Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1. Network Security. Canada France Meeting on Security, Dec 06-08

Size: px
Start display at page:

Download "Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1. Network Security. Canada France Meeting on Security, Dec 06-08"

Transcription

1 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1 Network Security

2 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 2 Collaboration with Frank Akujobi Michel Barbeau Joaquin Garcia-Alfaro Jyanthi Hall John Lambadaris Paul Vanorschoot Tao Wan David Whyte

3 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 3 Outline The Network is a complex dynamical system whose security requires the interaction of multiple techniques. DNS (Domain Name Server) BGP (Border Gateway Protocol) NEM (Network Exposure Maps) Endpoint-Driven Intrusion Detection RFF (Radio Frequency Fingerprinting) RFID (Radio Frequency ID) Sensor Networks

4 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 4 DNS

5 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 5 Problem Scanning worm propagation can occur extremely fast Recall Slammer infected 90 % of vulnerable Internet hosts in less than 10 mins. Automated countermeasures are required for worm containment and suppression Current worm propagation detection methods are limited by: Speed of detection Inability to detect zero-day worms Inability to detect slow scanning worms High false positive rate

6 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 6 Characteristics Scanning worms can employ a variety of strategies to infect systems Topological scanning Slow scanning Fast scanning So far, all make use of a pseudo random generated 32-bit numbers to determine their targets The use of numeric IP addresses does not require a DNS lookup Violation of typical network behavior (i.e. DNS)

7 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 7 Detection Approach Most legitimate traffic uses the alphanumeric equivalent of an IP address and thus requires a DNS lookup Hosts within a domain use their respective DNS servers for IP translations As the network traffic leaves the network boundary it can easily be determined if a DNS request was involved If no DNS query is detected for a con-attempt it is considered anomalous

8 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 8 BGP

9 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 9 Routing on the Internet

10 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 10 Common BGP Security Goals Data Origin Authentication BGP Speaker Authentication AS Number Authentication Data Integrity (of control messages) Message Truthfulness Prefix Ownership Verification AS-PATH Verification

11 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 11 Proposals for BGP Security Problem: for r := [prefix, AS path] how do we secure the operation S-BGP sobgp psbgp (pretty secure BGP) f(rt t, r) = rt t+1? A Centralized Trust Model for AS# Authentication A Decentralized Trust Model for Prefix Ownership Verification

12 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 12 NEM

13 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 13 Attribution-based Scanning Detection Variety of scanning detection techniques Observing connection failures Abnormal network behavior Connections to darkspace Increased connection attempts Majority of these rely on correlating scanning activity based on the perceived last-hop Focus of detection is who is scanning instead of what is being scanned

14 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 14 Attribution is not practical! Attribution is not practical for an increasing number of sophisticated scanning techniques Focus on attribution overlooks critical components of any observed scanning campaign: What are my adversaries looking for? Has the network behavior changed as a result of being scanned? Exemplar technique: Darkports and Exposure Maps

15 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 15 Exposure Maps and Darkports (Intended Capabilities) Scanning detection Sophisticated and simple Active Response Network awareness allows for fine grained response Network Discovery and Asset Classification Exposure Profiles Network Change Detection Trans-darkports and changes in exposure profile

16 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 16 HEM (Host Exposure Map) Associated with a fixed IP address (host), is the set of ports observed responding to external connection attempts within a predefined period. For each active host i in the network, HEM i is a set of elements each of which begins with the IP address of i, followed by a port number j; there is such an element for each port j that has responded to a connection attempt within a predefined period. In symbols, we can abbreviate this as HEM i = {IP i : port j port j was observed responding}.

