Practical Intrusion Analysis
|
|
- Pierce Parker
- 8 years ago
- Views:
Transcription
1 Practical Intrusion Analysis PREVENTION AND DETECTION FOR THE TWENTY-FIRST CENTURY Ryan Trost TT Ar Addison-Wesley Upper Saddle River, NJ Boston Indianapolis * San Francisco New York Toronto Montreal London Munich Paris Madrid Capetown Sydney Tokyo Singapore * Mexico City
2 Contents Preface Network Overview Key Terms and Concepts Brief History of the Internet Layered Protocols TCP/IP Protocol Suite Internet Protocol Addressing IPv6 Summary IP Addresses Infrastructure Monitoring Network-Analysis Tools Packet Sniffing Accessing Packets on the Network SPANs (Port Mirroring) Network Taps To Tap or to SPAN Defense-in-Depth Summary XV I VII
3 Chapter 3 Intrusion Detection Systems 53 IDS Groundwork 54 From the Wire Up 55 DoS Attacks 55 IP Fragmentation 57 TCP Stream Issues 58 Target-Based Reassembly 59 Two Detection Philosophies: Signature and Anomaly Based 60 Snort: Signature-Based IDS 61 Two Signature Writing Techniques 67 Bro: An Anomaly-Based IDS 74 Similarities Between the Systems 82 Summary 85 Chapter 4 Lifecycle of a Vulnerability 87 A Vulnerability Is Born 87 FlashGet Vulnerability 88 Collecting a Sample Packet Capture 90 Packet Analysis and Signature-Writing 95 Signature Tuning 100 Detection Tuning 100 Performance Tuning 101 Advanced Examples 104 CitectSCADA ODBC Server Buffer Overflow: Metasploit 104 FastStone Image Viewer Bitmap Parsing 109 Libspf2 DNS TXT Record Size Mismatch 114 Summary 117 Chapter 5 Proactive Intrusion Prevention and Response via Attack Graphs I 19 Topological Vulnerability Analysis (TVA) 121 Overview of Approach 121 Illustrative Example 122 Limitations 125 Attack Modeling and Simulation 126 Network Attack Modeling 126 Attack Simulation 130 Optimal Network Protection 134 Vulnerability Mitigation 135 Attack Graph Visualization 137 Security Metrics 139 viii
4 Intrusion Detection and Response 141 Intrusion Detection Guidance 141 Attack Prediction and Response 144 Summary 147 Acknowledgments 147 Endnotes 148 Chapter 6 Network Flows and Anomaly Detection 151 IP Data Flows 152 NetFlow Operational Theory 153 A Matter of Duplex 155 Cisco IOS NetFlow and Flexible NetFlow 156 sflow: More Data, But Less Frequency 159 Internet Protocol Flow Information Export (IPFIX) 161 It's a Virtual World 162 Endless Streams of Data 164 Behavioral Analysis and Anomaly Detection 167 Compare and Contrast 172 IDS and NetFlow 172 Signature Updates 173 IDS System Resources 174 Syslog and NetFlow 178 Technology Matrix 180 Summary 182 Endnotes 183 Chapter 7 Web Application Firewalls 185 Web Threat Overview 186 WhyaWAF? 189 WAF Protection Models 191 Positive Security Model 191 Negative Security Model 192 Virtual Patching Model 193 Output Detection Model/Content Scrubbing 194 WAF Policy Models 195 Learning 195 Vulnerability Assessment Feedback 195 Manual Entry 195 ix
5 ModSecurity 196 ModSecurity Rule Sets 196 VA+WAF 201 VA+WAF Example: WhiteHat Security and F5 Networks 201 WAFs and PCI Compliance 203 WAF Realities 203 IDS/IPS!= WAF 204 False Positives 205 Misconfigured WAFs 205 WAFs Do Not Fix Bad Logic 205 WAFs!= Bad Code Patch 206 Summary 206 References 207 Chapter 8 Wireless IDS/IPS 209 Why a Wireless IDS? 209 Wireless Intrusion Detection/Prevention Realities 212 Types of Wireless IDSs/IPSs 213 Overlay 213 Combined AP/WIDS 214 Combined AP/WIDS/Access Controller 215 Wireless IDS Events 215 Unauthorized Activity 216 Active Recon/Cracking 217 DoS Attacks 221 Intrusion Prevention Techniques 224 Limitations 224 Isolation 225 WEP Cloaking (WEP Chaffing) 228 Location Detection 229 Honeypot 231 Other Wireless Threats 233 Legacy Wireless Technology 233 Bluetooth 233 Sniffers 233 Summary 234 Endnote 234
