Merging Network Configuration and Network Traffic Data in ISP-Level Analyses
|
|
- Claude Reeves
- 8 years ago
- Views:
Transcription
1 Merging Network Configuration and Network Traffic Data in ISP-Level Analyses Timothy J. Shimeall, Ph.D. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Presentation Title Jan 11 14, 2016 Distribution Statement 2016 Carnegie A: Approved Mellon University for Public Release; 1
2 Copyright 2016 Carnegie Mellon University This material is based upon work funded and supported by the Department of Defense under Contract No. FA C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN AS-IS BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. [Distribution Statement A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-us Government use and distribution. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. Carnegie Mellon and CERT are registered marks of Carnegie Mellon University. DM
3 Overview The Network Data Flood Analyst Needs Merger Methods Examples of Merger Practical Tips 3
4 Network Data Flood Network Configuration? Host identification Host criticality Host configuration Vulnerability scan Vulnerability impact Subnet relations Network Traffic Network Flows Packet captures Alerts Route information Address resolutions Service Logs 4
5 Analyst Needs Network observation What behaviors are seen from hosts of configuration X? What configurations contribute to the volume of behavior Y? Network orientation Which configurations have vulnerabilities scanned for during event Z? Which hosts are running the services exploited during event Z? Network understanding How difficult is it to apply patch Q on this network? What issues would be involved in blocking service R on this network? Network prediction What is likely to follow event Z due to our traffic and configuration? How likely are our customers to be affected by event Z? 5
6 Merger Methods Config-first: Using configuration to drive network traffic analysis Traffic-first: Using traffic to drive network configuration analysis Deep-dive: Goals-Questions-Metrics Sandwich: Iterate between traffic and configuration driving analysis 6
7 Examples of Merger Assessing encryption Start with hosts configured as servers for encrypted services Filter packets/flows/logs for those servers to generate profiles Identify common users of services Filter for other network points of contact for those users Associate services and configuration associated with those points Network attack impact Start with traffic indicators of attack Generate set of network hosts involved with indicators Associate services and configurations with hosts Filter for contacts Identify vulnerable configurations in contacts 7
8 Practical Tips Watch for topology mismatches Watch for NAT issues Try the simple approach first Generalize from working approaches Do not try to solve the insolvable 8
9 Conclusion Challenges Methods exist Don t try to be too generic: you can extrapolate from what works Need to take into account human and automated advantages 9
10 Contact Information Timothy Shimeall Senior Member of the Technical Staff Telephone:
Exploring the Interactions Between Network Data Analysis and Security Information/Event Management
Exploring the Interactions Between Network Data Analysis and Security Information/Event Management Timothy J. Shimeall CERT Network Situational Awareness (NetSA) Group January 2011 2011 Carnegie Mellon
More informationMoving Target Reference Implementation
CYBER SECURITY DIVISION 2014 R&D SHOWCASE AND TECHNICAL WORKSHOP Moving Target Reference Implementation Software Engineering Institute, Carnegie Mellon University Andrew O. Mellinger December 17, 2014
More information2012 CyberSecurity Watch Survey
2012 CyberSecurity Watch Survey Unknown How 24 % Bad is the Insider Threat? 51% 2007-2013 Carnegie Mellon University 2012 Carnegie Mellon University NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY
More informationContracting Officer s Representative (COR) Interactive SharePoint Wiki
Contracting Officer s Representative (COR) Interactive SharePoint Wiki James Smith Andy Boyd Software Solutions Conference 2015 November 16 18, 2015 Copyright 2015 Carnegie Mellon University This material
More informationEvaluating the Quality of Software Engineering Performance Data