17 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 17 Endpoint Driven Intrusion Detection

18 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 18 Intrusion Detection Techniques Signature-based Host anti-virus signature Network traffic profiling Anomaly-based Host anomalous behavior Network traffic anomalies

19 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 19 Requirement for effective detection and containment Verifiable detection of malicious intrusions Collaborative network-based containment Automated rapid response

20 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 20 Proposed detection technique Detector agent (DA) running on detector endpoints (DEs) DEs located in distributed subnets or cells DA responds to anomalous host behavior DA sends alert to gateway router (GR) DA performs real-time recording of intrusion traffic profiles. srcip, dstport, proto More flow characteristics can be recorded with deep packet inspection DA sends traffic profile records to GR

21 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 21 Radio Frequency Fingerprinting (RFF)

22 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 22 Radio Frequency Fingerprint Pioneered by the military to track movement of enemy troops. Designed to capture unique characteristics of the transceiver s radio frequency energy, for identifying cell phones and other devices. Has been implemented, as an authentication mechanism, by cellular carriers (e.g. Bell Nynex), to combat cloning fraud.

23 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 23 Signal from a b Transceiver LUCENT MODEL 404 SIGNAL 20 TRANSIENT 1000 Amplitude Samples Original Signal

24 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 24 RFF Transceiverprints Transceiverprints cannot be easily forged unless the entire circuitry of a transceiver can be replicated. After extracting the transient its instantaneous amplitude, phase and frequency are obtained. Using these components, one or more features are extracted. This set of features represents a fingerprint of the transceiver, or in other words transceiverprint. The transceiverprint is, in turn, classified as belonging to one of the profiled transceivers.

25 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 25 Intrusion Detection Framework (Two Phases) 1. Profiling (a) Transient-, Component-, and Feature-Extractor (b) Profile Definition and Update 2. Classification (a) Identification of Transceivers (b) Validation (Statistical Classifier, Decision Filter)

26 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 26 Transient Detection using Threshold (3Com Model 49) 2.5 3Com Model 49 Signal 5 T/4 samples 2 CHANNEL NOISE TRANSIENT Fractal Dimension m = 1 m = m = 3500 START OF TRANSIENT Samples

27 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 27 Test Case for Threshold Detection 100 3Com Model 49 Signal 5 Amplitude Detection Value ( threshold = 0.030) Start of Transient Fractal Trajectory 3 Fractal Dimension Samples

28 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 28 Radio Frequency Identification (RFID)

29 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa RFIDs to replace Barcodes 29

30 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 30 RFID Tags Radio frequency devices that transmit information (e.g., serial numbers) to compliant readers in a contactless manner Classified in the literature as: Passive: transmission power is derived from reader Active: energy comes from on-board battery Semi-passive: battery to power microchips, but transmission power from reader Electronic Product Code (EPC) tags Main kind of tags spread on todays RFID supply chain applications Passive UHF RFID tags EPCglobal inc: Main organization controlling development

31 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 31 RFID Issues

32 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 32 Open Problems 1. Threats to and by front-end components (i.e., tags and readers) 2. Attacks against the back-end components (i.e., middleware and database systems) 3. Vulnerabilities of the ONS (Object Name Service) discovery service Heritage of well-known threats against DNS protocols 4. Privacy and security concerns during the receiving of information Availability, confidentiality, and integrity limitations Moreover, necessity of a fine grained access control for the interaction of principals

33 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 33 Sensor Networks

34 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 34 Problems Given a layout of sensors produce predictable security parameters in order to protect a given area a given border

Intrusion Detection for Mobile Ad Hoc Networks

Intrusion Detection for Mobile Ad Hoc Networks Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems

More information

NETWORK SCANNING DETECTION STRATEGIES FOR ENTERPRISE NETWORKS

NETWORK SCANNING DETECTION STRATEGIES FOR ENTERPRISE NETWORKS NETWORK SCANNING DETECTION STRATEGIES FOR ENTERPRISE NETWORKS by David Whyte A thesis submitted to the Faculty of Graduate Studies and Research in partial fulfillment of the requirements for the degree

More information

ARP-based Detection of Scanning Worms Within an Enterprise Network

ARP-based Detection of Scanning Worms Within an Enterprise Network ARP-based Detection of Scanning Worms Within an Enterprise Network David Whyte P.C. van Oorschot Evangelos Kranakis Abstract Rapidly propagating worms are arguably the greatest security threat currently

More information

Security Toolsets for ISP Defense

Security Toolsets for ISP Defense Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.

