Large-scale coordinated attacks: Impact on the cloud security
|
|
- Allen Freeman
- 8 years ago
- Views:
Transcription
1 Large-scale coordinated attacks: Impact on the cloud security Damien Riquet Gilles Grimaud M. Hauspie Team 2xS Université Lille 1, France MCNCS, Palermo, 2012 D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...1/26
2 Study on the impact of distributed attacks on Cloud Computing Cloud Computing: a popular model to process large data set Several layers according to the needs of customers Store confidential data Growing concern about its security Attacks on the cloud Distributed attacks to evade security solutions Weaknesses of cloud structure D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...2/26
3 D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...3/26
4 D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...3/26
5 D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...3/26
6 D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...3/26
7 Goals of this paper Study security solutions used by Cloud Computing Show that distributed attacks could be very efficient 1-path architecture Use case: distributed portscan D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...4/26
8 Outline How Cloud Computing can be secured 1 How Cloud Computing can be secured D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...5/26
9 Outline How Cloud Computing can be secured Security solutions commonly used Detection methods 1 How Cloud Computing can be secured Security solutions commonly used Detection methods D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...6/26
10 Security solutions commonly used Detection methods Cloud security - Security solutions commonly used Firewalls [BC94] At the border of the network Analyze traffic between two networks Security policies Intrusion Detection System (IDS) [Ped05] Network or Host based Passive device: raise alarms Pattern-matching, analyze traffic D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...7/26
11 Detection methods Security solutions commonly used Detection methods Misuse detection Look for known patterns of misuse Pattern-matching Need constant update of the database Anomaly detection Knowledge of standard Raise an alarm when an anomaly is detected Detect unknown attacks May raise a lot of false positive D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...8/26
12 Outline How Cloud Computing can be secured Definition Distribution methods 1 How Cloud Computing can be secured 2 Definition Distribution methods 3 4 D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...9/26
13 : a use case Definition Distribution methods [Shi00] A portscan is... «an attack that sends client requests to a range of server port addresses on a host, with the goal of finding an active port and exploiting a known vulnerability of that service.» Usage and goals Reconnaissance phase Discover weaknesses of a network Used by worms, malicious hackers D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...10/26
14 How to distribute a portscan Definition Distribution methods Naive distribution [KCS07] Sequential utilization of scanners Use a scanner until it is detected then select another one Parallel distribution Distribute ports among scanners Execute portscan on scanners Process results afterwards D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...11/26
15 Outline How Cloud Computing can be secured Security solutions Network architecture Benchmark configurations 1 How Cloud Computing can be secured 2 3 Security solutions Network architecture Benchmark configurations 4 D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...12/26
16 Tested security solutions Security solutions Network architecture Benchmark configurations Snort Popular open source IDS Detection methods Signature-based (written by the community) Threshold-based (sfportscan module) Commercial firewall United Threat Management (network firewall and an IDS) Detection methods Anomaly-based (TCP Automaton) Threshold-based D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...13/26
17 Network architecture Security solutions Network architecture Benchmark configurations Cloud Computing Internet host Cloud host Firewall / IDS D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...14/26
18 Benchmark configurations Security solutions Network architecture Benchmark configurations Network architecture Portscan Number of scanners: 2 n, with 1 n 6 Number of targets (Snort): 2 n, with 1 n 6 Number of targets (Commercial): 4 Security solution configuration: default Portscan timing: insane aggressive normal polite 5 ms 10 ms 0.4 s 0.4 s Number of ports: 100 per target (most used ports) Distribution methods: Naive and Parallel Portscan techniques: Connect, SYN, RPC, FIN, Xmas and Null D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...15/26
19 Outline How Cloud Computing can be secured Evaluation Connect scanning Null scanning wrap up 1 How Cloud Computing can be secured Evaluation Connect scanning Null scanning wrap up D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...16/26
20 Evaluation How Cloud Computing can be secured Evaluation Connect scanning Null scanning wrap up Attacker Success Rate n = Number of ports successfully scanned before detection T = Total number of ports to scan ASR = n T The lower is the ASR, the better is the security solution Successful portscan : undetected correct port state generated traffic reaches targets D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...17/26
