Evaluation of Intrusion Detection Systems in Clouds
|
|
- Raymond Harrell
- 7 years ago
- Views:
Transcription
1 Problem statement Evaluation of Intrusion Detection Systems in Clouds Thibaut Probst, E. Alata, M. Kaâniche, V. Nicomette LAAS-CNRS - Dependable Computing and Fault Tolerance (TSF) team Journée SEC 2 - June 30th, 2015 Evaluation of Intrusion Detection Systems in Clouds 1 / 22
2 Problem statement 1 Problem statement 2 Cloning Analysis of accessibilities IDS/IPS evaluation 3 4 Evaluation of Intrusion Detection Systems in Clouds 2 / 22
3 Outline Problem statement 1 Problem statement Evaluation of Intrusion Detection Systems in Clouds 3 / 22
4 Problem statement Context and problem statement Cloud computing Deploy and manage applications, development and execution platforms, virtual infrastructures hosted by a provider. On-demand self-service, broad network access, resource pooling, rapid elasticity, measured service. Security concerns Many actors and technologies many possible threats. Security mechanisms deployed in virtual infrastructures : firewalls (network filtering), IDS/IPS (attack detection). How to assess their efficiency? Evaluation of Intrusion Detection Systems in Clouds 4 / 22
5 Problem statement Overview of the Approach Objective Allow the automated evaluation and analysis of security mechanisms deployed in virtual infrastructures : Provide the client and provider security reports on network accessibilities and IDS/IPS performance. Main assumptions Service model : Infrastructure as a Service (IaaS). Considered firewall types : Edge firewall and Hypervisor-based firewall The audit process should not disturb client s business. Evaluation of Intrusion Detection Systems in Clouds 5 / 22
6 Problem statement Overview of the Approach Three-phase approach 1 Retrieval of information and cloning of infrastructure. 2 Determination of accessibilities in two ways and analysis of discrepancies in the results. 3 Construction and execution of attack campaigns. Evaluation of Intrusion Detection Systems in Clouds 6 / 22
7 Outline Problem statement Cloning Analysis of accessibilities IDS/IPS evaluation 1 Problem statement 2 Cloning Analysis of accessibilities IDS/IPS evaluation 3 4 Evaluation of Intrusion Detection Systems in Clouds 7 / 22
8 Problem statement Preparation of the infrastructure Cloning Analysis of accessibilities IDS/IPS evaluation Objective From the client ID/name, clone the virtual infrastructure (virtual datacenters, edge firewalls and virtual networks) Create the different VMs from a template Avoid IP conflicts due to cloning in external networks. Evaluation of Intrusion Detection Systems in Clouds 8 / 22
9 Problem statement Analysis of network access controls Cloning Analysis of accessibilities IDS/IPS evaluation Accessibility : Authorized service from a source to a destination. First support of attack vectors. Accessibility matrix : Set of VMs VMs and external location VMs accessibilities. User-defined in a security policy and implemented on equipments (firewalls) as filtering rules. 2 methods to derive it : Statically configured accessibilities. Dynamically observed accessibilities. Discrepancy : accessibility not noticed in all 3 matrices. Evaluation of Intrusion Detection Systems in Clouds 9 / 22
10 Static analysis Problem statement Cloning Analysis of accessibilities IDS/IPS evaluation Accessibility predicate : accessibility(x, SPORT, Y, PROTO, DPORT) Static analysis : determination of all accessibility predicates from cloud components configuration : configured accessibilities. Evaluation of Intrusion Detection Systems in Clouds 10 / 22
11 Dynamic analysis Problem statement Cloning Analysis of accessibilities IDS/IPS evaluation Dynamic analysis : network packet exchanges between VMs (client server) to determine accessibilities : observed accessibilities Design of an algorithm to perform all client-server sessions in a the smallest possible number of iterations run sessions in parallel when possible. Evaluation of Intrusion Detection Systems in Clouds 11 / 22
12 Evaluation trafic Problem statement Cloning Analysis of accessibilities IDS/IPS evaluation Automata based modelisation To generate and replay legitimate and malicious packets exchanges To avoid installing, running and stopping applications during the attack campaigns To be free of Windows licences Evaluation of Intrusion Detection Systems in Clouds 12 / 22