More information

DNS-based Detection of Scanning Worms in an Enterprise Network

DNS-based Detection of Scanning Worms in an Enterprise Network DNS-based Detection of Scanning Worms in an Enterprise Network David Whyte Evangelos Kranakis P.C. van Oorschot School of Computer Science Carleton University Ottawa, Ontario, Canada dlwhyte, kranakis,

More information

Enabling the secure use of RFID

Enabling the secure use of RFID Enabling the secure use of RFID BLACK ME/FOTOLIA.com Enhancing security of radio frequency identification to connect safely to the Internet of Things UHF radio frequency identification (RFID) promises

More information

Radware s Behavioral Server Cracking Protection

Radware s Behavioral Server Cracking Protection Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information

More information

Radio Frequency Identification (RFID) Presenter: Dusan Stevanovic April 3, 2007

Radio Frequency Identification (RFID) Presenter: Dusan Stevanovic April 3, 2007 Radio Frequency Identification (RFID) Presenter: Dusan Stevanovic April 3, 2007 Introduction RFID are systems that transmit identity (in the form of a unique serial number) of an object or person wirelessly,

More information

Tracking Darkports for Network Defense

Tracking Darkports for Network Defense Tracking Darkports for Network Defense David Whyte Paul C. van Oorschot Evangelos Kranakis School of Computer Science Carleton University, Ottawa, Canada {dlwhyte, paulv, kranakis}@scs.carleton.ca Abstract

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network

More information

Taxonomy of Intrusion Detection System

Taxonomy of Intrusion Detection System Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use

More information

Intrusion Detection Systems

Intrusion Detection Systems Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics

More information

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection

More information

Critical Security Controls

Critical Security Controls Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Denial of Service attacks: analysis and countermeasures. Marek Ostaszewski

Denial of Service attacks: analysis and countermeasures. Marek Ostaszewski Denial of Service attacks: analysis and countermeasures Marek Ostaszewski DoS - Introduction Denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended

More information

E-Guide. Sponsored By:

E-Guide. Sponsored By: E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal

More information

Intrusion Detection System (IDS)

Intrusion Detection System (IDS) Intrusion Detection System (IDS) Characteristics Systems User, Process predictable actions describing process under that actions what pattern subvert actions attack of correspond the systems processes

More information

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...

More information

Detecting BGP hijacks in 2014

Detecting BGP hijacks in 2014 Detecting BGP hijacks in 2014 Guillaume Valadon & Nicolas Vivet Agence nationale de la sécurité des systèmes d information http://www.ssi.gouv.fr/en NSC - November 21th, 2014 ANSSI - Detecting BGP hijacks

More information

Cyber Watch. Written by Peter Buxbaum

Cyber Watch. Written by Peter Buxbaum Cyber Watch Written by Peter Buxbaum Security is a challenge for every agency, said Stanley Tyliszczak, vice president for technology integration at General Dynamics Information Technology. There needs

More information

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order

More information

CSCI 4250/6250 Fall 2015 Computer and Networks Security

CSCI 4250/6250 Fall 2015 Computer and Networks Security CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP

More information

Architecture Overview

Architecture Overview Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and

More information

Addressing SMTP-based Mass-Mailing Activity Within Enterprise Networks.

Addressing SMTP-based Mass-Mailing Activity Within Enterprise Networks. Addressing SMTP-based Mass-Mailing Activity Within Enterprise Networks. David Whyte, Paul van Oorschot and Evangelos Kranakis. 22st Annual Computer Security Applications Conference (ACSAC), December 2006.

More information

NetDefend Firewall UTM Services

NetDefend Firewall UTM Services NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering (WCF) for superior

More information

Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats

Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats 1 of 2 November, 2004 Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats Choose Your Weapon: Fighting the Battle

More information

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved. Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

More information

Introduction Chapter 1. Uses of Computer Networks

Introduction Chapter 1. Uses of Computer Networks Introduction Chapter 1 Uses of Computer Networks Network Hardware Network Software Reference Models Example Networks Network Standardization Metric Units Revised: August 2011 Uses of Computer Networks

More information

NetDefend Firewall UTM Services

NetDefend Firewall UTM Services NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

More information

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey

More information

Name. Description. Rationale

Name. Description. Rationale Complliiance Componentt Description DEEFFI INITION Network-Based Intrusion Detection Systems (NIDS) Network-Based Intrusion Detection Systems (NIDS) detect attacks by capturing and analyzing network traffic.