Evaluating the Quality of Software Engineering Performance Data James Over Software Engineering Institute Carnegie Mellon University July 2014 Copyright 2014 Carnegie Mellon University This material is
More informationHow To Use Elasticsearch
Elasticsearch, Logstash, and Kibana (ELK) Dwight Beaver dsbeaver@cert.org Sean Hutchison shutchison@cert.org January 2015 2014 Carnegie Mellon University This material is based upon work funded and supported
More informationApplying Software Quality Models to Software Security
Applying Software Quality Models to Software Security Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Carol Woody, Ph.D. April 21, 2015 Copyright 2015 Carnegie Mellon University
More informationCyber Intelligence Workforce
Cyber Intelligence Workforce Troy Townsend Melissa Kasan Ludwick September 17, 2013 Agenda Project Background Research Methodology Findings Training and Education Project Findings Workshop Results Objectives
More informationElectricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division
Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division James Stevens is a senior member of the technical staff
More informationSupply-Chain Risk Management Framework
Supply-Chain Risk Management Framework Carol Woody March 2010 Scope of SEI Work Context Significantly reduce the risk (any where in the supply chain) that an unauthorized party can change the behavior
More informationVoIP in Flow A Beginning
VoIP in Flow A Beginning Nathan Dell CERT/NetSA 2013 Carnegie Mellon University Legal Copyright 2013 Carnegie Mellon University This material is based upon work funded and supported by the Department of
More informationNetwork Monitoring for Cyber Security
Network Monitoring for Cyber Security Paul Krystosek, PhD CERT Network Situational Awareness 2006 Carnegie Mellon University What s Coming Up The scope of network monitoring Cast of characters Descriptions
More informationNetwork Analysis with isilk
Network Analysis with isilk Presented at FloCon 2011 Ron Bandes CERT Network Situational Awareness (NetSA) Group 2011 Carnegie Mellon University 2011 Carnegie Mellon University NO WARRANTY THIS MATERIAL
More informationemontage: An Architecture for Rapid Integration of Situational Awareness Data at the Edge
emontage: An Architecture for Rapid Integration of Situational Awareness Data at the Edge Soumya Simanta Gene Cahill Ed Morris Motivation Situational Awareness First responders and others operating in
More informationPenetration Testing Tools
Penetration Testing Tools Ken van Wyk January 2007 ABSTRACT: This article provides a primer on the most commonly used tools for traditional penetration testing. (A related article provides an overview
More informationExtending AADL for Security Design Assurance of the Internet of Things
Extending AADL for Security Design Assurance of the Internet of Things Presented by Rick Kazman, PhD Team: Carol Woody (PI), Rick Kazman, Robert Ellison, John Hudak, Allen Householder Software Engineering
More informationAbuse of CPE Devices and Recommended Fixes
Abuse of CPE Devices and Recommended Fixes Dr. Paul Vixie (Farsight Security, Inc.) Chris Hallenbeck (US-CERT, DHS) Jonathan Spring (CERT/CC, Carnegie Mellon) August 7, 2014 Black Hat USA 2014 2014 Carnegie
More informationMonitoring Trends in Network Flow for Situational Awareness
Monitoring Trends in Network Flow for Situational Awareness SEI CERT NetSA 2011 Carnegie Mellon University NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE
More informationUsing Domain Name Registrant Information To Identify Malicious Domains
Using Domain Name Registrant Information To Identify Malicious Domains Mark Langston Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Do Bad Actors Use Fake Addresses? Copyright
More informationBuilding Resilient Systems: The Secure Software Development Lifecycle
Building Resilient Systems: The Secure Software Development Lifecycle Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213, PhD Technical Director, CERT mssherman@sei.cmu.edu
More informationA Systematic Method for Big Data Technology Selection
A Systematic Method for Big Data Technology Selection John Klein Software Solutions Conference 2015 November 16 18, 2015 Copyright 2015 Carnegie Mellon University This material is based upon work funded
More informationOverview. CMU/SEI Cyber Innovation Center. Dynamic On-Demand High-Performance Computing System. KVM and Hypervisor Security.