13 Evaluation trafic Problem statement Cloning Analysis of accessibilities IDS/IPS evaluation Automata generation Process before attack campaigns. Use of Metasploit (malicious trafic) and various tools (legitimate trafic) to interact with vulnerable applications Evaluation of Intrusion Detection Systems in Clouds 13 / 22
14 Attack campaigns Problem statement Cloning Analysis of accessibilities IDS/IPS evaluation Principle Execution of attacks and legitimate activity sessions for each accessibility discovered during the previous phase. Try to parallelize as much as possible the sessions Use of attacks dictionnary Alarms from the different NIDS are collected, backed-up and analysed to calculate usual IDS metrics Evaluation of Intrusion Detection Systems in Clouds 14 / 22
15 Attack campaigns Problem statement Cloning Analysis of accessibilities IDS/IPS evaluation NIDS metrics True Positive if : Duration between alarm and attack < Threshold. IP adresses, protocols and ports included in the alarm correspond to those of the attack. The alarm is serious. The CVEs of the alarm correspond to the CVE of the attack. False Positive if a raised alarm does not correspond to an attack False Negative if no alarm raised for an attack DR = PR = TP TP+FN. TP TP+FP. Evaluation of Intrusion Detection Systems in Clouds 15 / 22
16 Outline Problem statement 1 Problem statement Evaluation of Intrusion Detection Systems in Clouds 16 / 22
17 Problem statement Testbed environment Evaluation of Intrusion Detection Systems in Clouds 17 / 22
18 Problem statement Dynamic analysis of accessibilities : example Evaluation of Intrusion Detection Systems in Clouds 18 / 22
19 Problem statement NIDS Evaluation : attacks dictionnary exploit id cve proto port date description N sl N sm TCP ProjectSend Arbitrary File Upload TCP Rejetto HttpFileServer Remote Command Execution N/A TCP Easy File Management Web Server Stack Buffer 7 8 Overflow TCP Nginx HTTP Server Chuncked Encoding 3 8 Stack Buffer Overflow TCP Kolibri HTTP Server HEAD Buffer Overflow TCP BadBlue 2.72b PassThru Buffer Overflow N/A TCP freeftpd PASS Command Buffer Overflow N/A TCP Sami FTP Server LIST Command Buffer Overflow TCP GoldenFTP 4.70 PASS Stack Buffer Overflow TCP Easy File Sharing FTP Server 2.0 PASS Overflow TCP Cesar FTP 0.99g MKD Command Buffer Overflow TCP Mercury Mail SMTP AUTH CRAM-MD5 Buffer 9 8 Overflow TCP TABS MailCarrier SMTP EHLO Overflow TCP Mercur IMAP SP3 SELECT Buffer Overflow TCP Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow 2 2 Evaluation of Intrusion Detection Systems in Clouds 19 / 22
20 Problem statement NIDS evaluation : example with Snort and Suricata Detection rate and precision Snort detects more attacks than Suricata. Suricata is more accurate than Snort. Considering only serious alarms decreases the detection rate but improves the precision. Evaluation of Intrusion Detection Systems in Clouds 20 / 22
21 Outline Problem statement 1 Problem statement Evaluation of Intrusion Detection Systems in Clouds 21 / 22
22 Problem statement Proposed approach Analysis of network access controls and evaluation of IDS/IPS. Fully automated process with no impact on the client s business. Contributions Cloning of virtual infrastructures Static analysis of network access controls. Dynamic analysis of network access controls. Construction and execution of attack campaigns through automata based methods. Ongoing work and perspectives Autonomous system to automatically launch security audits. Extend the prototypes to other cloud solutions (OpenStack...). Evaluation of Intrusion Detection Systems in Clouds 22 / 22
IDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
More informationMy FreeScan Vulnerabilities Report
Page 1 of 6 My FreeScan Vulnerabilities Report Print Help For 66.40.6.179 on Feb 07, 008 Thank you for trying FreeScan. Below you'll find the complete results of your scan, including whether or not the
More informationDetection of virtual machine monitor corruptions
Detection of virtual machine monitor corruptions Benoît Morgan, Eric Alata, Vincent Nicomette LAAS-CNRS - Dependable Computing and Fault Tolerance (TSF) Team Journée SEC 2 - June 30th, 2015 Detection of
More informationAltus UC Security Overview
Altus UC Security Overview Description Document Version D2.3 TABLE OF CONTENTS Network and Services Security 1. OVERVIEW... 1 2. PHYSICAL SECURITY... 1 2.1 FACILITY... 1 ENVIRONMENTAL SAFEGUARDS... 1 ACCESS...