More information

Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events

Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events Abstract Effective Security Operations throughout both DoD and industry are requiring and consuming unprecedented

More information

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

A Review of Anomaly Detection Techniques in Network Intrusion Detection System A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In

More information

Wharf T&T Limited DDoS Mitigation Service Customer Portal User Guide

Wharf T&T Limited DDoS Mitigation Service Customer Portal User Guide Table of Content I. Note... 1 II. Login... 1 III. Real-time, Daily and Monthly Report... 3 Part A: Real-time Report... 3 Part 1: Traffic Details... 4 Part 2: Protocol Details... 5 Part B: Daily Report...

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, 2006. Developed by: Smart Card Alliance Identity Council

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, 2006. Developed by: Smart Card Alliance Identity Council Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions July, 2006 Developed by: Smart Card Alliance Identity Council Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked

More information

Outline. Outline. Outline

Outline. Outline. Outline Network Forensics: Network Prefix Scott Hand September 30 th, 2011 1 What is network forensics? 2 What areas will we focus on today? Basics Some Techniques What is it? OS fingerprinting aims to gather

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls

More information

Role of Anomaly IDS in Network

Role of Anomaly IDS in Network Role of Anomaly IDS in Network SumathyMurugan 1, Dr.M.Sundara Rajan 2 1 Asst. Prof, Department of Computer Science, Thiruthangal Nadar College, Chennai -51. 2 Asst. Prof, Department of Computer Science,

More information

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda

More information

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University Module II. Internet Security Chapter 7 Intrusion Detection Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 7.1 Threats to Computer System 7.2 Process of Intrusions

More information

Network Security Deployment (NSD)

Network Security Deployment (NSD) Network Security Deployment (NSD) National Cybersecurity Protection System (NCPS) 11 July 2012 What is the NCPS? National Cybersecurity Protection System (NCPS) is the program of record within the Department

More information

Intrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS)

Intrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS) ISCA Journal of Engineering Sciences ISCA J. Engineering Sci. Intrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS) Abstract Tiwari Nitin, Solanki Rajdeep

More information

INTRUSION DETECTION SYSTEMS and Network Security

INTRUSION DETECTION SYSTEMS and Network Security INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS

More information

Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis

Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Keywords: Intelligent Next-Generation Firewall (ingfw), Unknown Threat, Abnormal Parameter, Abnormal Behavior,

More information

Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014

Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014 Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability 7 Jul 2014 1 Purpose This document is intended to provide insight on the types of tools and technologies that

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

9/15: Security problems with TCP/IP

9/15: Security problems with TCP/IP 9/15: Security problems with TCP/IP Scribe: Derek Leung The TCP and IP protocols have been a classic area of focus for network security owing to their ubiquity, age, and importance. Designed at a time

More information

IDS / IPS. James E. Thiel S.W.A.T.

IDS / IPS. James E. Thiel S.W.A.T. IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods

More information

PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ

PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ PAVING THE PATH TO THE ELIMINATION A RSACCESS WHITE PAPER 1 The Traditional Role of DMZ 2 The Challenges of today s DMZ deployments 2.1 Ensuring the Security of Application and Data Located in the DMZ

More information

Networking for Caribbean Development

Networking for Caribbean Development Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n

More information

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy For Public Use G/On Basic Best Practice Reference Guide Version 6 Make Connectivity Easy 2006 Giritech A/S. 1 G/On Basic Best Practices Reference Guide v.6 Table of Contents Scope...3 G/On Server Platform

More information

Application Security Backgrounder

Application Security Backgrounder Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International

More information

Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures

Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures DAVID COLE, DIRECTOR IS AUDITS, U.S. HOUSE OF REPRESENTATIVES Assessment Planning Assessment Execution Assessment

