# Macroscopic Network Virus Statistics

Save this PDF as:

Size: px
Start display at page:

## Transcription

1 NetSec Macroscopic Network Virus Statistics Xinguang,Xiao 1 ; Bing,Wu 2 ; Yongliang,Qiu 3 ;Xiaobing,Zhang 4 (1 2 3: Antiy Labs Harbin P.O.Box ; 4: Harbin Institute of Technology Harbin Fanrong Street ) Abstract: Network viruses have become the primary security threats, so monitoring and macro statistics are important means to protect the Internet. Since network virus incidents are distributed incidents based on a large and complex system, so the macro description of network viruses is becoming a research topic. This paper introduces a comprehensive statistical analysis system of virus sample statistics, virus distribution statistics, virus network measurement, etc. Keywords: network virus; macro statistics; network assessment; infected node 1. Foreword Network virus outbreak is a serious and frequent network security incident which is basically in line with Moore's theorem, i.e. the number of viruses doubles every 18 months. Meanwhile, the network security incident is also in line with Metcalfe's theorem, i.e. the efficiency of the network is inversely proportional to the square of the number of users. It can be seen security incidents are inevitable for the internet because it is open and complex. As a result, virus monitoring and macro-statistics are essential for mastering the virus development trend and protecting the Internet. The difficulty of network virus statistics lies in the massive and discrete incidents. 2. The Purpose of Macro Statistics 2.1 Observe the Virus Infection Trend Through the macro statistics of network viruses, we can learn of the virus transmission situation in every region, and then develop virus defense solutions. 2.2 Control the Virus Transmission Situation After we master the global virus trend, we can figure out the solution. For example, Worm.Win32.Blast infected plenty of systems and took up most of the bandwidth of the network. In this manner of situation, we can drop antivirus tools in specific locations to prevent it from spreading.

2 2 NetSec Estimate the Virus Transmission Trend We take an area subnet as the data set, virus attack times or types as the Y axis, and the time as the X axis. Then we can draw a curve graph of a virus. If we change a variant, we can get a corresponding statistical graph. We can then analyze the graph, and learn something about the virus transmission trend. Eventually, we can scientifically estimate the virus trend in the future, 3. Sample/Database Audit As to analysis of the virus transmission trend, sample/database auditing is the most traditional and basic method. As for the statistics for network viruses, a two-dimensional analysis is needed. One development dimension is the depth, i.e. the generation of new viruses. The other development dimension is the breadth, i.e. the transmission scope of a virus during its life cycle. The sample/database audit is a statistical method on the virus development depth. Generally anti-virus companies will determine the types of new viruses according to a sample and signature audit. Viruses come from infected users reports and sample exchanges with partner companies. We audit the statistics of reported virus numbers, names of new viruses, etc. The number statistics can help us with the virus infection situation, while the name statistics can help us with the virus generation and database situation. For example, in 2004, Antiy Labs used this method to learn of the virus situation. We added 20,047 new independent viruses (including variants) to the database. The virus types are as follows: Table 1 Virus Distribution PE Virus 478 UNIX/Linux Virus 33 Worm 2239 Script 81 Trojan Horse 8969 Backdoor Tools 4010 Hacker Tools 1241 Virus Compiling Tools 279 Adware/Porn Plug-in Virus 668 Others 2049 The pie chart of new virus types in 2004 is as follows.

3 NetSec 广 告 / 色 情 件 3% 黑 客 工 具 6% 其 他 10% PE 病 毒 2% 蠕 虫 11% 脚 本 病 毒 0% 后 门 21% 病 毒 编 写 生 成 工 具 1% UNIX 0% 特 洛 伊 木 马 46% Figure 1 Virus Types in 2004 It can be seen that among all new viruses in 2004, Trojans, backdoor tools, and hacker tools account for 77%; worms account for 11%; and adware / porn plug-in viruses take up 3%. After analysis of this data, we can learn the generational trends of the new viruses. 4. A Contrast to Sample Auditing Antivirus vendors usually make their TOP 10 worm/virus list according to the report times over some unit of time. From a macro perspective, the report times are proportional to the number of infected nodes. In 2004, Antiy used the contrast assessment method and got the TOP 10 list of scanning worms.