21 Connect scanning - 4 targets Evaluation Connect scanning Null scanning wrap up Naive Parallel 100 ASR insane aggressive normal polite insane aggressive normal polite Snort Naive Parallel 100 ASR insane aggressive normal polite insane aggressive normal polite Commercial firewall D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...18/26
22 Connect scanning - 4 targets Evaluation Connect scanning Null scanning wrap up Naive Parallel 100 ASR insane aggressive normal polite insane aggressive normal polite Snort Naive Parallel 100 ASR insane aggressive normal polite insane aggressive normal polite Commercial firewall D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...18/26
23 Connect scanning - 4 targets Evaluation Connect scanning Null scanning wrap up Naive Parallel 100 ASR insane aggressive normal polite insane aggressive normal polite Snort Naive Parallel 100 ASR insane aggressive normal polite insane aggressive normal polite Commercial firewall D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...18/26
24 Connect scanning - Snort Evaluation Connect scanning Null scanning wrap up Naive Parallel 100 ASR insane aggressive normal polite insane aggressive normal polite Snort - 8 targets Naive Parallel 100 ASR insane aggressive normal polite insane aggressive normal polite Snort - 32 targets D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...19/26
25 Connect scanning - Snort Evaluation Connect scanning Null scanning wrap up Naive Parallel 100 ASR insane aggressive normal polite insane aggressive normal polite Snort - 8 targets Naive Parallel 100 ASR insane aggressive normal polite insane aggressive normal polite Snort - 32 targets D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...19/26
26 Null scanning - 4 targets Evaluation Connect scanning Null scanning wrap up Naive Parallel 100 ASR insane aggressive normal polite insane aggressive normal polite Snort Naive Parallel 100 ASR insane aggressive normal polite insane aggressive normal polite Commercial firewall D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...20/26
27 Null scanning - 4 targets Evaluation Connect scanning Null scanning wrap up Naive Parallel 100 ASR insane aggressive normal polite insane aggressive normal polite Snort Naive Parallel 100 ASR insane aggressive normal polite insane aggressive normal polite Commercial firewall D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...20/26
28 wrap up Evaluation Connect scanning Null scanning wrap up Distributed attacks could be very efficient: 32/64 scanners are enough to remain undetected Weaknesses of security solution (timing, outdated database) Parallel distribution succeeds in obfuscating the attack Commercial firewall has better results D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...21/26
29 Study of security solutions commonly used Impact of distributed attacks on Cloud Computing 32 scanners are enough to remain undetected No network noise Future work Multipath attacks Collaborative IDS using virtual and physical probes D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...22/26
30 Questions Large-scale coordinated attacks: Impact on the cloud security Damien Riquet - damien.riquet@lifl.fr Gilles Grimaud - gilles.grimaud@lifl.fr Michaël Hauspie - michael.hauspie@lifl.fr riquetd/ D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...23/26
31 References I S. M Bellovin and W. R Cheswick, Network firewalls, IEEE Communications Magazine 32 (1994), no. 9, Min Gyung Kang, Juan Caballero, and Dawn Song, Distributed evasive scan techniques and countermeasures, Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment (Berlin, Heidelberg), DIMVA 07, Springer-Verlag, 2007, p Naga Raju Peddisetty, State-of-the-art intrusion detection: Technology, challenges, and evaluation, R. Shirey, RFC Internet Security Glossary, May D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...24/26
32 Multipath attacks Attackers Targets Attackers Targets D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...25/26
33 Collaborative security system DSL Host Hypervisor Virtual probe FPGA Guest OS Guest OS Physical probe Virtual probe D. Riquet, G. Grimaud, M. Hauspie Large-scale coordinated attacks: Impact on the cloud...26/26
Étude de l impact des attaques distribuées et multi-chemins sur les solutions de sécurité réseaux
Étude de l impact des attaques distribuées et multi-chemins sur les solutions de sécurité réseaux Damien Riquet Gilles Grimaud Michaël Hauspie Team 2xS Université Lille 1, France 29 Octobre 2012 D. Riquet,
More informationHost-based Intrusion Prevention System (HIPS)
Host-based Intrusion Prevention System (HIPS) White Paper Document Version ( esnhips 14.0.0.1) Creation Date: 6 th Feb, 2013 Host-based Intrusion Prevention System (HIPS) Few years back, it was relatively
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationDevelopment of a Network Intrusion Detection System
Development of a Network Intrusion Detection System (I): Agent-based Design (FLC1) (ii): Detection Algorithm (FLC2) Supervisor: Dr. Korris Chung Please visit my personal homepage www.comp.polyu.edu.hk/~cskchung/fyp04-05/
More information8 Steps for Network Security Protection
8 Steps for Network Security Protection cognoscape.com 8 Steps for Network Security Protection Many small and medium sized businesses make the mistake of thinking they won t be the target of hackers because
More informationSecond-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they
More information8 Steps For Network Security Protection
8 Steps For Network Security Protection 8 Steps For Network Security Protection Many small and medium sized businesses make the mistake of thinking they won t be the target of hackers because of their
More informationPort Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.