More information

NetDefend Firewall UTM Services

NetDefend Firewall UTM Services Product Highlights Intrusion Prevention System Dectects and prevents known and unknown attacks/ exploits/vulnerabilities, preventing outbreaks and keeping your network safe. Gateway Anti Virus Protection

More information

Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík

Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík {celeda velan jirsik}@ics.muni.cz Part I Introduction P. Čeleda et al. Network Security Monitoring and Behavior

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

Passive Logging. Intrusion Detection System (IDS): Software that automates this process

Passive Logging. Intrusion Detection System (IDS): Software that automates this process Passive Logging Intrusion Detection: Monitor events, analyze for signs of incidents Look for violations or imminent violations of security policies accepted use policies standard security practices Intrusion

More information

WORMS : attacks, defense and models. Presented by: Abhishek Sharma Vijay Erramilli

WORMS : attacks, defense and models. Presented by: Abhishek Sharma Vijay Erramilli WORMS : attacks, defense and models Presented by: Abhishek Sharma Vijay Erramilli What is a computer worm? Is it not the same as a computer virus? A computer worm is a program that selfpropagates across

More information

CHAPTER 1 INTRODUCTION

CHAPTER 1 INTRODUCTION 21 CHAPTER 1 INTRODUCTION 1.1 PREAMBLE Wireless ad-hoc network is an autonomous system of wireless nodes connected by wireless links. Wireless ad-hoc network provides a communication over the shared wireless

More information

HANDBOOK 8 NETWORK SECURITY Version 1.0

HANDBOOK 8 NETWORK SECURITY Version 1.0 Australian Communications-Electronic Security Instruction 33 (ACSI 33) Point of Contact: Customer Services Team Phone: 02 6265 0197 Email: assist@dsd.gov.au HANDBOOK 8 NETWORK SECURITY Version 1.0 Objectives

More information

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security Chapter 12 Network Security Security Policy Life Cycle A method for the development of a comprehensive network security policy is known as the security policy development life cycle (SPDLC). Network Security

More information

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by

More information

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257 Wireless Sensor Network Security Seth A. Hellbusch CMPE 257 Wireless Sensor Networks (WSN) 2 The main characteristics of a WSN include: Power consumption constrains for nodes using batteries or energy

More information

CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION

CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION MATIJA STEVANOVIC PhD Student JENS MYRUP PEDERSEN Associate Professor Department of Electronic Systems Aalborg University,

More information

Modern Denial of Service Protection

Modern Denial of Service Protection Modern Denial of Service Protection What is a Denial of Service Attack? A Denial of Service (DoS) attack is generally defined as a network-based attack that disables one or more resources, such as a network

More information

Performance Evaluation of Intrusion Detection Systems

Performance Evaluation of Intrusion Detection Systems Performance Evaluation of Intrusion Detection Systems Waleed Farag & Sanwar Ali Department of Computer Science at Indiana University of Pennsylvania ABIT 2006 Outline Introduction: Intrusion Detection

More information

Flashback: Internet design goals. Security Part Two: Attacks and Countermeasures. Security Vulnerabilities. Why did they leave it out?

Flashback: Internet design goals. Security Part Two: Attacks and Countermeasures. Security Vulnerabilities. Why did they leave it out? Flashback: Internet design goals Security Part Two: Attacks and Countermeasures 1. Interconnection 2. Failure resilience 3. Multiple types of service 4. Variety of networks 5. Management of resources 6.

More information

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN flooding: attacker

More information

Achieving SOX Compliance with Masergy Security Professional Services

Achieving SOX Compliance with Masergy Security Professional Services Achieving SOX Compliance with Masergy Security Professional Services The Sarbanes-Oxley (SOX) Act, also known as the Public Company Accounting Reform and Investor Protection Act of 2002 (and commonly called

More information

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities

More information

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges

More information

network PRoteCtion and information L G S H a S P e R F o R M e D assurance networks R e D t e a M S e C U R i t Y

network PRoteCtion and information L G S H a S P e R F o R M e D assurance networks R e D t e a M S e C U R i t Y Solving the Federal Government s Toughest Cyber Security Problems NETWORK PROTECTION AND INFORMATION ASSURANCE NETWORKS WITH A RICH HERITAGE OF ACHIEVEMENT AND LEVERAGING THE EXPERTISE AND RESOURCES OF

