Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1. Network Security. Canada France Meeting on Security, Dec 06-08
|
|
- Rosamund Rogers
- 8 years ago
- Views:
Transcription
1 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1 Network Security
2 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 2 Collaboration with Frank Akujobi Michel Barbeau Joaquin Garcia-Alfaro Jyanthi Hall John Lambadaris Paul Vanorschoot Tao Wan David Whyte
3 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 3 Outline The Network is a complex dynamical system whose security requires the interaction of multiple techniques. DNS (Domain Name Server) BGP (Border Gateway Protocol) NEM (Network Exposure Maps) Endpoint-Driven Intrusion Detection RFF (Radio Frequency Fingerprinting) RFID (Radio Frequency ID) Sensor Networks
4 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 4 DNS
5 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 5 Problem Scanning worm propagation can occur extremely fast Recall Slammer infected 90 % of vulnerable Internet hosts in less than 10 mins. Automated countermeasures are required for worm containment and suppression Current worm propagation detection methods are limited by: Speed of detection Inability to detect zero-day worms Inability to detect slow scanning worms High false positive rate
6 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 6 Characteristics Scanning worms can employ a variety of strategies to infect systems Topological scanning Slow scanning Fast scanning So far, all make use of a pseudo random generated 32-bit numbers to determine their targets The use of numeric IP addresses does not require a DNS lookup Violation of typical network behavior (i.e. DNS)
7 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 7 Detection Approach Most legitimate traffic uses the alphanumeric equivalent of an IP address and thus requires a DNS lookup Hosts within a domain use their respective DNS servers for IP translations As the network traffic leaves the network boundary it can easily be determined if a DNS request was involved If no DNS query is detected for a con-attempt it is considered anomalous
8 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 8 BGP
9 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 9 Routing on the Internet
10 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 10 Common BGP Security Goals Data Origin Authentication BGP Speaker Authentication AS Number Authentication Data Integrity (of control messages) Message Truthfulness Prefix Ownership Verification AS-PATH Verification
11 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 11 Proposals for BGP Security Problem: for r := [prefix, AS path] how do we secure the operation S-BGP sobgp psbgp (pretty secure BGP) f(rt t, r) = rt t+1? A Centralized Trust Model for AS# Authentication A Decentralized Trust Model for Prefix Ownership Verification
12 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 12 NEM
13 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 13 Attribution-based Scanning Detection Variety of scanning detection techniques Observing connection failures Abnormal network behavior Connections to darkspace Increased connection attempts Majority of these rely on correlating scanning activity based on the perceived last-hop Focus of detection is who is scanning instead of what is being scanned
14 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 14 Attribution is not practical! Attribution is not practical for an increasing number of sophisticated scanning techniques Focus on attribution overlooks critical components of any observed scanning campaign: What are my adversaries looking for? Has the network behavior changed as a result of being scanned? Exemplar technique: Darkports and Exposure Maps
15 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 15 Exposure Maps and Darkports (Intended Capabilities) Scanning detection Sophisticated and simple Active Response Network awareness allows for fine grained response Network Discovery and Asset Classification Exposure Profiles Network Change Detection Trans-darkports and changes in exposure profile
16 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 16 HEM (Host Exposure Map) Associated with a fixed IP address (host), is the set of ports observed responding to external connection attempts within a predefined period. For each active host i in the network, HEM i is a set of elements each of which begins with the IP address of i, followed by a port number j; there is such an element for each port j that has responded to a connection attempt within a predefined period. In symbols, we can abbreviate this as HEM i = {IP i : port j port j was observed responding}.
17 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 17 Endpoint Driven Intrusion Detection
18 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 18 Intrusion Detection Techniques Signature-based Host anti-virus signature Network traffic profiling Anomaly-based Host anomalous behavior Network traffic anomalies
19 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 19 Requirement for effective detection and containment Verifiable detection of malicious intrusions Collaborative network-based containment Automated rapid response
20 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 20 Proposed detection technique Detector agent (DA) running on detector endpoints (DEs) DEs located in distributed subnets or cells DA responds to anomalous host behavior DA sends alert to gateway router (GR) DA performs real-time recording of intrusion traffic profiles. srcip, dstport, proto More flow characteristics can be recorded with deep packet inspection DA sends traffic profile records to GR
21 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 21 Radio Frequency Fingerprinting (RFF)
22 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 22 Radio Frequency Fingerprint Pioneered by the military to track movement of enemy troops. Designed to capture unique characteristics of the transceiver s radio frequency energy, for identifying cell phones and other devices. Has been implemented, as an authentication mechanism, by cellular carriers (e.g. Bell Nynex), to combat cloning fraud.