4 4 NetSec2005 Worm.Win32.Sasser.a Worm.Win32.Padobot.m Worm.Win32.Fasong.a Worm.Win32.Sasser.d Worm.Win32.Padobot.n Worm.Win32.Padobot.r Worm.Win32.Padobot.p Worm.Win32.Padobot.u Worm.Win32.Padobot.h Worm.Win32.Padobot.g Figure 2 TOP 10 List of Scanning Worms in 2004(Antiy Labs) We can merge some viruses according to their families. For example, Antiy got the TOP 10 list of BOTs in 2004.

5 NetSec Figure 3 TOP 10 List of BOT Family in 2004(Antiy Labs) 5. Network Worm Detection and Pressure Assessment 5.1 The Current Situation Traditional network virus monitoring is generally on the local nodes or routing nodes, and researchers can t evaluate the virus pressure on the network node devices or the entire network. To solve this, we designed a backbone network virus detection system (VDS) which can listen to network traffic, precisely detect viruses, locate the infection sources and monitor virus behavior. Using this system, we can find a method to compute virus pressure on network outlets, gateways, switches, turnover nodes and end nodes. 5.2 Virus Detection System(VDS) VDS can listen to traffic in high-speed networks. The following figure shows its structure.

6 6 NetSec2005 Internet A. Sniffer B. Detection Engine C. Log D. Management Client Engine Figure 4 Structure of Virus Pressure Measurement System The original data we get will be processed as follows. Log Analyzer Reporter Database Mining Combination Log Saver Event Pre-processor Result Pre-processor Figure 5 Data Processing 5.3 Original Data and Statistics VDS can detect active worms, their behavior, attack times, traffic, etc. It can also get part of the statistical results. 5.4 The List of Active Worms We can get a list of active worms using VDS which can further rank them according to their transmission times during a unit of time.

7 NetSec Figure 6 TOP 10 Active Worms (Screenshot of VDS 1.0 WEB list; source: test nodes of HIT) 5.5 Virus Traffic Rank We can also record the virus traffic to assess the virus pressure. This can be helpful for network administrators. Figure 7: Ranked list of Worm Transmission Times (Screenshot of VDS 2.0 WEB report; source: test nodes of HIT; June 12, 2004) 5.6 Virus Stage Trend Statistics The system can find the curve of virus trend statistics and can estimate the future virus transmission situation.

8 8 NetSec2005 Figure 8: Virus Development Over Time (Screenshot of VDS 2.0 WEB; source: test nodes of edu.cn; August 2004) 5.7 Network Virus Pressure Calculation (1) Parameter Description: Κ :Virus traffic per time unit (based on data in this paper) Λ :Total virus package amount per time unit (based on data in this paper) L:Average size of virus packages (based on data in this paper) Θ :Effective nodes within the network (based on data in this paper) Φ :Absolute flow to pressure ratio, i.e. the ratio of worm bandwidth to the total bandwidth Ψ :Absolute amount to pressure ratio, i.e. the ratio of worm packet amount to upper limit of devices Σ vm:total number of virus s per time unit (based on data in this paper) Σ m:total number of s sent and received per time unit (based on data in this paper) Ε :Environmental flow coefficient, experience coefficient; look up in the table μ :Environmental Amount Coefficient, μ=1-ε μ n:device Amount Coefficient, μn=1-εn δ :Device processing coefficient, experience coefficient; look up in the table α :Broadcast coefficient, broadcast index used in measure scanning worms γ :Response coefficient, used to measure the two-way flows of scanning worms (2) Definition of Pressure Unit and Pressure Computation Net-pa: Relative index used to assess network worm pressure on the network outlet Net-pamax=1: The network outlet is totally occupied by worm pressure Net-pamin=0: The network outlet is not subject to any pressure