6 Chapter 9 Physical Intrusion Detection for IT 235 Origins of Physical Security 236 Assumed, Yet Overlooked 236 A Parallel Universe to IT Security 239 Physical Security Background 241 Common Physical Access Control Components 243 This Is Not Your Father's CCTV 255 Old Habits Die Hard 259 Convergence of Physical and Logical Security 260 How Convergence Works 261 HSPD-12: Convergence Trial by Fire 265 A Look at Some Vendor Offerings 266 Intrusion Detection Examples in a Converged Environment 270 Summary 274 Endnotes 274 Chapter 10 Geospatial Intrusion Detection 275 Current Uses of Geocoding 278 Introduction to Geographic Information Systems 279 GIS Basic Functions 282 Framework for Cooperation 282 Map Projection 283 Raster Versus Vector 285 Vector Data Model 287 Spatial Point Pattern Analysis 288 Classes of Spatial Analysis 289 Point Intensity 290 Point Process Statistics 290 Dynamics of a Professional Attack 293 Cornerstone Theory 295 Example of Attack Steps and Methods 296 Geocoding Techniques 299 Geocoding Limitations 315 Accuracy 316 GeoLocation Intelligence Vendors 317 xi
7 Case Study of Geographic Intrusion Detection 320 Case Outline 322 Breakdown of the Steps 322 Summary 344 Endnotes 345 References 346 Chapter 11 Visual Data Communications 347 Introduction to Visualization 348 Developing a Visualization Strategy 355 User Audiences 356 Statistical Graphing Techniques 361 Technological Considerations 365 Scalability 365 Installation and Support 366 Data Management 368 Security Event Visualization 370 Example Graphs 371 Starlight Visual Information System 378 ETRI: VisNet and VisMon 381 Use-Case: Security Audit 385 Summary 387 Terminology 388 Endnotes 390 Reference 390 Chapter 12 Return on Investment: Business Justification 391 Not If, But When 393 Compliance Plays a Role 394 CoBIT Framework 394 ISO 27001/27002 Frameworks 395 ITIL Framework 396 Health Insurance Portability and Accountability Act of 1996 (HIPAA) 397 Payment Card Industry Data Security Standard (PCI-DSS) 398 Federal Information Security Management Act of 2002 (FISMA)/National Institute of Standards and Technology 399 Security Breaches 400 Breach Costs 401 Security Investment Within the Organization 402 xii
8 Data Breaches and the Law ROI as a Unifying Benchmark Cost Breakdown Cost-Benefit Analysis: Building an Economic Model Gain from Investment Cost of Investment Return on Investment Net Present Value Internal Rate of Return ROI Versus NPV Versus IRR Security Investment: Should Security Operations Be Outsourced? Benefits of MSSPs Downfalls of MSSPs The Financial Aspect of an MSSP Cyber Liability Insurance (CLI) CLI Coverage Types Privacy Liability Insurance Network Security Liability Insurance Property Loss Insurance Loss of Revenue Insurance Cyber Extortion Insurance Notification Costs Insurance Regulatory Defense Insurance Media Liability Insurance CLI Underwriting Process Summary Endnotes Appendix Bro Installation Guide Compiling and Building Options Operations Use References Index 441 xlii
RFID Field Guide. Deploying Radio Frequency Identification Systems. Manish Bhuptani Shahram Moradpour. Sun Microsystems Press A Prentice Hall Title
RFID Field Guide Deploying Radio Frequency Identification Systems Manish Bhuptani Shahram Moradpour Sun Microsystems Press A Prentice Hall Title PRENTICE HALL PTR Prentice Hall Professional Technical Reference
More informationThe Data Access Handbook
The Data Access Handbook Achieving Optimal Database Application Performance and Scalability John Goodson and Robert A. Steward PRENTICE HALL Upper Saddle River, NJ Boston Indianapolis San Francisco New
More informationWinning the Hardware-Software Game
Winning the Hardware-Software Game Using Game Theory to Optimize the Pace of New Technology Adoption Ruth D. Fisher PRENTICE Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto Montreal
More informationNetwork Security: A Practical Approach. Jan L. Harrington
Network Security: A Practical Approach Jan L. Harrington ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of
More informationDelivery. Enterprise Software. Bringing Agility and Efficiency. Global Software Supply Chain. AAddison-Wesley. Alan W. Brown.