KVM and Hypervisor Security David Shepard and Matt Gaston CMU/SEI Cyber Innovation Center February 2012 2012 by Carnegie Mellon University. Published SEI PROPRIETARY INFORMATION. Distribution: Director
More information$100 SiLK Network Flow Sensor
$100 SiLK Network Flow Sensor Ron Bandes John Badertscher Dwight Beaver 1 Copyright 2014 Carnegie Mellon University This material is based upon work funded and supported by the Department of Defense under
More informationKurt Wallnau Senior Member of Technical Staff
Engineering Realistic Synthetic Insider Threat (Cyber-Social) Test Data Kurt Wallnau Senior Member of Technical Staff Dr. Kurt Wallnau joined the SEI in 1993. He joined CERT Science of Cyber-Security (SoCS)
More informationAutomated Provisioning of Cloud and Cloudlet Applications
Automated Provisioning of Cloud and Cloudlet Applications Secure and Assured Mobile Computing Components Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Jeff Boleng, PhD
More informationAgile Development and Software Architecture: Understanding Scale and Risk
Agile Development and Software Architecture: Understanding Scale and Risk Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Robert L. Nord SSTC, April 2012 In collaboration
More informationModel Checking Distributed Software
Model Checking Distributed Software Sagar Chaki September 19, 2014 Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Model Checking and Me 1997 : Ed visits IIT Kharagpur Just
More informationResolving Chaos Arising from Agile Software Development
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 523 Author Date High Level Alternatives Approach. Blame the Agile development process, fire the folks who are controlling it and
More informationDepartment of Homeland Security Cyber Resilience Review (Case Study) Matthew Butkovic Technical Manager - Cybersecurity Assurance, CERT Division
Department of Homeland Security Cyber Resilience Review (Case Study) Matthew Butkovic Technical Manager - Cybersecurity Assurance, CERT Division Matthew Butkovic is a Technical Manager Cybersecurity Assurance
More informationExperiences in Migrations of Legacy Systems
Experiences in Migrations of Legacy Systems Bill Wood, Mike Gagliardi, and Phil Bianco Software Solutions Conference 2015 November 16 18, 2015 Copyright 2015 Carnegie Mellon University This material is
More informationAssurance in Service-Oriented Environments
Assurance in Service-Oriented Environments Soumya Simanta Research, Technology, and System Solutions (RTSS) Program Software Engineering Institute Carnegie Mellon University Pittsburgh 15232 28 th October,
More informationSoftware Architecture for Big Data Systems. Ian Gorton Senior Member of the Technical Staff - Architecture Practices
Software Architecture for Big Data Systems Ian Gorton Senior Member of the Technical Staff - Architecture Practices Ian Gorton is investigating issues related to software architecture at scale. This includes
More informationThe Key to Successful Monitoring for Detection of Insider Attacks
The Key to Successful Monitoring for Detection of Insider Attacks Dawn M. Cappelli Randall F. Trzeciak Robert Floodeen Software Engineering Institute CERT Program Session ID: GRC-302 Session Classification:
More informationCopyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience
Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience Management Model (CERT-RMM), both developed at Carnegie
More informationCERT Virtual Flow Collection and Analysis
CERT Virtual Flow Collection and Analysis For Training and Simulation George Warnagiris 2011 Carnegie Mellon University Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden
More informationAssurance Cases for Design Analysis of Complex System of Systems Software
Assurance Cases for Design Analysis of Complex System of Systems Software Presented at AIAA Infotech@Aerospace Conference Software Assurance Session 8 April 2009 Stephen Blanchette, Jr. Problem: SoS are
More informationSoftware Assurance Competency Model
Software Assurance Competency Model Thomas Hilburn, Embry-Riddle Aeronautical University Mark Ardis, Stevens Institute of Technology Glenn Johnson, (ISC) 2 Andrew Kornecki, Embry-Riddle Aeronautical University
More informationBuyer Beware: How To Be a Better Consumer of Security Maturity Models
Buyer Beware: How To Be a Better Consumer of Security Maturity Models SESSION ID: GRC-R01 Julia Allen Software Engineering Institute Carnegie Mellon University jha@sei.cmu.edu Nader Mehravari Software
More informationCRR Supplemental Resource Guide. Volume 5. Incident Management. Version 1.1
CRR Supplemental Resource Guide Volume 5 Incident Management Version 1.1 Copyright 2016 Carnegie Mellon University This material is based upon work funded and supported by Department of Homeland Security
More informationSoftware Security Engineering: A Guide for Project Managers
Software Security Engineering: A Guide for Project Managers Gary McGraw Julia H. Allen Nancy Mead Robert J. Ellison Sean Barnum May 2013 ABSTRACT: Software is ubiquitous. Many of the products, services,