More informationSCADA Security Example
SCADA Security Example Christian Paulino and Janusz Zalewski Florida Gulf Coast University December 2012 1. Introduction SCADA systems are always connected to a network, so they are vulnerable to attack.
More informationAutomated Approach to Network Access Controls in a Virtual Infrastructure
An Automated Approach for the Analysis of Network Access Controls in Cloud Computing Infrastructures T. Probst 1, E. Alata 1, M. Kaâniche 1, V. Nicomette 1 1 CNRS, LAAS, 7 Avenue du colonel Roche, F-31400
More informationAdvancement in Virtualization Based Intrusion Detection System in Cloud Environment
Advancement in Virtualization Based Intrusion Detection System in Cloud Environment Jaimin K. Khatri IT Systems and Network Security GTU PG School, Ahmedabad, Gujarat, India Mr. Girish Khilari Senior Consultant,
More informationChapter 11 Cloud Application Development
Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How
More informationSymantec Enterprise Firewalls. From the Internet Thomas Jerry Scott
Symantec Enterprise Firewalls From the Internet Thomas Symantec Firewalls Symantec offers a whole line of firewalls The Symantec Enterprise Firewall, which emerged from the older RAPTOR product We are
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More information1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained
home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:
More informationCS2107 Introduction to Information and System Security (Slid. (Slide set 8)
Networks, the Internet Tool support CS2107 Introduction to Information and System Security (Slide set 8) National University of Singapore School of Computing July, 2015 CS2107 Introduction to Information
More informationFighting Advanced Persistent Threats (APT) with Open Source Tools
Fighting Advanced Persistent Threats (APT) with Open Source Tools What is APT? The US Air Force invented the term in 2006 APT refers to advanced techniques used to gain access to an intelligence objective
More informationPayment Card Industry (PCI) Executive Report 08/04/2014
Payment Card Industry (PCI) Executive Report 08/04/2014 ASV Scan Report Attestation of Scan Compliance Scan Customer Information Approved Scanning Vendor Information Company: A.B. Yazamut Company: Qualys
More informationIntroduction of Intrusion Detection Systems
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
More informationInternational Journal of Enterprise Computing and Business Systems ISSN (Online) : 2230-8849
WINDOWS-BASED APPLICATION AWARE NETWORK INTERCEPTOR Ms. Shalvi Dave [1], Mr. Jimit Mahadevia [2], Prof. Bhushan Trivedi [3] [1] Asst.Prof., MCA Department, IITE, Ahmedabad, INDIA [2] Chief Architect, Elitecore
More informationFighting Advanced Persistent Threats (APT) with Open Source Tools
Fighting Advanced Persistent Threats (APT) with Open Source Tools What is APT? The US Air Force invented the term in 2006 APT refers to advanced techniques used to gain access to an intelligence objective
More informationFirewall Introduction Several Types of Firewall. Cisco PIX Firewall
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls
More informationConfiguring Security for FTP Traffic