Enterprise Software Delivery Bringing Agility and Efficiency Global Software Supply Chain to the Alan W. Brown AAddison-Wesley Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto
More informationTheTao of Network Security Monitoring
TheTao of Network Security Monitoring BEYOND INTRUSION DETECTION Richard Bejtiich A Addison-Wesley Boston San Francisco New York Toronto Montreal London Munich Paris Madrid Capetown Sydney Tokyo Singapore
More informationCHAINED EXPLOITS Advanced Hacking Attacks from Start to Finish
CHAINED EXPLOITS Advanced Hacking Attacks from Start to Finish Andrew Whitaker Keatron Evans Jack B.Voth TT r\ Addison-Wesley Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto Montreal
More informationPRINCIPLES AND PRACTICE OF INFORMATION SECURITY
PRINCIPLES AND PRACTICE OF INFORMATION SECURITY Protecting Computers from Hackers and Lawyers Linda Volonino, Ph.D. Canisius College Stephen R. Robinson Verity Partners, LLC with contributions by Charles
More informationSoftware Security. Building Security In. Gary McGraw. A Addison-Wesley
Software Security Building Security In Gary McGraw A Addison-Wesley Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto Montreal London Munich Paris Madrid Capetown Sydney Tokyo Singapore
More informationCONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker
ALL ElNis ONE CEH Certified Ethical Hacker EXAM GUIDE Matt Walker Mc Grain/ New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto McGraw-Hill
More informationOpen Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier
Penetration Tester's Open Source Toolkit Third Edition Jeremy Faircloth Neil Fryer, Technical Editor AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS. SAN DIEGO SAN FRANCISCO. SINGAPORE SYDNEY
More informationSocial Media Marketing
Social Media Marketing Tracy L. Tuten East Carolina University Michael R. Solomon The University of Manchester (U.K.) Saint Josephs University Boston Columbus Indianapolis New York San Francisco Upper
More informationSecuring the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER
Securing the Cloud Cloud Computer Security Techniques and Tactics Vic (J.R.) Winkler Technical Editor Bill Meine ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO
More informationChapter 1 The Principles of Auditing 1
Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls
More informationBuilding. Applications. in the Cloud. Concepts, Patterns, and Projects. AAddison-Wesley. Christopher M. Mo^ar. Cape Town Sydney.
Building Applications in the Cloud Concepts, Patterns, and Projects Christopher M. Mo^ar Upper Saddle River, NJ Boston AAddison-Wesley New York 'Toronto Montreal London Munich Indianapolis San Francisco
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationPCI Wireless Compliance with AirTight WIPS
A White Paper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2013 AirTight Networks, Inc. All rights reserved. Introduction Although [use
More informationComputer Security. Introduction to. Michael T. Goodrich Department of Computer Science University of California, Irvine. Roberto Tamassia PEARSON
Introduction to Computer Security International Edition Michael T. Goodrich Department of Computer Science University of California, Irvine Roberto Tamassia Department of Computer Science Brown University
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationRisk Analysis and the Security Survey
Risk Analysis and the Security Survey Fourth Edition James F. Broder Eugene Tucker ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Butterworth-Heinemann
More informationAgile Methods. Introduction to. AAddison-Wesley. Sondra Ashmore, Ph.D. Kristin Runyan. Capetown Sydney Tokyo Singapore Mexico City
Introduction to Agile Methods Sondra Ashmore, Ph.D. Kristin Runyan AAddison-Wesley Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto Montreal London Munich Paris Mad Capetown Sydney
More informationCourse Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)
Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses
More informationAudio and Video for the Internet
RTP Audio and Video for the Internet Colin Perkins TT rvaddison-wesley Boston San Francisco New York Toronto Montreal London Munich Paris Madrid Capetown Sydney 'lokyo Singapore Mexico City CONTENTS PREFACE
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationBUSINESS AND PROFESSIONAL COMMUNICATION
Fifth Edition BUSINESS AND PROFESSIONAL COMMUNICATION PLANS, PROCESSES, AND PERFORMANCE James R. DiSanza Idaho State University Nancy J. Legge Idaho State University Allyn & Bacon Boston Columbus Indianapolis
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationSharePoint 2010. Overview, Governance, and Planning. (^Rll^^fc^ i ip?"^biifiis:'iissiipi. Scott Jamison. Susan Hanley Mauro Cardarelli.