Port Scanning Objectives 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap. Introduction: All machines connected to a LAN or connected to Internet via a modem
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationModule II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University
Module II. Internet Security Chapter 7 Intrusion Detection Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 7.1 Threats to Computer System 7.2 Process of Intrusions
More informationPort Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology
Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance
More informationIntrusion Detection System Based Network Using SNORT Signatures And WINPCAP
Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Aakanksha Vijay M.tech, Department of Computer Science Suresh Gyan Vihar University Jaipur, India Mrs Savita Shiwani Head Of
More informationBarracuda Intrusion Detection and Prevention System
Providing complete and comprehensive real-time network protection Today s networks are constantly under attack by an ever growing number of emerging exploits and attackers using advanced evasion techniques
More informationDetecting Computer Worms in the Cloud
Detecting Computer Worms in the Cloud Sebastian Biedermann and Stefan Katzenbeisser Security Engineering Group Department of Computer Science Technische Universität Darmstadt {biedermann,katzenbeisser}@seceng.informatik.tu-darmstadt.de
More informationHow To Protect A Network From Attack From A Hacker (Hbss)
Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures DAVID COLE, DIRECTOR IS AUDITS, U.S. HOUSE OF REPRESENTATIVES Assessment Planning Assessment Execution Assessment
More informationIntrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12
Intrusion Detection Systems and Supporting Tools Ian Welch NWEN 405 Week 12 IDS CONCEPTS Firewalls. Intrusion detection systems. Anderson publishes paper outlining security problems 1972 DNS created 1984
More informationSystem Specification. Author: CMU Team
System Specification Author: CMU Team Date: 09/23/2005 Table of Contents: 1. Introduction...2 1.1. Enhancement of vulnerability scanning tools reports 2 1.2. Intelligent monitoring of traffic to detect
More informationCoimbatore-47, India. Keywords: intrusion detection,honeypots,networksecurity,monitoring
Volume 4, Issue 8, August 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Investigate the
More informationAnalyzing Intrusion Detection System Evasions Through Honeynets
Analyzing Intrusion Detection System Evasions Through Honeynets J.S Bhatia 1, Rakesh Sehgal 2, Simardeep Kaur 3, Siddharth Popli 4 and Nishant Taneja 5 1 Centre for Development of Advanced Computing 2,
More informationIntrusion Detection Systems. Darren R. Davis Student Computing Labs
Intrusion Detection Systems Darren R. Davis Student Computing Labs Overview Intrusion Detection What is it? Why do I need it? How do I do it? Intrusion Detection Software Network based Host based Intrusion
More informationIntrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool
Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool Mukta Garg Assistant Professor, Advanced Educational Institutions, Palwal Abstract Today s society
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationReducing Application Vulnerabilities by Security Engineering
Reducing Application Vulnerabilities by Security Engineering - Subash Newton Manager Projects (Non Functional Testing, PT CoE Group) 2008, Cognizant Technology Solutions. All Rights Reserved. The information
More informationAdvancement in Virtualization Based Intrusion Detection System in Cloud Environment
Advancement in Virtualization Based Intrusion Detection System in Cloud Environment Jaimin K. Khatri IT Systems and Network Security GTU PG School, Ahmedabad, Gujarat, India Mr. Girish Khilari Senior Consultant,
More informationDivide and Conquer Real World Distributed Port Scanning
Divide and Conquer Real World Distributed Port Scanning Ofer Maor CTO Hacktics 16 Feb 2006 Hackers & Threats I, 3:25PM (HT1-302) Introduction Divide and Conquer: Real World Distributed Port Scanning reviews
More informationIntelligent. Data Sheet
Cisco IPS Software Product Overview Cisco IPS Software is the industry s leading network-based intrusion prevention software. It provides intelligent, precise, and flexible protection for your business
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationNetwork Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide?