More informationData Management Maturity (DMM) Model Update
Data Management Maturity (DMM) Model Update Rawdon Young November 2012 Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Contents / Agenda The DMM SEI Observations on Core
More informationArchitectural Implications of Cloud Computing
Architectural Implications of Cloud Computing Grace Lewis Research, Technology and Systems Solutions (RTSS) Program Lewis is a senior member of the technical staff at the SEI in the Research, Technology,
More informationReference Architecture: Enterprise Security For The Cloud
Reference Architecture: Enterprise Security For The Cloud A Rackspace Whitepaper Reference Architecture: Enterprise Security for the Cloud Cover Table of Contents 1. Introduction 2 2. Network and application
More informationDeriving Software Security Measures from Information Security Standards of Practice
Deriving Software Measures from Standards of Practice Julia Allen Christopher Alberts Robert Stoddard February 2012 2012 Carnegie Mellon University Copyright 2012 Carnegie Mellon University. This material
More informationOperationally Critical Threat, Asset, and Vulnerability Evaluation SM (OCTAVE SM ) Framework, Version 1.0
Operationally Critical Threat, Asset, and Vulnerability Evaluation SM (OCTAVE SM ) Framework, Version 1.0 Christopher J. Alberts Sandra G. Behrens Richard D. Pethia William R. Wilson June 1999 TECHNICAL
More informationHow To Ensure Security In A System
Software Assurance vs. Security Compliance: Why is Compliance Not Enough? Carol Woody, Ph.D. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 2012 Carnegie Mellon University
More informationSOA for Healthcare: Promises and Pitfalls
SOA for Healthcare: Promises and Pitfalls Dennis B. Smith dbs@sei.cmu.edu SOA in Health Care Conference: Value in a Time of Change Chicago, IL USA June 3, 2009 Agenda Healthcare IT Challenges SOA: The
More informationIncident Management Capability Metrics Version 0.1
Incident Management Capability Metrics Version 0.1 Audrey Dorofee Georgia Killcrece Robin Ruefle Mark Zajicek April 2007 TECHNICAL REPORT CMU/SEI-2007-TR-008 ESC-TR-2007-008 CERT Program Unlimited distribution
More informationCMMI for SCAMPI SM Class A Appraisal Results 2011 End-Year Update
CMMI for SCAMPI SM Class A 2011 End-Year Update Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 1 Outline Introduction Current Status Community Trends Organizational Trends
More informationVeritas Operations Manager Package Anomaly Add-on User's Guide 4.1
Veritas Operations Manager Package Anomaly Add-on User's Guide 4.1 November 2011 Veritas Operations Manager Package Anomaly Add-on User's Guide The software described in this book is furnished under a
More informationRisk Management Framework
Risk Management Framework Christopher J. Alberts Audrey J. Dorofee August 2010 TECHNICAL REPORT CMU/SEI-2010-TR-017 ESC-TR-2010-017 Acquisition Support Program Unlimited distribution subject to the copyright.
More informationSymantec Critical System Protection Configuration Monitoring Edition Release Notes
Symantec Critical System Protection Configuration Monitoring Edition Release Notes Symantec Critical System Protection Configuration Monitoring Edition Release Notes The software described in this book
More informationConfiguring and Monitoring SharePoint Servers
Configuring and Monitoring SharePoint Servers eg Enterprise v5.6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this
More informationThe CERT Approach to Cybersecurity Workforce Development
The CERT Approach to Cybersecurity Workforce Development Josh Hammerstein Christopher May December 2010 TECHNICAL REPORT CMU/SEI-2010-TR-045 ESC-TR-2010-110 Enterprise and Workforce Development Unlimited
More informationBuilding Security Into Closed Network Design
Building Security Into Closed Network Design George Warnagiris 2011 Carnegie Mellon University NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE IS FURNISHED
More informationReporting and Incident Management for Firewalls
Reporting and Incident Management for Firewalls The keys to unlocking your firewall s secrets Contents White Paper November 8, 2001 The Role Of The Firewall In Network Security... 2 Firewall Activity Reporting
More informationManaging for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud
Deploying and Managing Private Clouds The Essentials Series Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud sponsored by Managing for the Long Term: Keys to
More informationGetting Started with Service- Oriented Architecture (SOA) Terminology
Getting Started with - Oriented Architecture (SOA) Terminology Grace Lewis September 2010 -Oriented Architecture (SOA) is a way of designing, developing, deploying, and managing systems it is neither a
More informationPenetration Testing Walkthrough
Penetration Testing Walkthrough Table of Contents Penetration Testing Walkthrough... 3 Practical Walkthrough of Phases 2-5... 4 Chose Tool BackTrack (Armitage)... 5 Choose Target... 6 Phase 2 - Basic Scan...
