4. Data Security 5. Amazon Cloud Security Data Loss
ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy
ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy OVERVIEW The global communication and the continuous growth of services provided through the Internet or local infrastructure require to
Cloud Computing Security Master Seminar, Summer 2011
Cloud Computing Security Master Seminar, Summer 2011 Maxim Schnjakin, Wesam Dawoud, Christian Willems, Ibrahim Takouna Chair for Internet Technologies and Systems Definition of Cloud Computing 2 Cloud
Trusted VM Snapshots in Untrusted Cloud Infrastructures
Trusted VM Snapshots in Untrusted Cloud Infrastructures Abhinav Srivastava 1, Himanshu Raj 2, Jonathon Giffin 3, Paul England 2 1 AT&T Labs Research 2 Microsoft Research 3 School of Computer Science, Georgia
Firewalls (IPTABLES)
Firewalls (IPTABLES) Objectives Understand the technical essentials of firewalls. Realize the limitations and capabilities of firewalls. To be familiar with iptables firewall. Introduction: In the context
Firewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
Assessing the Performance of Virtualization Technologies for NFV: a Preliminary Benchmarking
Assessing the Performance of Virtualization Technologies for NFV: a Preliminary Benchmarking Roberto Bonafiglia, Ivano Cerrato, Francesco Ciaccia, Mario Nemirovsky, Fulvio Risso Politecnico di Torino,
WEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services
Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Udo Schneider Trend Micro Udo_Schneider@trendmicro.de 26.03.2013
Loophole+ with Ethical Hacking and Penetration Testing
Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,
Evolving Threat Landscape
Evolving Threat Landscape Briefing Overview Changing Threat Landscape Profile of the Attack Bit9 Solution Architecture Demonstartion Questions Growing Risks of Advanced Threats APT is on the rise 71% increase
Firewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)
Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Signature based IDS systems use these fingerprints to verify that an attack is taking place. The problem with this method
Secure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ
PAVING THE PATH TO THE ELIMINATION A RSACCESS WHITE PAPER 1 The Traditional Role of DMZ 2 The Challenges of today s DMZ deployments 2.1 Ensuring the Security of Application and Data Located in the DMZ
Stephen Coty Director, Threat Research
Emerging threats facing Cloud Computing Stephen Coty Director, Threat Research Cloud Environments 101 Cloud Adoption is Gaining Momentum Cloud market revenue will increase at a 36% annual rate Analyst
OS KERNEL MALWARE DETECTION USING KERNEL CRIME DATA MINING
OS KERNEL MALWARE DETECTION USING KERNEL CRIME DATA MINING MONISHA.T #1 and Mrs.UMA.S *2 # ME,PG Scholar,Department of CSE, SKR Engineering College,Poonamallee,Chennai,TamilNadu * ME,Assist.professor,
Cloud computing security
Cloud computing security Exploring information leakage in third-party compute clouds Yangchun Fu November 18 th, 2011 Outline 1 Introduction 2 EC2 cloud cartography 3 Co-residence 4 side-channel cross-vm
Stateful Inspection Technology
Stateful Inspection Technology Security Requirements TECH NOTE In order to provide robust security, a firewall must track and control the flow of communication passing through it. To reach control decisions
Cloud Operating Systems for Servers
Cloud Operating Systems for Servers Mike Day Distinguished Engineer, Virtualization and Linux August 20, 2014 mdday@us.ibm.com 1 What Makes a Good Cloud Operating System?! Consumes Few Resources! Fast
Netfilter. GNU/Linux Kernel version 2.4+ Setting up firewall to allow NIS and NFS traffic. January 2008
Netfilter GNU/Linux Kernel version 2.4+ Setting up firewall to allow NIS and NFS traffic January 2008 Netfilter Features Address Translation S NAT, D NAT IP Accounting and Mangling IP Packet filtering
CIT 480: Securing Computer Systems. Firewalls
CIT 480: Securing Computer Systems Firewalls Topics 1. What is a firewall? 2. Types of Firewalls 1. Packet filters (stateless) 2. Stateful firewalls 3. Proxy servers 4. Application layer firewalls 3. Configuring
Full and Para Virtualization
Full and Para Virtualization Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF x86 Hardware Virtualization The x86 architecture offers four levels
How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)
Security principles Firewalls and NAT These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) Host vs Network
Linux Firewalls (Ubuntu IPTables) II
Linux Firewalls (Ubuntu IPTables) II Here we will complete the previous firewall lab by making a bridge on the Ubuntu machine, to make the Ubuntu machine completely control the Internet connection on the
The QEMU/KVM Hypervisor
The /KVM Hypervisor Understanding what's powering your virtual machine Dr. David Alan Gilbert dgilbert@redhat.com 2015-10-14 Topics Hypervisors and where /KVM sits Components of a virtual machine KVM Devices:
Internet Security Firewalls
Internet Security Firewalls Ozalp Babaoglu ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA Overview Exo-structures Firewalls Virtual Private Networks Cryptography-based technologies IPSec Secure Socket Layer
Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak CR V4.1 Version 1.0 Eastman Kodak Company, Health Imaging Group Page 1 Table of Contents Table of Contents
Chapter 5. Figure 5-1: Border Firewall. Firewalls. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall
Figure 5-1: Border s Chapter 5 Revised March 2004 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Border 1. (Not Trusted) Attacker 1 1. Corporate Network (Trusted) 2 Figure
Virtual Switching Without a Hypervisor for a More Secure Cloud
ing Without a for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton) 1 Public Cloud Infrastructure Cloud providers offer computing resources
RCL: Software Prototype
Business Continuity as a Service ICT FP7-609828 RCL: Software Prototype D3.2.1 June 2014 Document Information Scheduled delivery 30.06.2014 Actual delivery 30.06.2014 Version 1.0 Responsible Partner IBM
Kernel Data Integrity Protection via Memory Access Control
Kernel Data Integrity Protection via Memory Access Control Abhinav Srivastava Ikpeme Erete Jonathon Giffin School of Computer Science, Georgia Institute of Technology {abhinav,ikpeme,giffin}@cc.gatech.edu
Security Considerations in Cloud Deployments Matthew Garrett <matthew.garrett@nebula.com>
Security Considerations in Cloud Deployments Matthew Garrett (cloud) Computing for the Enterprise Security concerns in traditional hosting Someone hacks your system Your hosting
Security and Integrity of a Distributed File Storage in a Virtual Environment
Security and Integrity of a Distributed File Storage in a Virtual Environment Gaspare Sala 1 Daniele Sgandurra 1 Fabrizio Baiardi 2 1 Department of Computer Science, University of Pisa, Italy 2 Polo G.
ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy
ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy OVERVIEW The global communication and the continuous growth of services provided through the Internet or local infrastructure require to