Ec,V$%fMM SharePoint 2010 i ip?"^biifiis:'iissiipi Overview, Governance, (^Rll^^fc^ and Planning Ipft^'" Scott Jamison Susan Hanley Mauro Cardarelli Upper Saddle River, NJ Boston Indianapolis San Francisco
More informationEleventh Hour Security+
Eleventh Hour Security+ Exam SYO-201 Study Guide I do Dubrawsky Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO SYNGRESS.
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationWindows Sockets Network Programming
Windows Sockets Network Programming Bob Quinn Dave Shute TT ADDISON-WESLEY PUBLISHING COMPANY Reading, Massachusetts Menlo Park, California New York Don Mills, Ontario Wokingham, England Amsterdam Bonn
More informationNetwork Security Essentials:
Network Security Essentials: Applications and Standards Fifth Edition William Stallings International Editions contributions by B. R. Chandavarkar National Institute of Technology Karnataka, Surathkal
More informationEnterprise. ESXi in the. VMware ESX and. Planning Deployment of. Virtualization Servers. Edward L. Haletky
VMware ESX and ESXi in the Enterprise Planning Deployment of Virtualization Servers Edward L. Haletky PRENTICE HALL Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto Montreal London
More informationCyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso
Cyber Attacks Protecting National Infrastructure Student Edition Edward G. Amoroso ELSEVIER. AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Butterworth-Heinemann
More informationINCIDENT RESPONSE CHECKLIST
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
More informationIDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow
IDS 4.0 Roadshow Module 1- IDS Technology Overview Agenda Network Security Network Security Policy Management Protocols The Security Wheel IDS Terminology IDS Technology HIDS and NIDS IDS Communication
More informationWHITE PAPER. Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology
WHITE PAPER Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology Table of Contents Overview 3 HIPAA & Retina Enterprise Edition 3 Six Steps of Vulnerability Assessment & Remediation
More informationNetwork Security. Windows 2012 Server. Securing Your Windows. Infrastructure. Network Systems and. Derrick Rountree. Richard Hicks, Technical Editor
Windows 2012 Server Network Security Securing Your Windows Network Systems and Infrastructure Derrick Rountree Richard Hicks, Technical Editor AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN
More informationInternet Security Systems
Internet Security Systems Monitoring the network to enhance visibility, integrity and preemtive protection ISS Company Background World s leading independent IT security provider World leader in security
More informationBUSINESS INTELLIGENCE
SECOND EDITION BUSINESS INTELLIGENCE A MANAGERIAL APPROACH INTERNATIONAL EDITION Efraim Turban University of Hawaii Ramesh Sharda Oklahoma State University Dursun Deleii Oklahoma State University David
More informationPublic Relations in Schools
Public Relations in Schools Fifth Edition Theodore J. Kowalski University of Dayton Boston Columbus Indianapolis New York San Francisco Upper Saddle River Amsterdam Cape Town Dubai London Madrid Milan
More informationIDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
More informationCloud Computing. Theory and Practice. Dan C. Marinescu. Morgan Kaufmann is an imprint of Elsevier HEIDELBERG LONDON AMSTERDAM BOSTON
Cloud Computing Theory and Practice Dan C. Marinescu AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO M< Morgan Kaufmann is an imprint of Elsevier
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationAttaining HIPAA Compliance with Retina Vulnerability Assessment Technology
l Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology Overview The final privacy rules for securing electronic health care became effective April 14th, 2003. These regulations require
More informationCYBER ATTACKS EXPLAINED: PACKET CRAFTING
CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationOverview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A
Overview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A What is NetFlow? Network protocol originally developed by Cisco
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationComputer Security Literacy
Computer Security Literacy Staying Safe in a Digital World Douglas Jacobson and Joseph Idziorek CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis
More informationCONTEMPORARY DIRECT & INTERACTIVE MARKETING
SECOND EDITION CONTEMPORARY DIRECT & INTERACTIVE MARKETING Lisa D. Spiller Christopher Newport University Martin Baier Boston Columbus Indianapolis New York San Francisco Upper Saddle River Amsterdam Cape
More informationAudio Over IP. Building Pro AolP Systems. with Livewire. Skip Pizzi. Steve Church. Focal. Press ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON
Audio Over IP Building Pro AolP Systems with Livewire Steve Church Skip Pizzi ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Focal press
More informationCourse Title: Penetration Testing: Security Analysis
Course Title: Penetration Testing: Security Analysis Page 1 of 9 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base of topics in advanced