2 Configuring Security for FTP Traffic Securing FTP traffic Creating a security profile for FTP traffic Configuring a local traffic FTP profile Assigning an FTP security profile to a local traffic FTP
More informationLesson 5: Network perimeter security
Lesson 5: Network perimeter security Alejandro Ramos Fraile aramosf@sia.es Tiger Team Manager (SIA company) Security Consulting (CISSP, CISA) Perimeter Security The architecture and elements that provide
More informationFirewalls (IPTABLES)
Firewalls (IPTABLES) Objectives Understand the technical essentials of firewalls. Realize the limitations and capabilities of firewalls. To be familiar with iptables firewall. Introduction: In the context
More informationConfiguring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA
Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationFirewalls and Intrusion Detection
Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall
More informationDivide and Conquer Real World Distributed Port Scanning
Divide and Conquer Real World Distributed Port Scanning Ofer Maor CTO Hacktics 16 Feb 2006 Hackers & Threats I, 3:25PM (HT1-302) Introduction Divide and Conquer: Real World Distributed Port Scanning reviews
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationFigure 41-1 IP Filter Rules
41. Firewall / IP Filter This function allows user to enable the functionality of IP filter. Both inside and outside packets through router could be decided to allow or drop by supervisor. Figure 41-1
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationIntrusion Detection System
Intrusion Detection System Time Machine Dynamic Application Detection 1 NIDS: two generic problems Attack identified But what happened in the past??? Application identification Only by port number! Yet
More informationInternet Security and Acceleration Server 2000 with Service Pack 1 Audit. An analysis by Foundstone, Inc.
Internet Security and Acceleration Server 2000 with Service Pack 1 Audit An analysis by Foundstone, Inc. Internet Security and Acceleration Server 2000 with Service Pack 1 Audit This paper presents an
More informationSecurity of Information Systems hosted in Clouds: SLA Definition and Enforcement in a Dynamic Environment
Security of Information Systems hosted in Clouds: SLA Definition and Enforcement in a Dynamic Environment Christine Morin Inria Joint work with Louis Rilling (DGA-MI), Anna Giannakou (Inria), Jean-Louis
More informationCSCI 4250/6250 Fall 2015 Computer and Networks Security
CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP
More informationPayment Card Industry (PCI) Executive Report 10/27/2015
Payment Card Industry (PCI) Executive Report 10/27/2015 ASV Scan Report Attestation of Scan Compliance Scan Customer Information Approved Scanning Vendor Information Company: Rural Computer Consultants
More informationStateful Firewalls. Hank and Foo
Stateful Firewalls Hank and Foo 1 Types of firewalls Packet filter (stateless) Proxy firewalls Stateful inspection Deep packet inspection 2 Packet filter (Access Control Lists) Treats each packet in isolation
More informationSecurity Advisory. Some IPS systems can be easily fingerprinted using simple techniques.