More informationHow To Control Vcloud Air From A Microsoft Vcloud 1.1.1 (Vcloud)
SOC 1 Control Objectives/Activities Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort, we have undergone a variety of industry standard audits,
More informationApache: Analyze Logs for Malicious Activities & Monitor Server Performance
Apache: Analyze Logs for Malicious Activities & Monitor Server Performance EventTracker v7.6 Publication Date: Feb 12, 2015 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com About
More informationStreamlining Web and Email Security
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor
More informationIntegrating Barracuda Web Application Firewall
Integrating Barracuda Web Application Firewall EventTracker v7.x Publication Date: July 28, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide provides
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationBuilding a Body of Knowledge for ICT Supply Chain Risk Management
Building a Body of Knowledge for ICT Supply Chain Risk Management Dan Shoemaker Nancy Mead May 2013 ABSTRACT: This paper proposes a set of Supply Chain Risk Management (SCRM) activities and practices for
More informationSecuring Endpoints without a Security Expert
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series
More informationConfiguring and Monitoring SNMP Generic Servers. eg Enterprise v5.6
Configuring and Monitoring SNMP Generic Servers eg Enterprise v5.6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this
More informationHelm 4 Windows Event Viewer
WebHost Automation Ltd http://www.webhostautomation.com/ January 2007 Doc: HELM 4.0.0.0 Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under
More informationeeye Digital Security and ECSC Ltd Whitepaper
Attaining BS7799 Compliance with Retina Vulnerability Assessment Technology Information Security Risk Assessments For more information about eeye s Enterprise Vulnerability Assessment and Remediation Management
More informationIntegrating Juniper Netscreen (ScreenOS)
Integrating Juniper Netscreen (ScreenOS) EventTracker Enterprise Publication Date: Jan. 5, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide helps you
More informationA Study of Systems Engineering Effectiveness. Building a Business Case for Systems Engineering
Building a Business Case for Systems Engineering NO WARRANTY THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES
More informationCRR Supplemental Resource Guide. Volume 3. Configuration and Change Management. Version 1.1
CRR Supplemental Resource Guide Volume 3 Configuration and Change Management Version 1.1 Copyright 2016 Carnegie Mellon University This material is based upon work funded and supported by Department of
More informationCERT Resilience Management Model (CERT -RMM) V1.1: NIST Special Publication 800-66 Crosswalk
CERT Resilience Management Model (CERT -RMM) V1.1: NIST Special Publication 800-66 Crosswalk Lisa R. Young, Software Engineering Institute Ma-Nyahn Kromah, SunGard Availability Services October 2013 TECHNICAL
More informationMicrosoft SharePoint
Microsoft SharePoint VERSION: 1.1 UPDATED: JULY 2014 Copyright 2002-2014 KEMP Technologies, Inc. All Rights Reserved. Page 1 / 13 Copyright Notices Copyright 2002-2014 KEMP Technologies, Inc.. All rights
More informationInsider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage. CERT Insider Threat Center
Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage CERT Insider Threat Center April 2011 NOTICE: THIS TECHNICAL DATA IS PROVIDED PURSUANT TO GOVERNMENT CONTRACT
More informationHow to Choose the Right Industrial Firewall: The Top 7 Considerations. Li Peng Product Manager
How to Choose the Right Industrial Firewall: The Top 7 Considerations Li Peng Product Manager The right industrial firewall can strengthen the safety and reliability of control systems Central to industrial
More informationSymantec ESM Agent For IBM iseries AS/400
Symantec ESM Agent For IBM iseries AS/400 Version 6.5 Release Notes Legal Notice Copyright 2009 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, LiveUpdate, Symantec Enterprise Security
More informationInsider Threat Control: Using Centralized Logging to Detect Data Exfiltration Near Insider Termination
Insider Threat Control: Using Centralized Logging to Detect Data Exfiltration Near Insider Termination Michael Hanley Joji Montelibano October 2011 TECHNICAL NOTE CMU/SEI-2011-TN-024 CERT Program http://www.sei.cmu.edu
More informationPatch and Vulnerability Management Program
Patch and Vulnerability Management Program What is it? A security practice designed to proactively prevent the exploitation of IT vulnerabilities within an organization To reduce the time and money spent
More informationUFO: Verification with Interpolants and Abstract Interpretation
: Verification with Interpolants and Abstract Interpretation and Sagar Chaki Software Engineering Institute Carnegie Mellon University Aws Albarghouthi, Yi i and Marsha Chechik University of Toronto A