More informationOpen Source Security Tools
Open Source Security Tools Practical Applications for Security Tony Howlett Prentice Hall Professional Technical Reference PRENTICE Upper Saddle River, NJ 07458 www.phptr.com Preface xi Audience xii Contents
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationOpen Source Software for Cyber Operations:
W H I T E P A P E R Open Source Software for Cyber Operations: Delivering Network Security, Flexibility and Interoperability Introduction For the last decade, the use of open source software (OSS) in corporate
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationHow to Painlessly Audit Your Firewalls
W h i t e P a p e r How to Painlessly Audit Your Firewalls An introduction to automated firewall compliance audits, change assurance and ruleset optimization May 2010 Executive Summary Firewalls have become
More informationIntrusion Detection System Based Network Using SNORT Signatures And WINPCAP
Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Aakanksha Vijay M.tech, Department of Computer Science Suresh Gyan Vihar University Jaipur, India Mrs Savita Shiwani Head Of
More informationManaging the Unmanageable
Managing the Unmanageable Rules, Tools, and Insights for Managing Software People and Teams MICKEY W. MANTLE RON LICHTY VVAddison-Wesley Upper Saddle River, NJ Boston Indianapolis San Francisco New York
More informationPassive Logging. Intrusion Detection System (IDS): Software that automates this process
Passive Logging Intrusion Detection: Monitor events, analyze for signs of incidents Look for violations or imminent violations of security policies accepted use policies standard security practices Intrusion
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationIntrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12
Intrusion Detection Systems and Supporting Tools Ian Welch NWEN 405 Week 12 IDS CONCEPTS Firewalls. Intrusion detection systems. Anderson publishes paper outlining security problems 1972 DNS created 1984
More informationNetwork Security Demonstration - Snort based IDS Integration -
Network Security Demonstration - Snort based IDS Integration - Hyuk Lim (hlim@gist.ac.kr) with TJ Ha, CW Jeong, J Narantuya, JW Kim Wireless Communications and Networking Lab School of Information and
More informationCompensating the Sales Force
Compensating the Sales Force A Practical Guide to Designing Winning Sales Reward Programs Second Edition David J. Cichelli Me Graw Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationStructured Threats 21 External Threats 22 Internal Threats 22 Network Attacks 22 Reconnaissance Attacks 22 Access Attacks 23 Data Retrieval 23 System
xii Contents Structured Threats 21 External Threats 22 Internal Threats 22 Network Attacks 22 Reconnaissance Attacks 22 Access Attacks 23 Data Retrieval 23 System Access 24 Privilege Escalation 24 DoS
More informationWHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks
WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.
More informationNetworking: EC Council Network Security Administrator NSA
coursemonster.com/uk Networking: EC Council Network Security Administrator NSA View training dates» Overview The EC-Council's NSA certification looks at network security from a defensive view. The NSA
More informationPCI Solution for Retail: Addressing Compliance and Security Best Practices
PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment
More informationCourse Syllabus Revised: Dec. 20, 2011.
CFRS 663/TCOM 663 Operations of Intrusion Detection and Forensics Department of Electrical and Computer Engineering George Mason University Spring, 2012 Course Syllabus Revised: Dec. 20, 2011. Instructor
More informationThreat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA
www.pwc.com Vulnerability Management (TVM) Protecting IT assets through a comprehensive program Chicago IIA/ISACA 2 nd Annual Hacking Conference Introductions Paul Hinds Managing Director Cybersecurity
More informationSecureVue Product Brochure
SecureVue unifies next-generation SIEM, security configuration auditing, compliance automation and contextual forensic analysis into a single platform, delivering situational awareness, operational efficiency
More informationPenta Security 3rd Generation Web Application Firewall No Signature Required. www.gasystems.com.au
Penta Security 3rd Generation Web Application Firewall No Signature Required www.gasystems.com.au 1 1 The Web Presence Demand The Web Still Grows INTERNET USERS 2006 1.2B Internet Users - 18% of 6.5B people
More informationEnterprise SysLog Manager (ESM)
Enterprise SysLog Manager (ESM) ESM is a managed network security appliance (scalable HP server) with database for the collection, management and reporting of syslog messages, from critical hosts and network
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Intrusion Detection System 1 Intrusion Definitions A set of actions aimed to compromise the security
More informationNetwork Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
More informationFlow Analysis Versus Packet Analysis. What Should You Choose?
Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationAKAMAI WHITE PAPER. The Challenges of Connecting Globally in the Pharmaceutical Industry
AKAMAI WHITE PAPER The Challenges of Connecting Globally in the Pharmaceutical Industry The Challenges of Connecting Globally in the Pharmaceutical Industry TABLE OF CONTENTS EXECUTIVE SUMMARY 1 GLOBAL
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationSecurity Information and
Security Information and Event Management (SIEM) Implementation DAVID R. MILLER SHON HARRIS I ALLEN A. HARPER STEPHEN VANDYKE CHRIS BLASK Mc Graw Hill New York Chicago San Francisco Lisbon London Madrid
More informationDetection. Perspective. Network Anomaly. Bhattacharyya. Jugal. A Machine Learning »C) Dhruba Kumar. Kumar KaKta. CRC Press J Taylor & Francis Croup
Network Anomaly Detection A Machine Learning Perspective Dhruba Kumar Bhattacharyya Jugal Kumar KaKta»C) CRC Press J Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor
More informationIntrusion Detection in AlienVault
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationBuilding OpenSocial Apps
Building OpenSocial Apps A Field Guide to Working with the MySpace Platform Chris Cole Chad Russell Jessica Whyte AAddison-Wesley Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto
More informationThe Crossroads of Accounting & IT
The Crossroads of Accounting & IT Donna Kay, MBA, PhD, CPA, CITP Maryville University of Saint Louis Ali Ovlia, MS, DM Webster University Pearson Boston Columbus- Indianapolis New York San Francisco Upper
More informationSTEALTHWATCH MANAGEMENT CONSOLE
STEALTHWATCH MANAGEMENT CONSOLE The System by Lancope is a leading solution for network visibility and security intelligence across physical and virtual environments. With the System, network operations
More informationMIKE COHN. Software Development Using Scrum. VAddison-Wesley. Upper Saddle River, NJ Boston Indianapolis San Francisco
Software Development Using Scrum MIKE COHN VAddison-Wesley Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto Montreal London Munich Paris Madrid Cape Town Sydney Tokyo Singapore
More informationNetwork Performance Monitoring at Minimal Capex
Network Performance Monitoring at Minimal Capex Some Cisco IOS technologies you can use to create a high performance network Don Thomas Jacob Technical Marketing Engineer About ManageEngine Network Servers
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationSecuring and Monitoring BYOD Networks using NetFlow
Securing and Monitoring BYOD Networks using NetFlow How NetFlow can help with Security Analysis, Application Detection and Traffic Monitoring Don Thomas Jacob Technical Marketing Engineer ManageEngine
More informationNSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs
Mandatory Knowledge Units 1.0 Core2Y 1.1 Basic Data Analysis The intent of this Knowledge Unit is to provide students with basic abilities to manipulate data into meaningful information. 1.1.1 Topics Summary
More informationNetwork Intrusion Analysis (Hands-on)
Network Intrusion Analysis (Hands-on) TCP/IP protocol suite is the core of the Internet and it is vital to understand how it works together, its strengths and weaknesses and how it can be used to detect
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationContents. vii. Preface. P ART I THE HONEYNET 1 Chapter 1 The Beginning 3. Chapter 2 Honeypots 17. xix
Honeynet2_bookTOC.fm Page vii Monday, May 3, 2004 12:00 PM Contents Preface Foreword xix xxvii P ART I THE HONEYNET 1 Chapter 1 The Beginning 3 The Honeynet Project 3 The Information Security Environment
More informationCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY PRINCIPLES AND PRACTICE SIXTH EDITION William Stallings International Edition contributions by Mohit P Tahiliani NITK Surathkal PEARSON Boston Columbus Indianapolis New
More informationSecuring Web Applications...at the Network Layer
Securing Web Applications......at the Network Layer OWASP Spain Chapter Meeting 16 th June, 2006 Barcelona (ES) Carlos Fragoso Mariscal Chief Technical Director carlos@jessland.net Securing Web Applications
More informationinet Enterprise Features Fact Sheet
2007 inet Enterprise Features Fact Sheet inetmon Sdn. Bhd. 1010 & 1011, Tingkat 10 Blok D, Dataran Usahawan Kelana,17, Jalan SS 7/26, Kelana Jaya, 47301 Petaling Jaya, Selangor Darul Ehsan Tel: 603-7880
More informationThe New PCI Requirement: Application Firewall vs. Code Review
The New PCI Requirement: Application Firewall vs. Code Review The Imperva SecureSphere Web Application Firewall meets the new PCI requirement for an application layer firewall. With the highest security
More information