Some IPS systems can be easily fingered using simple techniques. The unintentional disclosure of which security devices are deployed within your defences could put your network at significant risk. Security
More informationIntrusion Detection Systems. Darren R. Davis Student Computing Labs
Intrusion Detection Systems Darren R. Davis Student Computing Labs Overview Intrusion Detection What is it? Why do I need it? How do I do it? Intrusion Detection Software Network based Host based Intrusion
More informationSecuring Cloud Infrastructures with Elastic Security
Securing Cloud Infrastructures with Elastic Security White Paper September 2012 SecludIT 1047 route des dolines, 06560 Sophia Antipolis, France T +33 489 866 919 info@secludit.com http://secludit.com Core
More informationHow To Block A Ddos Attack On A Network With A Firewall
A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationLab Objectives & Turn In
Firewall Lab This lab will apply several theories discussed throughout the networking series. The routing, installing/configuring DHCP, and setting up the services is already done. All that is left for
More informationConfiguring Security for SMTP Traffic
4 Configuring Security for SMTP Traffic Securing SMTP traffic Creating a security profile for SMTP traffic Configuring a local traffic SMTP profile Assigning an SMTP security profile to a local traffic
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationREPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB
REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB Conducted: 29 th March 5 th April 2007 Prepared By: Pankaj Kohli (200607011) Chandan Kumar (200607003) Aamil Farooq (200505001) Network Audit Table of
More informationFirewalls P+S Linux Router & Firewall 2013
Firewalls P+S Linux Router & Firewall 2013 Firewall Techniques What is a firewall? A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network
More informationPayment Card Industry (PCI) Executive Report. Pukka Software
Payment Card Industry (PCI) Executive Report For Pukka Software Primary Contact: Brian Ghidinelli none Los Gatos, California United States of America 415.462.5603 Payment Card Industry (PCI) Executive
More informationFirewall Firewall August, 2003
Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also
More informationA Comparison of Four Intrusion Detection Systems for Secure E-Business
A Comparison of Four Intrusion Detection Systems for Secure E-Business C. A. P. Boyce, A. N. Zincir-Heywood Faculty of Computer Science, Dalhousie University, Halifax, NS, Canada {boyce, zincir} @ cs.dal.ca
More informationPassive Logging. Intrusion Detection System (IDS): Software that automates this process
Passive Logging Intrusion Detection: Monitor events, analyze for signs of incidents Look for violations or imminent violations of security policies accepted use policies standard security practices Intrusion
More informationSoftware Vulnerability Assessment
Software Vulnerability Assessment Setup Guide Contents: About Software Vulnerability Assessment Setting Up and Running a Vulnerability Scan Manage Ongoing Vulnerability Scans Perform Regularly Scheduled
More informationHow To Protect Your Network From Attack From Outside From Inside And Outside
IT 4823 Information Security Administration Firewalls and Intrusion Prevention October 7 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationPre Sales Communications
Pre Sales Communications OmniVista 4760 from R4.1 & OmniPCX Enterprise R7.1 IP Protocols and Ports All rights reserved 2006, Alcatel Table of contents 1. Objectives...3 2. IP protocols...3 2.1. Global
More informationPort Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology
Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance
More informationChapter 15. Firewalls, IDS and IPS
Chapter 15 Firewalls, IDS and IPS Basic Firewall Operation The firewall is a border firewall. It sits at the boundary between the corporate site and the external Internet. A firewall examines each packet
More informationFirewalls, NAT and Intrusion Detection and Prevention Systems (IDS)
Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS) Internet (In)Security Exposed Prof. Dr. Bernhard Plattner With some contributions by Stephan Neuhaus Thanks to Thomas Dübendorfer, Stefan
More informationSecurity workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013
Security workshop Belnet Aris Adamantiadis Brussels 18 th April 2013 Agenda What is a botnet? Symptoms How does it work? Life cycle How to fight against botnets? Proactive and reactive NIDS 2 What is a
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationChapter 4: Security of the architecture, and lower layer security (network security) 1
Chapter 4: Security of the architecture, and lower layer security (network security) 1 Outline Security of the architecture Access control Lower layer security Data link layer VPN access Wireless access
More informationIntrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12
Intrusion Detection Systems and Supporting Tools Ian Welch NWEN 405 Week 12 IDS CONCEPTS Firewalls. Intrusion detection systems. Anderson publishes paper outlining security problems 1972 DNS created 1984
More informationIntroduction to Computer Security Benoit Donnet Academic Year 2015-2016
Introduction to Computer Security Benoit Donnet Academic Year 2015-2016 1 Agenda Networking Chapter 1: Firewalls Chapter 2: Proxy Chapter 3: Intrusion Detection System Chapter 4: Network Attacks Chapter
More informationDevelopment of a Network Intrusion Detection System
Development of a Network Intrusion Detection System (I): Agent-based Design (FLC1) (ii): Detection Algorithm (FLC2) Supervisor: Dr. Korris Chung Please visit my personal homepage www.comp.polyu.edu.hk/~cskchung/fyp04-05/
More informationDevising a Server Protection Strategy with Trend Micro
Devising a Server Protection Strategy with Trend Micro A Trend Micro White Paper» Trend Micro s portfolio of solutions meets and exceeds Gartner s recommendations on how to devise a server protection strategy.