9 NetSec Since the outlet devices are quite different in their capabilities, we use ε comprehensive computation. =0.5 for In order to measure the pressure, we used the maximum Ethernet packet size of 1500 bytes as the analog worm packet. Without any background noise, we drop the worm packet on the outlet device. This way, the pressure on the outlet device is mainly traffic pressure, and the packet processing pressure can be ignored. As a result, the ratio can be considered as traffic-topressure ratio. We got the pressure curve Figure 9. Figure 9 Traffic-to-Pressure Ratios After that, we used a packet of 22 bytes as the analog worm packet. Without any background noise, we drop the worm packet on the outlet device. So, the pressure on the outlet device is mainly packet processing pressure, and the traffic pressure can be ignored. As a result, the ratio can be considered as amount-to- pressure ratio. We got the pressure curve in Figure 10. Figure 10 Amount-to-Pressure Ratios Then, we got the experience surface individually, superposed them, and got the following figure.

10 10 NetSec2005 Figure 11 Superposition of Traffic-to-Pressure Ratios and Amount-to-Pressure Ratios We carried out several algorithm analog, and then got the following experience module. Net-pa= e *10 Net-pa is the pressure unit. When it approaches 1, the network outlet is unavailable. In summary, measuring network worms is measuring a group of complicated network behaviors. We got the original data via a detection device that is based on bypassing traffic listening, and then we summarized the pressure computation formula and assessment methods of different nodes. 6. Geography Statistics (Virus Map) The virus map tells us the virus distribution geography. With this map we can learn of the virus outbreak in different regions. This method is of great significance to mastering the virus situation from a macro perspective. A traditional virus map is based on reported IPs and s, and IPs of online virus clearing users.

11 NetSec Figure 12 A Typical Virus Map (Source:pandasoftware.com) We could also use this method to get the virus distribution situation, but the result is of low granularity. VDS can directly locate the source nodes of viruses. Figure 13 Virus Source Nodes Location (Screenshot of VDS 2.0 WEB report; source: test nodes of HIT, August 28, 2004) When integrating it with the virus map, we can get more accurate virus regions.

12 12 NetSec2005 Figure 14 Virus Map (Screenshot of VDS 2.0 Virus Map plug-in; source: test nodes of HIT) 7. Statistics on Infection Rate and Number The statistics of infection rates and total infected nodes are the most difficult. The purpose of such statistics is learning of a virus infection within a period and then estimating virus development in the future. At present, there are four statistical methods: sampling, user reporting, VDS monitoring, and probe scanning. The sampling method is to sample a certain user group to get a result, and then use the statistical formula to apply the result to all the users. It is difficult and subject to a large margin of error. User reporting is to analyze the reported viruses, and then record the regions of reporting users, and then get the infection amount. It can t get an accurate relationship between the reported infection amount and the actual infection amount. VDS monitoring is using VDS to monitor the network and record the virus data. Due to the differences between proxy and servers, some errors are inevitable, especially for the intranet users (features of some scanning worms are the same). The probe scanning method is using a high-speed network segment scanner to scan and prove the existence of vulnerabilities on known ports. It can only be used for specific vulnerabilities, not specific viruses.

13 8. Calculation of Infection Nodes NetSec This method is integrating the statistical reports of scanning tools and experience data, and then getting the results. For example, we can compare the worm transmission time s rank and the user report time s rank, and then reach the following conclusion. Conclusion: Figure 15Virus Transmission Time s Rank and User Report Time s Rank Transmission times reflect the network pressure and the worm s sending ability. Users reports reflect the infected nodes. It can be seen that there is not necessarily any correlation between -sending ability and the number of the infected nodes. Trusted link based transmission can result in more serious infections. Some infected nodes are never repaired. Maybe they are control-free nodes on the Internet. 9. Conclusion The methods described in this paper are used for virus statistics. We use them to get the results and figures in this paper. References [1] Deng Hui,Research of Internet Worm,Doctorial Paper,Nan kai University,2000 [2] Wu Bing, Yun Xiaochun, Xiao Xinguang, Backbone Network Worm Pressure Measurement System Based on Bypass Monitor,AVER 2004

### Network Incident Report

To submit copies of this form via facsimile, please FAX to 202-406-9233. Network Incident Report United States Secret Service Financial Crimes Division Electronic Crimes Branch Telephone: 202-406-5850