More informationA Layperson s Guide To DoS Attacks
A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4
More informationExplorations of Science in Cyber Security
Explorations of cience in Cyber ecurity Dr. Greg hannon@cert.org Chief cientist October, 2012 +1 (412) 268-8545 www.sei.cmu.edu/about/people/shannon.cfm 2011 Carnegie Mellon University My cience of Cyber
More informationThe CERT Top 10 List for Winning the Battle Against Insider Threats
The CERT Top 10 List for Winning the Battle Against Insider Threats Dawn Cappelli CERT Insider Threat Center Software Engineering Institute Carnegie Mellon University Session ID: STAR-203 Session Classification:
More informationMicrosoft Windows Server System White Paper
Introduction to Network Access Protection Microsoft Corporation Published: June 2004, Updated: May 2006 Abstract Network Access Protection, a platform for Microsoft Windows Server "Longhorn" (now in beta
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to
More informationCategory: Standards Track Cisco Systems, Inc. March 1999
Network Working Group Request for Comments: 2526 Category: Standards Track D. Johnson Carnegie Mellon University S. Deering Cisco Systems, Inc. March 1999 Status of this Memo Reserved IPv6 Subnet Anycast
More informationEmail Encryption. Administrator Guide
Email Encryption Administrator Guide Email Encryption Administrator Guide Documentation version: 1.0 Legal Notice Copyright 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo,
More informationBest Practices in Deploying Anti-Malware for Best Performance
The Essentials Series: Increasing Performance in Enterprise Anti-Malware Software Best Practices in Deploying Anti-Malware for Best Performance sponsored by by Eric Schmidt Be st Practices in Deploying
More informationConfiguration Example
Configuration Example Use WatchGuard Application Control with Your Existing Firewall Example configuration files created with WSM v11.10.1 Revised 7/21/2015 Use Case An organization wants to block the
More informationIntegrate Astaro Security Gateway
Integrate Astaro Security Gateway EventTracker v7.x Publication Date: July 24, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide provides instructions
More informationGEO Sticky DNS. GEO Sticky DNS. Feature Description
GEO Sticky DNS Feature Description VERSION: 5.0 UPDATED: JANUARY 2016 Copyright Notices Copyright 2002-2016 KEMP Technologies, Inc.. All rights reserved.. KEMP Technologies and the KEMP Technologies logo
More informationLog Insight Manager. Deployment Guide
Log Insight Manager Deployment Guide VERSION: 3.0 UPDATED: OCTOBER 2015 Copyright Notices Copyright 2002-2015 KEMP Technologies, Inc.. All rights reserved.. KEMP Technologies and the KEMP Technologies
More informationAutomate PCI Compliance Monitoring, Investigation & Reporting
Automate PCI Compliance Monitoring, Investigation & Reporting Reducing Business Risk Standards and compliance are all about implementing procedures and technologies that reduce business risk and efficiently
More informationIBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security
IBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security INTC-8608-01 CE 12-2010 Page 1 of 8 Table of Contents 1. Scope of Services...3 2. Definitions...3
More informationSymantec Protection Center Enterprise 3.0. Release Notes
Symantec Protection Center Enterprise 3.0 Release Notes Symantec Protection Center Enterprise 3.0 Release Notes The software described in this book is furnished under a license agreement and may be used
More informationUseful Tips for Reducing the Risk of Unauthorized Access for Network Cameras Important
Useful Tips for Reducing the Risk of Unauthorized Access for Network Cameras Important System administrators are advised to read. Overview and Use of this Guide Objectives This guide provides additional
More informationCommon Testing Problems: Pitfalls to Prevent and Mitigate
: Pitfalls to Prevent and Mitigate AIAA Case Conference 12 September 2012 Donald Firesmith Software Engineering Institute (SEI) Carnegie Mellon University Pittsburgh, PA 15213 Clarification and Caveat
More informationOpen Source Used In Cisco Instant Connect for ios Devices 4.9(1)
Open Source Used In Cisco Instant Connect for ios Devices 4.9(1) Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the
More informationInformation Asset Profiling
Information Asset Profiling Author James F. Stevens Principal Contributors Richard A. Caralli Bradford J. Willke June 2005 Networked Systems Survivability Program Unlimited distribution subject to the
More information8.3. Competitive Comparison vs. Microsoft ADMT 3.1
8.3 Competitive Comparison vs. Microsoft ADMT 3.1 Copyright Quest Software, Inc. 2009. All rights reserved. This guide contains proprietary information, which is protected by copyright. The software described
More information