More information1 Scope of Assessment
CIT 380 Project Network Security Assessment Due: April 30, 2014 This project is a security assessment of a small group of systems. In this assessment, students will apply security tools and resources learned
More informationHow To Protect Your Network From Attack From A Hacker On A University Server
Network Security: A New Perspective NIKSUN Inc. Security: State of the Industry Case Study: Hacker University Questions Dave Supinski VP of Regional Sales Supinski@niksun.com Cell Phone 215-292-4473 www.niksun.com
More informationActive Defense and Prevention
Active Defense and Prevention Coleman Kane Coleman.Kane@ge.com October 15, 2014 Cyber Defense Overview Active Defense 1 / 11 Active Defense and Prevention are the strategies employed to prevent, obstruct,
More informationDirectory and File Transfer Services. Chapter 7
Directory and File Transfer Services Chapter 7 Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP over traditional authentication systems Identify major
More informationPTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access
The Best First for Beginners who want to become Penetration Testers PTSv2 in pills: Self-paced, online, flexible access 900+ interactive slides and 3 hours of video material Interactive and guided learning
More informationΕΠΛ 674: Εργαστήριο 5 Firewalls
ΕΠΛ 674: Εργαστήριο 5 Firewalls Παύλος Αντωνίου Εαρινό Εξάμηνο 2011 Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
More informationFIREWALL POLICY November 2006 TNS POL - 008
FIREWALL POLICY November 2006 TNS POL - 008 Introduction Network Security Services (NSS), a department of Technology and Network Services, operates a firewall to enhance security between the Internet and
More informationAn Open Source IPS. IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan
An Open Source IPS IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan Introduction IPS or Intrusion Prevention System Uses a NIDS or Network Intrusion Detection System Includes
More informationFig. 4.2.1: Packet Filtering
4.2 Types of Firewalls /DKo98/ FIREWALL CHARACTERISTICS 1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the
More informationChapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding
Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN
More informationFrom Network Security To Content Filtering
Computer Fraud & Security, May 2007 page 1/10 From Network Security To Content Filtering Network security has evolved dramatically in the last few years not only for what concerns the tools at our disposals
More informationA Case Study on Constructing a Security Event Management (SEM) System
A Case Study on Constructing a Security Event Management (SEM) System Vijay K. Gurbani Joint work with D.L. Cook, L.E. Menten, and T.B. Reddington Security Technology Research Bell Laboratories, Alcatel-Lucent
More informationMany network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.
RimApp RoadBLOCK goes beyond simple filtering! Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes. However, traditional
More informationSecurity Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)
Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security
More informationFirewalls, IDS and IPS
Session 9 Firewalls, IDS and IPS Prepared By: Dr. Mohamed Abd-Eldayem Ref.: Corporate Computer and Network Security By: Raymond Panko Basic Firewall Operation 2. Internet Border Firewall 1. Internet (Not
More informationNAS 224 Remote Access Manual Configuration
NAS 224 Remote Access Manual Configuration Connect to your ASUSTOR NAS through the Internet A S U S T O R C O L L E G E COURSE OBJECTIVES Upon completion of this course you should be able to: 1. Configure
More informationCisco IPS Tuning Overview
Cisco IPS Tuning Overview Overview Increasingly sophisticated attacks on business networks can impede business productivity, obstruct access to applications and resources, and significantly disrupt communications.