### IPS Anti-Virus Configuration Example

IPS Anti-Virus Configuration Example Keywords: IPS, AV Abstract: This document presents a configuration example for the AV feature of the IPS devices. Acronyms: Acronym Full spelling IPS AV Intrusion Prevention

### Network Instruments white paper

Network Instruments white paper USING A NETWORK ANALYZER AS A SECURITY TOOL Network Analyzers are designed to watch the network, identify issues and alert administrators of problem scenarios. These features

### Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda

### Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware

### BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security

### NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent

### Section 12 MUST BE COMPLETED BY: 4/22

Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege

### 2. From a control perspective, the PRIMARY objective of classifying information assets is to:

MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

### Cryptography and Network Security Chapter 21. Malicious Software. Backdoor or Trapdoor. Logic Bomb 4/19/2010. Chapter 21 Malicious Software

Cryptography and Network Security Chapter 21 Fifth Edition by William Stallings Chapter 21 Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature:

### FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall

### IPS Attack Protection Configuration Example

IPS Attack Protection Configuration Example Keywords: IPS Abstract: This document presents a configuration example for the attack protection feature of the IPS devices. Acronyms: Acronym Full spelling

### Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

### Huawei Network Edge Security Solution

Huawei Network Edge Security Huawei Network Edge Security Solution Enterprise Campus Network HUAWEI TECHNOLOGIES CO., LTD. Huawei Network Edge Security Solution Huawei Network Edge Security 1 Overview

### The University of Kansas

All Greek Summary Rank Chapter Name Total Membership Chapter GPA 1 Beta Theta Pi 3.57 2 Chi Omega 3.42 3 Kappa Alpha Theta 3.36 4 Kappa Kappa Gamma 3.28 *5 Pi Beta Phi 3.27 *5 Gamma Phi Beta 3.27 *7 Alpha

### Seminar Computer Security

Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example

### CMPT 471 Networking II

CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

### CONFIGURING TCP/IP ADDRESSING AND SECURITY

1 Chapter 11 CONFIGURING TCP/IP ADDRESSING AND SECURITY Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 2 OVERVIEW Understand IP addressing Manage IP subnetting and subnet masks Understand IP security

### Fraternity & Sorority Academic Report Spring 2016

Fraternity & Sorority Academic Report Organization Overall GPA Triangle 17-17 1 Delta Chi 88 12 100 2 Alpha Epsilon Pi 77 3 80 3 Alpha Delta Chi 28 4 32 4 Alpha Delta Pi 190-190 4 Phi Gamma Delta 85 3

E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal

### Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

NIP IDS Product Overview The Network Intelligent Police (NIP) Intrusion Detection System (IDS) is a new generation of session-based intelligent network IDS developed by Huaweisymantec. Deployed in key

### Introduction to Network Security Lab 1 - Wireshark

Introduction to Network Security Lab 1 - Wireshark Bridges To Computing 1 Introduction: In our last lecture we discussed the Internet the World Wide Web and the Protocols that are used to facilitate communication

### Fraternity & Sorority Academic Report Fall 2015

Fraternity & Sorority Academic Report Organization Lambda Upsilon Lambda 1-1 1 Delta Chi 77 19 96 2 Alpha Delta Chi 30 1 31 3 Alpha Delta Pi 134 62 196 4 Alpha Sigma Phi 37 13 50 5 Sigma Alpha Epsilon

### Malicious Software. Malicious Software. Overview. Backdoor or Trapdoor. Raj Jain. Washington University in St. Louis

Malicious Software Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

### Security Toolsets for ISP Defense

Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.

### Innovative Defense Strategies for Securing SCADA & Control Systems

1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet

### Firewalls. Chapter 3

Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border

### The University of Kansas

Fall 2011 Scholarship Report All Greek Summary Rank Chapter Name Chapter GPA 1 Beta Theta Pi 3.57 2 Chi Omega 3.42 3 Kappa Alpha Theta 3.36 *4 Gamma Phi Beta 3.28 4 Kappa Kappa Gamma 3.28 6 Pi Beta Phi

### Security Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs

Security Engineering Part III Network Security Intruders, Malware, Firewalls, and IDSs Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer

### Networking for Caribbean Development

Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n

### Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business

### Consensus Policy Resource Community. Lab Security Policy

Lab Security Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is

### WEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project

WEB SECURITY Oriana Kondakciu 0054118 Software Engineering 4C03 Project The Internet is a collection of networks, in which the web servers construct autonomous systems. The data routing infrastructure

### PART D NETWORK SERVICES

CONTENTS 1 ABOUT THIS PART... 2 2 PUBLIC NETWORK... 2 Internet... 2 3 PRIVATE NETWORK... 3 Global WAN services... 3 4 SECURITY SERVICES... 3 Firewall... 4 Intrusion Prevention (Network)... 5 SSL/IPSEC

### E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html

α α λ α = = λ λ α ψ = = α α α λ λ ψ α = + β = > θ θ β > β β θ θ θ β θ β γ θ β = γ θ > β > γ θ β γ = θ β = θ β = θ β = β θ = β β θ = = = β β θ = + α α α α α = = λ λ λ λ λ λ λ = λ λ α α α α λ ψ + α =

### Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them

Lab Exercises Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Review Questions 1) In class, we made the distinction between a front-door attack and

### The Fundamental Failures of End-Point Security. Stefan Frei Research Analyst Director sfrei@secunia.com

The Fundamental Failures of End-Point Security Stefan Frei Research Analyst Director sfrei@secunia.com Agenda The Changing Threat Environment Malware Tools & Services Why Cybercriminals Need No 0-Days

### Data Center Security in a World Without Perimeters

www.iss.net Data Center Security in a World Without Perimeters September 19, 2006 Dave McGinnis Director of MSS Architecture Agenda Securing the Data Center What threats are we facing? What are the risks?

### Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses

E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-business has forever revolutionized the way business is done. Retail has now a long way from the days of physical transactions that were

### SECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning

SECURITY TERMS: Advisory - A formal notice to the public on the nature of security vulnerability. When security researchers discover vulnerabilities in software, they usually notify the affected vendor

### Computer Security DD2395

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin Lab 2: - prepare

### Penetration Testing Service. By Comsec Information Security Consulting

Penetration Testing Service By Consulting February, 2007 Background The number of hacking and intrusion incidents is increasing year by year as technology rolls out. Equally, there is no hiding place your

### Network Monitoring Tool to Identify Malware Infected Computers

Network Monitoring Tool to Identify Malware Infected Computers Navpreet Singh Principal Computer Engineer Computer Centre, Indian Institute of Technology Kanpur, India navi@iitk.ac.in Megha Jain, Payas

### Vulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper

Vulnerability Audit: Why a Vulnerability Scan Isn t Enough White Paper May 10, 2005 TABLE OF CONTENTS Introduction: How Secure Are My Systems?... 3 Vulnerability: The Modern Meaning Of A Muddled Word...

### Norton Personal Firewall for Macintosh

Norton Personal Firewall for Macintosh Evaluation Guide Firewall Protection for Client Computers Corporate firewalls, while providing an excellent level of security, are not always enough protection for

### Log Audit Ensuring Behavior Compliance Secoway elog System

As organizations strengthen informatization construction, their application systems (service systems, operating systems, databases, and Web servers), security devices (firewalls and the UTM, IPS, IDS,

### CYBER SECURITY. II. SCANDALOUS HACKINGS To show the seriousness of hacking we have included some very scandalous hacking incidences.

CYBER SECURITY Mandar Tawde, Pooja Singh, Maithili Sawant, Girish Nair Information Technology, Government Polytechnic Mumbai 49, Kherwadi Ali Yawar Jung Marg, Bandra (E), Mumbai-400051, India mandar258@gmail.com,

### Perspective on secure network for control systems in SPring-8

Perspective on secure network for control systems in SPring-8 Toru Ohata, M. Ishii, T. Fukui* and R. Tanaka JASRI/SPring-8, Japan *RIKEN/SPring-8, Japan Contents Network architecture Requirement and design

### Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Network Security Ola Lundh ola.lundh@hh.se Schedule/ time-table: landris.hh.se/ (NetwoSec) Course home-page: hh.se/english/ide/education/student/coursewebp ages/networksecurity cisco.netacad.net Packet

### Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

Network Security s Access lists Ingress filtering s Egress filtering NAT 2 Drivers of Performance RequirementsTraffic Volume and Complexity of Static IP Packet Filter Corporate Network The Complexity of

### IBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security

IBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security INTC-8608-01 CE 12-2010 Page 1 of 8 Table of Contents 1. Scope of Services...3 2. Definitions...3

### G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

For Public Use G/On Basic Best Practice Reference Guide Version 6 Make Connectivity Easy 2006 Giritech A/S. 1 G/On Basic Best Practices Reference Guide v.6 Table of Contents Scope...3 G/On Server Platform

### Network Security Demonstration - Snort based IDS Integration -

Network Security Demonstration - Snort based IDS Integration - Hyuk Lim (hlim@gist.ac.kr) with TJ Ha, CW Jeong, J Narantuya, JW Kim Wireless Communications and Networking Lab School of Information and

### CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human

### K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109

K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS v.109 1 The Exchange environment is an important entry point by which a threat or security risk can enter into a network. K7 Mail Security is a complete

### 1 Introduction. Agenda Item: 7.23. Work Item:

3GPP TSG SA WG3 Security S3#34 S3-040583 6-9 Jul 2004 updated S3-040566 Acapulco, Mexico Title: Selective Disabling of UE Capabilities; updated S3-040566 based on the comments on SA3 mailing list Source:

### SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria

### Network Security: A New Perspective. NIKSUN Inc.

Network Security: A New Perspective NIKSUN Inc. Security: State of the Industry Case Study: Hacker University Questions Dave Supinski VP of Regional Sales Supinski@niksun.com Cell Phone 215-292-4473 www.niksun.com

### Controlling Virus Infections in Internet and Web Servers A TRIZ based analysis

From the SelectedWorks of June, 2012 Controlling Virus Infections in Internet and Web Servers A TRIZ based analysis Available at: http://works.bepress.com/umakant_mishra/89/ Controlling Virus Infections

### Tunisia s experience in building an ISAC. Haythem EL MIR Technical Manager NACS Head of the Incident Response Team cert-tcc

Tunisia s experience in building an ISAC Haythem EL MIR Technical Manager NACS Head of the Incident Response Team cert-tcc 1 Agenda Introduction ISAC objectives and benefits Tunisian approach SAHER system

### Network Security Policy

Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus

### N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work

N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work How Firewalls Work By: Jeff Tyson If you have been using the internet for any length of time, and especially if

### SPAM FILTER Service Data Sheet

Content 1 Spam detection problem 1.1 What is spam? 1.2 How is spam detected? 2 Infomail 3 EveryCloud Spam Filter features 3.1 Cloud architecture 3.2 Incoming email traffic protection 3.2.1 Mail traffic

### Intrusion Detection. Tianen Liu. May 22, 2003. paper will look at different kinds of intrusion detection systems, different ways of

Intrusion Detection Tianen Liu May 22, 2003 I. Abstract Computers are vulnerable to many threats. Hackers and unauthorized users can compromise systems. Viruses, worms, and other kinds of harmful code

### Malicious Software. Raj Jain. Washington University in St. Louis

Malicious Software Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

### 1 Introduction. Agenda Item: 7.23. Work Item:

3GPP TSG SA WG3 Security S3#34 S3-040682 6-9 Jul 2004 updated S3-040632 Acapulco, Mexico Title: Selective Disabling of UE Capabilities; updated S3-040583 based on the comments in SA3#34 meeting Source:

### What Do You Mean My Cloud Data Isn t Secure?

Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

### Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Chapter 5: Security Concepts for Networks Firewalls Intrusion Detection

### Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications

Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security

### Network Security and Firewall 1

Department/program: Networking Course Code: CPT 224 Contact Hours: 96 Subject/Course WEB Access & Network Security: Theoretical: 2 Hours/week Year Two Semester: Two Prerequisite: NET304 Practical: 4 Hours/week

### Intrusion Detection in AlienVault

Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat

### Second-generation (GenII) honeypots

Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they

### Introduction: 1. Daily 360 Website Scanning for Malware

Introduction: SiteLock scans your website to find and fix any existing malware and vulnerabilities followed by using the protective TrueShield firewall to keep the harmful traffic away for good. Moreover

WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction

### Strategic Anti-malware Monitoring with Nessus, PVS, & LCE

Strategic Anti-malware Monitoring with Nessus, PVS, & LCE August 2, 2012 (Revision 2) Copyright 2002-2012 Tenable Network Security, Inc. Tenable Network Security, Nessus and ProfessionalFeed are registered

### Real-time Network Monitoring and Security Platform for Securing Next-Generation Network. Assoc. Prof. Dr. Sureswaran Ramadass

Real-time Network Monitoring and Security Platform for Securing Next-Generation Network Assoc. Prof. Dr. Sureswaran Ramadass The platform Definition A description of a software framework that makes services

### RSA Security Analytics

RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources

PROACTIVE PROTECTION AUTHOR: ANDREW NIKISHIN KASPERSKY LAB Heuristic Analyzer Policy-Based Security Intrusion Prevention System (IPS) Protection against Buffer Overruns Behaviour Blockers Different Approaches

### Malicious Software. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Viruses and Related Threats

Malicious Software Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Outline Viruses and Related Threats Malicious Programs The Nature of Viruses Antivirus

### Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software

CEN 448 Security and Internet Protocols Chapter 19 Malicious Software Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

### ThreatSTOP Technology Overview

ThreatSTOP Technology Overview The Five Parts to ThreatSTOP s Service We provide 5 integral services to protect your network and stop botnets from calling home ThreatSTOP s 5 Parts: 1 Multiple threat feeds

### Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway

Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway All transparent deployment Full HTTPS site defense Prevention of OWASP top 10 Website Acceleration

### Network Security: From Firewalls to Internet Critters Some Issues for Discussion

Network Security: From Firewalls to Internet Critters Some Issues for Discussion Slide 1 Presentation Contents!Firewalls!Viruses!Worms and Trojan Horses!Securing Information Servers Slide 2 Section 1:

### Deep Security Vulnerability Protection Summary

Deep Security Vulnerability Protection Summary Trend Micro, Incorporated This documents outlines the process behind rules creation and answers common questions about vulnerability coverage for Deep Security

### Virus Protection Across The Enterprise

White Paper Virus Protection Across The Enterprise How Firewall, VPN and /Content Security Work Together Juan Pablo Pereira Sr. Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda Avenue

### Network Security and the Small Business

Network Security and the Small Business Why network security is important for a small business Many small businesses think that they are less likely targets for security attacks as compared to large enterprises,

### Cyber Security Where Do I Begin?

ISPE Automation Forum Cyber Security Where Do I Begin? Don Dickinson Project Engineer Phoenix Contact ..50% more infected Web pages Click in the on one last and three you months won t of notice 2008 than

### CONSTRUCTION AND MANAGEMENT OF A SECURE NETWORK IN SPRING-8

1th ICALEPCS Int. Conf. on Accelerator & Large Expt. Physics Control Systems. Geneva, 1-14 Oct 2, TU3.2-3O (2) CONSTRUCTION AND MANAGEMENT OF A SECURE NETWORK IN SPRING-8 M. Ishii, T. Fukui, M. Kodera,

### Achieving SOX Compliance with Masergy Security Professional Services

Achieving SOX Compliance with Masergy Security Professional Services The Sarbanes-Oxley (SOX) Act, also known as the Public Company Accounting Reform and Investor Protection Act of 2002 (and commonly called

### 2 Technologies for Security of the 2 Internet

2 Technologies for Security of the 2 Internet 2-1 A Study on Process Model for Internet Risk Analysis NAKAO Koji, MARUYAMA Yuko, OHKOUCHI Kazuya, MATSUMOTO Fumiko, and MORIYAMA Eimatsu Security Incidents

### INTRUSION DETECTION SYSTEM

INTRUSION DETECTION SYSTEM INTRUSION DETECTION AND PREVENTION using SAX 2.0 and WIRESHARK Cain & Abel 4.9.35 Supervisor Dr. Akshai Kumar Aggarwal Director School of Computer Sciences University of Windsor

### Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to