Network Scanning What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide? Where will our research go? Page : 1 Function - attacker view What hosts
More informationMalicious Network Traffic Analysis
Malicious Network Traffic Analysis Uncover system intrusions by identifying malicious network activity. There are a tremendous amount of network based attacks to be aware of on the internet today and the
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationFundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals
Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure.
More informationIDS Categories. Sensor Types Host-based (HIDS) sensors collect data from hosts for
Intrusion Detection Intrusion Detection Security Intrusion: a security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts
More informationUnit 3 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.
Running head: UNIT 3 RESEARCH PROJECT 1 Unit 3 Research Project Eddie S. Jackson Kaplan University IT540: Management of Information Security Kenneth L. Flick, Ph.D. 10/07/2014 UNIT 3 RESEARCH PROJECT 2
More informationADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN ABSTRACT Muraleedharan N and Arun Parmar Centre for Development of Advanced Computing (C-DAC) Electronics City, Bangalore, India {murali,parmar}@ncb.ernet.in
More informationDescription: Course Details:
Course: Malicious Network Traffic Analysis Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: There are a tremendous amount of network based attacks to be aware of on the internet
More informationAttacks and Defense. Phase 1: Reconnaissance
Attacks and Defense Phase 1: Reconnaissance Phase 2: Port Scanning Phase 3: Gaining Access Using Application and Operating System Using Networks Phase 1: Reconnaissance Known as information gathering.
More informationIDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
More informationConfiguring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA
Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline
More informationPerformance Evaluation of Intrusion Detection Systems
Performance Evaluation of Intrusion Detection Systems Waleed Farag & Sanwar Ali Department of Computer Science at Indiana University of Pennsylvania ABIT 2006 Outline Introduction: Intrusion Detection
More informationA Proposed Architecture of Intrusion Detection Systems for Internet Banking
A Proposed Architecture of Intrusion Detection Systems for Internet Banking A B S T R A C T Pritika Mehra Post Graduate Department of Computer Science, Khalsa College for Women Amritsar, India Mehra_priti@yahoo.com
More informationCisco IPS Tuning Overview
Cisco IPS Tuning Overview Overview Increasingly sophisticated attacks on business networks can impede business productivity, obstruct access to applications and resources, and significantly disrupt communications.
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 9 Firewalls and Intrusion Prevention Systems First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Firewalls and Intrusion
More informationIntrusion Detection Systems
Intrusion Detection Systems Intrusion Detection Systems Intrusion Detection Systems: Overview IDS Acronyms & Definition Components Recognition & Response Security Interoperability & Cooperation HIDS NIDS
More informationContents. Intrusion Detection Systems (IDS) Intrusion Detection. Why Intrusion Detection? What is Intrusion Detection?
Contents Intrusion Detection Systems (IDS) Presented by Erland Jonsson Department of Computer Science and Engineering Motivation and basics (Why and what?) IDS types and principles Key Data Problems with
More informationComputer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 6, Nov. 10, 2010 Firewalls, Intrusion Prevention, Intrusion Detection
More informationIntrusion Detection Systems
Intrusion Detection Systems Advanced Computer Networks 2007 Reinhard Wallner reinhard.wallner@student.tugraz.at Outline Introduction Types of IDS How works an IDS Attacks to IDS Intrusion Prevention Systems
More informationThreat Center. Real-time multi-level threat detection, analysis, and automated remediation
Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities
More informationFIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others
FIREWALLS FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN flooding: attacker
More informationProfessional Penetration Testing Techniques and Vulnerability Assessment ...
Course Introduction Today Hackers are everywhere, if your corporate system connects to internet that means your system might be facing with hacker. This five days course Professional Vulnerability Assessment
More informationIntrusion Detection for Mobile Ad Hoc Networks
Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems
More informationRole of Anomaly IDS in Network
Role of Anomaly IDS in Network SumathyMurugan 1, Dr.M.Sundara Rajan 2 1 Asst. Prof, Department of Computer Science, Thiruthangal Nadar College, Chennai -51. 2 Asst. Prof, Department of Computer Science,
More informationCourse Title: Penetration Testing: Network & Perimeter Testing
Course Title: Penetration Testing: Network & Perimeter Testing Page 1 of 7 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base of topics
More informationKingston University London
Kingston University London Analysis and Testing of Intrusion Detection/Prevention Systems (IDS/IPS) XYLANGOURAS ELEFTHERIOS Master of Science in Networking and Data Communications THESIS Kingston University
More informationManaged Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?
Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security
More informationG/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy
For Public Use G/On Basic Best Practice Reference Guide Version 6 Make Connectivity Easy 2006 Giritech A/S. 1 G/On Basic Best Practices Reference Guide v.6 Table of Contents Scope...3 G/On Server Platform
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationSecurity Event Management. February 7, 2007 (Revision 5)
Security Event Management February 7, 2007 (Revision 5) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 CRITICAL EVENT DETECTION... 3 LOG ANALYSIS, REPORTING AND STORAGE... 7 LOWER TOTAL COST
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationBanking Security using Honeypot
Banking Security using Honeypot Sandeep Chaware D.J.Sanghvi College of Engineering, Mumbai smchaware@gmail.com Abstract New threats are constantly emerging to the security of organization s information
More informationIDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow
IDS 4.0 Roadshow Module 1- IDS Technology Overview Agenda Network Security Network Security Policy Management Protocols The Security Wheel IDS Terminology IDS Technology HIDS and NIDS IDS Communication
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationProject Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology. Project Proposal 1
Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology Project Proposal 1 Project Proposal 2 Abstract Honeypot systems are readily used by organizations large and
More informationReference Architecture: Enterprise Security For The Cloud
Reference Architecture: Enterprise Security For The Cloud A Rackspace Whitepaper Reference Architecture: Enterprise Security for the Cloud Cover Table of Contents 1. Introduction 2 2. Network and application
More informationSlow Port Scanning Detection
Slow Port Scanning Detection Mehiar Dabbagh 1, Ali J. Ghandour 1, Kassem Fawaz 1, Wassim El Hajj 2, Hazem Hajj 1 1 Department of Electrical and Computer Engineering 2 Department of Computer Science American
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationOPEN SOURCE SECURITY
OPEN SOURCE SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationBlack Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!
Sample Penetration Testing Report Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$%&'#)*)&'+,-./0.-121.030045.5675895.467:;83-/;0383; th, yyyy A&0#0+4*M:+:#&*#0%+C:,#0+4N:
More informationDeployment of Snort IDS in SIP based VoIP environments
Deployment of Snort IDS in SIP based VoIP environments Jiří Markl, Jaroslav Dočkal Jaroslav.Dockal@unob.cz K-209 Univerzita obrany Kounicova 65, 612 00 Brno Czech Republic Abstract This paper describes
More informationWhite Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management
White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationEffective Threat Management. Building a complete lifecycle to manage enterprise threats.
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
More informationCSCI 4250/6250 Fall 2015 Computer and Networks Security
CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP
More informationFirewalls and Intrusion Detection
Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall
More informationApplication Security Backgrounder
Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International
More informationVulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper
Vulnerability Audit: Why a Vulnerability Scan Isn t Enough White Paper May 10, 2005 TABLE OF CONTENTS Introduction: How Secure Are My Systems?... 3 Vulnerability: The Modern Meaning Of A Muddled Word...