More informationEXPLORER. TFT Filter CONFIGURATION
EXPLORER TFT Filter Configuration Page 1 of 9 EXPLORER TFT Filter CONFIGURATION Thrane & Thrane Author: HenrikMøller Rev. PA4 Page 1 6/15/2006 EXPLORER TFT Filter Configuration Page 2 of 9 1 Table of Content
More informationFirewall Testing Methodology W H I T E P A P E R
Firewall ing W H I T E P A P E R Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness
More informationLinux MDS Firewall Supplement
Linux MDS Firewall Supplement Table of Contents Introduction... 1 Two Options for Building a Firewall... 2 Overview of the iptables Command-Line Utility... 2 Overview of the set_fwlevel Command... 2 File
More informationIntrusion Detection in AlienVault
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationPayment Card Industry Data Security Standard Payment Card Industry Data Security Standard (PCI / DSS)
Payment Card Industry Data Security Standard (PCI / DSS) InterSect Alliance International Pty Ltd Page 1 of 12 Intersect Alliance International Pty Ltd. All rights reserved worldwide. Intersect Alliance
More informationFirewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationCSE331: Introduction to Networks and Security. Lecture 17 Fall 2006
CSE331: Introduction to Networks and Security Lecture 17 Fall 2006 Announcements Project 2 is due next Weds. Homework 2 has been assigned: It's due on Monday, November 6th. CSE331 Fall 2004 2 Summary:
More informationIntrusion Detection from Simple to Cloud
Intrusion Detection from Simple to Cloud ICTN 6865 601 December 7, 2015 Abstract Intrusion detection was used to detect security vulnerabilities for a long time. The methods used in intrusion detection
More informationIntro to Firewalls. Summary
Topic 3: Lesson 2 Intro to Firewalls Summary Basic questions What is a firewall? What can a firewall do? What is packet filtering? What is proxying? What is stateful packet filtering? Compare network layer
More informationLinux MPS Firewall Supplement
Linux MPS Firewall Supplement First Edition April 2007 Table of Contents Introduction...1 Two Options for Building a Firewall...2 Overview of the iptables Command-Line Utility...2 Overview of the set_fwlevel
More informationCNS-301-3I ~ Citrix NetScaler 11 Advanced Implementation
CNS-301-3I ~ Citrix NetScaler 11 Advanced Implementation11 vanced Implementation Overview Designed for students with previous NetScaler experience, this course is best suited for individuals who will be
More informationLoad Balance Mechanism
Load Balance Application in Dual-WAN Interface Load Balance Mechanism To which WAN port the traffic will be routed is determined according to the Load Balance mechanism. Below diagram shows how Vigor router
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationManaging Latency in IPS Networks
Application Note Revision B McAfee Network Security Platform Managing Latency in IPS Networks Managing Latency in IPS Networks McAfee Network Security Platform provides you with a set of pre-defined recommended
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationBlack Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!
Sample Penetration Testing Report Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$%&'#)*)&'+,-./0.-121.030045.5675895.467:;83-/;0383; th, yyyy A&0#0+4*M:+:#&*#0%+C:,#0+4N:
More informationApplication DDoS Mitigation
Application DDoS Mitigation Revision A 2014, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Volumetric vs. Application Denial of Service Attacks... 3 Volumetric DoS Mitigation...
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationCyber Essentials. Test Specification
Cyber Essentials Test Specification Contents Scope of the Audit...2 Assumptions...3 Success Criteria...3 External systems...4 Required tests...4 Test Details...4 Internal systems...7 Tester pre-requisites...8
More informationSymantec Endpoint Protection Analyzer Report
Symantec Endpoint Protection Analyzer Report For Symantec Customer Table of Contents Statement of Confidentiality... 3 1. Introduction... 4 2. Environmental Analysis Overview... 5 2.1 Findings Overview...
More informationInternet Protocol: IP packet headers. vendredi 18 octobre 13
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
More information