More information

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques

More information

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals AlienVault Unified Security Management (USM) 5.x Policy Management Fundamentals USM 5.x Policy Management Fundamentals Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,

More information

Intruders and viruses. 8: Network Security 8-1

Intruders and viruses. 8: Network Security 8-1 Intruders and viruses 8: Network Security 8-1 Intrusion Detection Systems Firewalls allow traffic only to legitimate hosts and services Traffic to the legitimate hosts/services can have attacks CodeReds

More information

Observation and Findings

Observation and Findings Chapter 6 Observation and Findings 6.1. Introduction This chapter discuss in detail about observation and findings based on survey performed. This research work is carried out in order to find out network

More information

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013 CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) 01.1 Purpose

More information

Building A Secure Microsoft Exchange Continuity Appliance

Building A Secure Microsoft Exchange Continuity Appliance Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building

More information

Security Issues in RFID systems. By Nikhil Nemade Krishna C Konda

Security Issues in RFID systems. By Nikhil Nemade Krishna C Konda Security Issues in RFID systems By Nikhil Nemade Krishna C Konda Agenda Introduction to an RFID System Possible Application Areas Need for Security Vulnerabilities of an RFID system Security Measures currently

More information

Firewalls. Mahalingam Ramkumar

Firewalls. Mahalingam Ramkumar Firewalls Mahalingam Ramkumar Evolution of Networks Centralized data processing LANs Premises network interconnection of LANs and mainframes Enterprise-wide network interconnection of LANs in a private

More information

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications Draft ITU-T Recommendation X.805 (Formerly X.css), architecture for systems providing end-to-end communications Summary This Recommendation defines the general security-related architectural elements that

More information

Bio-inspired cyber security for your enterprise

Bio-inspired cyber security for your enterprise Bio-inspired cyber security for your enterprise Delivering global protection Perception is a network security service that protects your organisation from threats that existing security solutions can t

More information

Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES

Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES SOX COMPLIANCE Achieving SOX Compliance with Professional Services The Sarbanes-Oxley (SOX)

More information

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router

More information

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems WHITE PAPER FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems Abstract: Denial of Service (DoS) attacks have been a part of the internet landscape for

More information

Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool

Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool Mukta Garg Assistant Professor, Advanced Educational Institutions, Palwal Abstract Today s society

More information

www.pandasecurity.com 100% Malware-Free E-mail: A Guaranteed Approach

www.pandasecurity.com 100% Malware-Free E-mail: A Guaranteed Approach 100% Malware-Free E-mail: A Guaranteed Approach 2 100% Malware-Free E-mail: A Guaranteed Approach Panda Security's Mail Filtering Managed Service Guarantees Clean E-mail Table of Contents Table of Contents...

More information

A Proposed Architecture of Intrusion Detection Systems for Internet Banking

A Proposed Architecture of Intrusion Detection Systems for Internet Banking A Proposed Architecture of Intrusion Detection Systems for Internet Banking A B S T R A C T Pritika Mehra Post Graduate Department of Computer Science, Khalsa College for Women Amritsar, India Mehra_priti@yahoo.com

More information

Security Challenges of the EPCglobal Network

Security Challenges of the EPCglobal Network Security Challenges of the EPCglobal Network Benjamin Fabian and Oliver Günther Humboldt-Universität zu Berlin Institute of Information Systems (bfabian, guenther)@wiwi.hu-berlin.de The Internet of Things,

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall

More information

74% 96 Action Items. Compliance

74% 96 Action Items. Compliance Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated

More information

Building Secure Network Infrastructure For LANs

Building Secure Network Infrastructure For LANs Building Secure Network Infrastructure For LANs Yeung, K., Hau; and Leung, T., Chuen Abstract This paper discusses the building of secure network infrastructure for local area networks. It first gives

More information

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards

More information

Security Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs

Security Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs Security Engineering Part III Network Security Intruders, Malware, Firewalls, and IDSs Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer

More information