More informationEC-Council. Certified Ethical Hacker. Program Brochure
EC-Council C Certified E Ethical Hacker Program Brochure Course Description The (CEH) program is the core of the most desired information security training system any information security professional
More informationSecurity Mgt. Tools and Subsystems
Security Mgt. Tools and Subsystems some attack and defense security tools at work Reconaissance Passive Active Penetration Classes of tools (network-bound) Passive Reconaissance Passively listen and analyze
More informationNational Cyber League Certified Ethical Hacker (CEH) TM Syllabus
National Cyber League Certified Ethical Hacker (CEH) TM Syllabus Note to Faculty This NCL Syllabus is intended as a supplement to courses that are based on the EC- Council Certified Ethical Hacker TM (CEHv8)
More informationFirewalls Netasq. Security Management by NETASQ
Firewalls Netasq Security Management by NETASQ 1. 0 M a n a g e m e n t o f t h e s e c u r i t y b y N E T A S Q 1 pyright NETASQ 2002 Security Management is handled by the ASQ, a Technology developed
More information10 Things Every Web Application Firewall Should Provide Share this ebook
The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security
More informationIxLoad-Attack: Network Security Testing
IxLoad-Attack: Network Security Testing IxLoad-Attack tests network security appliances determining that they effectively and accurately block attacks while delivering high end-user quality of experience
More informationCHAPTER 1 INTRODUCTION
21 CHAPTER 1 INTRODUCTION 1.1 PREAMBLE Wireless ad-hoc network is an autonomous system of wireless nodes connected by wireless links. Wireless ad-hoc network provides a communication over the shared wireless
More informationDirectory and File Transfer Services. Chapter 7
Directory and File Transfer Services Chapter 7 Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP over traditional authentication systems Identify major
More informationFirewall Tips & Tricks. Paul Asadoorian Network Security Engineer Brown University November 20, 2002
Firewall Tips & Tricks Paul Asadoorian Network Security Engineer Brown University November 20, 2002 Holy Firewall Batman! Your Network Evil Hackers Firewall Defense in Depth Firewalls mitigate risk Blocking
More informationVULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION
VULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION copyright 2003 securitymetrics Security Vulnerabilities of Computers & Servers Security Risks Change Daily New
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Intrusion Detection System 1 Intrusion Definitions A set of actions aimed to compromise the security
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationPenetration Testing. Security Testing
Penetration Testing Gleneesha Johnson Advanced Topics in Software Testing Fall 2004 Security Testing Method of risk evaluation Testing security mechanisms to ensure that their functionality is properly
More informationHow to Make Your IDS Useful. Joel M Snyder Senior Partner Opus One jms@opus1.com
How to Make Your IDS Useful Joel M Snyder Senior Partner Opus One jms@opus1.com Agenda: IDS Why are we looking at IDS? The 5 Ws of IDS Analysis The IDS Analysis Cycle 2 IDS Has Little to Do With Intrusions
More informationIntrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis
Intrusion Detection Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationAttack Evaluation and Mitigation Framework
Attack Evaluation and Mitigation Framework Laura Gheorghe, Răzvan Rughiniş, Nicolae Ţăpuş Politehnica University of Bucharest, Romania laura.gheorghe@cs.pub.ro, razvan.rughinis@cs.pub.ro, ntapus@cs.pub.ro
More informationNetwork Monitoring Tool to Identify Malware Infected Computers
Network Monitoring Tool to Identify Malware Infected Computers Navpreet Singh Principal Computer Engineer Computer Centre, Indian Institute of Technology Kanpur, India navi@iitk.ac.in Megha Jain, Payas
More informationHow To Protect Your Firewall From Attack From A Malicious Computer Or Network Device
Ch.9 Firewalls and Intrusion Prevention Systems Firewalls: effective means of protecting LANs Internet connectivity is essential for every organization and individuals introduces threats from the Internet
More informationCooperating Security Management for Mutually Trusted Secure Networks
Cooperating Security Management for Mutually Trusted Secure Networks Lai-Ming Shiue Department of Applied Mathematics National Chung-Hsing University Taichung 402, Taiwan Shang-Juh Kao Department of Computer
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationSecurity Advisory. Some IPS systems can be easily fingerprinted using simple techniques.
Some IPS systems can be easily fingered using simple techniques. The unintentional disclosure of which security devices are deployed within your defences could put your network at significant risk. Security
More informationTIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13
COURSE TITLE : INFORMATION SECURITY COURSE CODE : 5136 COURSE CATEGORY : ELECTIVE PERIODS/WEEK : 4 PERIODS/SEMESTER : 52 CREDITS : 4 TIME SCHEDULE MODULE TOPICS PERIODS 1 Introduction to Computer Security
More informationFrom Network Security To Content Filtering
Computer Fraud & Security, May 2007 page 1/10 From Network Security To Content Filtering Network security has evolved dramatically in the last few years not only for what concerns the tools at our disposals
More informationCautela Labs Cloud Agile. Secured.
Cautela Labs Cloud Agile. Secured. Vulnerability Management Scanning and Assessment Service Vulnerability Management Services New network, application and database vulnerabilities emerge every day. Because
More information