23 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 23 Signal from a b Transceiver LUCENT MODEL 404 SIGNAL 20 TRANSIENT 1000 Amplitude Samples Original Signal
24 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 24 RFF Transceiverprints Transceiverprints cannot be easily forged unless the entire circuitry of a transceiver can be replicated. After extracting the transient its instantaneous amplitude, phase and frequency are obtained. Using these components, one or more features are extracted. This set of features represents a fingerprint of the transceiver, or in other words transceiverprint. The transceiverprint is, in turn, classified as belonging to one of the profiled transceivers.
25 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 25 Intrusion Detection Framework (Two Phases) 1. Profiling (a) Transient-, Component-, and Feature-Extractor (b) Profile Definition and Update 2. Classification (a) Identification of Transceivers (b) Validation (Statistical Classifier, Decision Filter)
26 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 26 Transient Detection using Threshold (3Com Model 49) 2.5 3Com Model 49 Signal 5 T/4 samples 2 CHANNEL NOISE TRANSIENT Fractal Dimension m = 1 m = m = 3500 START OF TRANSIENT Samples
27 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 27 Test Case for Threshold Detection 100 3Com Model 49 Signal 5 Amplitude Detection Value ( threshold = 0.030) Start of Transient Fractal Trajectory 3 Fractal Dimension Samples
28 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 28 Radio Frequency Identification (RFID)
29 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa RFIDs to replace Barcodes 29
30 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 30 RFID Tags Radio frequency devices that transmit information (e.g., serial numbers) to compliant readers in a contactless manner Classified in the literature as: Passive: transmission power is derived from reader Active: energy comes from on-board battery Semi-passive: battery to power microchips, but transmission power from reader Electronic Product Code (EPC) tags Main kind of tags spread on todays RFID supply chain applications Passive UHF RFID tags EPCglobal inc: Main organization controlling development
31 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 31 RFID Issues
32 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 32 Open Problems 1. Threats to and by front-end components (i.e., tags and readers) 2. Attacks against the back-end components (i.e., middleware and database systems) 3. Vulnerabilities of the ONS (Object Name Service) discovery service Heritage of well-known threats against DNS protocols 4. Privacy and security concerns during the receiving of information Availability, confidentiality, and integrity limitations Moreover, necessity of a fine grained access control for the interaction of principals
33 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 33 Sensor Networks
34 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 34 Problems Given a layout of sensors produce predictable security parameters in order to protect a given area a given border
Intrusion Detection for Mobile Ad Hoc Networks
Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems
More informationNETWORK SCANNING DETECTION STRATEGIES FOR ENTERPRISE NETWORKS
NETWORK SCANNING DETECTION STRATEGIES FOR ENTERPRISE NETWORKS by David Whyte A thesis submitted to the Faculty of Graduate Studies and Research in partial fulfillment of the requirements for the degree
More informationARP-based Detection of Scanning Worms Within an Enterprise Network
ARP-based Detection of Scanning Worms Within an Enterprise Network David Whyte P.C. van Oorschot Evangelos Kranakis Abstract Rapidly propagating worms are arguably the greatest security threat currently
More informationDNS-based Detection of Scanning Worms in an Enterprise Network
DNS-based Detection of Scanning Worms in an Enterprise Network David Whyte Evangelos Kranakis P.C. van Oorschot School of Computer Science Carleton University Ottawa, Ontario, Canada dlwhyte, kranakis,
More informationEnabling the secure use of RFID
Enabling the secure use of RFID BLACK ME/FOTOLIA.com Enhancing security of radio frequency identification to connect safely to the Internet of Things UHF radio frequency identification (RFID) promises
More informationSecurity Toolsets for ISP Defense
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationIntroduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.
Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection
More informationTracking Darkports for Network Defense
Tracking Darkports for Network Defense David Whyte Paul C. van Oorschot Evangelos Kranakis School of Computer Science Carleton University, Ottawa, Canada {dlwhyte, paulv, kranakis}@scs.carleton.ca Abstract
More informationTaxonomy of Intrusion Detection System
Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationIntrusion Detection System (IDS)
Intrusion Detection System (IDS) Characteristics Systems User, Process predictable actions describing process under that actions what pattern subvert actions attack of correspond the systems processes
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationDenial of Service attacks: analysis and countermeasures. Marek Ostaszewski
Denial of Service attacks: analysis and countermeasures Marek Ostaszewski DoS - Introduction Denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationDetecting BGP hijacks in 2014
Detecting BGP hijacks in 2014 Guillaume Valadon & Nicolas Vivet Agence nationale de la sécurité des systèmes d information http://www.ssi.gouv.fr/en NSC - November 21th, 2014 ANSSI - Detecting BGP hijacks
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationNetwork Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
More informationCSCI 4250/6250 Fall 2015 Computer and Networks Security
CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP
More informationCyber Watch. Written by Peter Buxbaum
Cyber Watch Written by Peter Buxbaum Security is a challenge for every agency, said Stanley Tyliszczak, vice president for technology integration at General Dynamics Information Technology. There needs
More informationNetDefend Firewall UTM Services
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering (WCF) for superior
More informationChoose Your Own - Fighting the Battle Against Zero Day Virus Threats
Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats 1 of 2 November, 2004 Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats Choose Your Weapon: Fighting the Battle
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationIntroduction Chapter 1. Uses of Computer Networks
Introduction Chapter 1 Uses of Computer Networks Network Hardware Network Software Reference Models Example Networks Network Standardization Metric Units Revised: August 2011 Uses of Computer Networks
More informationAddressing SMTP-based Mass-Mailing Activity Within Enterprise Networks.
Addressing SMTP-based Mass-Mailing Activity Within Enterprise Networks. David Whyte, Paul van Oorschot and Evangelos Kranakis. 22st Annual Computer Security Applications Conference (ACSAC), December 2006.
More informationHow To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering
More informationKaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking
Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationName. Description. Rationale
Complliiance Componentt Description DEEFFI INITION Network-Based Intrusion Detection Systems (NIDS) Network-Based Intrusion Detection Systems (NIDS) detect attacks by capturing and analyzing network traffic.
More informationApplying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events
Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events Abstract Effective Security Operations throughout both DoD and industry are requiring and consuming unprecedented
More informationFirewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationWharf T&T Limited DDoS Mitigation Service Customer Portal User Guide
Table of Content I. Note... 1 II. Login... 1 III. Real-time, Daily and Monthly Report... 3 Part A: Real-time Report... 3 Part 1: Traffic Details... 4 Part 2: Protocol Details... 5 Part B: Daily Report...
More informationContactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, 2006. Developed by: Smart Card Alliance Identity Council
Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions July, 2006 Developed by: Smart Card Alliance Identity Council Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationRole of Anomaly IDS in Network
Role of Anomaly IDS in Network SumathyMurugan 1, Dr.M.Sundara Rajan 2 1 Asst. Prof, Department of Computer Science, Thiruthangal Nadar College, Chennai -51. 2 Asst. Prof, Department of Computer Science,
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationModule II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University
Module II. Internet Security Chapter 7 Intrusion Detection Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 7.1 Threats to Computer System 7.2 Process of Intrusions
More informationOutline. Outline. Outline
Network Forensics: Network Prefix Scott Hand September 30 th, 2011 1 What is network forensics? 2 What areas will we focus on today? Basics Some Techniques What is it? OS fingerprinting aims to gather
More informationNetwork Security Deployment (NSD)
Network Security Deployment (NSD) National Cybersecurity Protection System (NCPS) 11 July 2012 What is the NCPS? National Cybersecurity Protection System (NCPS) is the program of record within the Department
More informationIntrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS)
ISCA Journal of Engineering Sciences ISCA J. Engineering Sci. Intrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS) Abstract Tiwari Nitin, Solanki Rajdeep
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationHillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis
Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Keywords: Intelligent Next-Generation Firewall (ingfw), Unknown Threat, Abnormal Parameter, Abnormal Behavior,
More informationDescription of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014
Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability 7 Jul 2014 1 Purpose This document is intended to provide insight on the types of tools and technologies that
More informationG/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy
For Public Use G/On Basic Best Practice Reference Guide Version 6 Make Connectivity Easy 2006 Giritech A/S. 1 G/On Basic Best Practices Reference Guide v.6 Table of Contents Scope...3 G/On Server Platform
More informationIDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
More informationPAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ
PAVING THE PATH TO THE ELIMINATION A RSACCESS WHITE PAPER 1 The Traditional Role of DMZ 2 The Challenges of today s DMZ deployments 2.1 Ensuring the Security of Application and Data Located in the DMZ
More informationHow To Protect A Network From Attack From A Hacker (Hbss)
Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures DAVID COLE, DIRECTOR IS AUDITS, U.S. HOUSE OF REPRESENTATIVES Assessment Planning Assessment Execution Assessment
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationPassive Logging. Intrusion Detection System (IDS): Software that automates this process
Passive Logging Intrusion Detection: Monitor events, analyze for signs of incidents Look for violations or imminent violations of security policies accepted use policies standard security practices Intrusion
More informationApplication Security Backgrounder
Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International
More informationNetwork Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík
Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík {celeda velan jirsik}@ics.muni.cz Part I Introduction P. Čeleda et al. Network Security Monitoring and Behavior
More informationNetDefend Firewall UTM Services
Product Highlights Intrusion Prevention System Dectects and prevents known and unknown attacks/ exploits/vulnerabilities, preventing outbreaks and keeping your network safe. Gateway Anti Virus Protection
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationHANDBOOK 8 NETWORK SECURITY Version 1.0
Australian Communications-Electronic Security Instruction 33 (ACSI 33) Point of Contact: Customer Services Team Phone: 02 6265 0197 Email: assist@dsd.gov.au HANDBOOK 8 NETWORK SECURITY Version 1.0 Objectives
More informationINCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS
WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by
More informationWORMS : attacks, defense and models. Presented by: Abhishek Sharma Vijay Erramilli
WORMS : attacks, defense and models Presented by: Abhishek Sharma Vijay Erramilli What is a computer worm? Is it not the same as a computer virus? A computer worm is a program that selfpropagates across
More informationCHAPTER 1 INTRODUCTION
21 CHAPTER 1 INTRODUCTION 1.1 PREAMBLE Wireless ad-hoc network is an autonomous system of wireless nodes connected by wireless links. Wireless ad-hoc network provides a communication over the shared wireless
More informationModern Denial of Service Protection
Modern Denial of Service Protection What is a Denial of Service Attack? A Denial of Service (DoS) attack is generally defined as a network-based attack that disables one or more resources, such as a network
More informationWireless Sensor Network Security. Seth A. Hellbusch CMPE 257
Wireless Sensor Network Security Seth A. Hellbusch CMPE 257 Wireless Sensor Networks (WSN) 2 The main characteristics of a WSN include: Power consumption constrains for nodes using batteries or energy
More informationFIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others
FIREWALLS FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN flooding: attacker
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationObservation and Findings
Chapter 6 Observation and Findings 6.1. Introduction This chapter discuss in detail about observation and findings based on survey performed. This research work is carried out in order to find out network
More informationCYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION
CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION MATIJA STEVANOVIC PhD Student JENS MYRUP PEDERSEN Associate Professor Department of Electronic Systems Aalborg University,
More informationFlashback: Internet design goals. Security Part Two: Attacks and Countermeasures. Security Vulnerabilities. Why did they leave it out?
Flashback: Internet design goals Security Part Two: Attacks and Countermeasures 1. Interconnection 2. Failure resilience 3. Multiple types of service 4. Variety of networks 5. Management of resources 6.
More informationChapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security
Chapter 12 Network Security Security Policy Life Cycle A method for the development of a comprehensive network security policy is known as the security policy development life cycle (SPDLC). Network Security
More informationAchieving SOX Compliance with Masergy Security Professional Services
Achieving SOX Compliance with Masergy Security Professional Services The Sarbanes-Oxley (SOX) Act, also known as the Public Company Accounting Reform and Investor Protection Act of 2002 (and commonly called
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationThreat Center. Real-time multi-level threat detection, analysis, and automated remediation
Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities
More informationPerformance Evaluation of Intrusion Detection Systems
Performance Evaluation of Intrusion Detection Systems Waleed Farag & Sanwar Ali Department of Computer Science at Indiana University of Pennsylvania ABIT 2006 Outline Introduction: Intrusion Detection
More informationAlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals
AlienVault Unified Security Management (USM) 5.x Policy Management Fundamentals USM 5.x Policy Management Fundamentals Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationIntruders and viruses. 8: Network Security 8-1
Intruders and viruses 8: Network Security 8-1 Intrusion Detection Systems Firewalls allow traffic only to legitimate hosts and services Traffic to the legitimate hosts/services can have attacks CodeReds
More informationnetwork PRoteCtion and information L G S H a S P e R F o R M e D assurance networks R e D t e a M S e C U R i t Y
Solving the Federal Government s Toughest Cyber Security Problems NETWORK PROTECTION AND INFORMATION ASSURANCE NETWORKS WITH A RICH HERITAGE OF ACHIEVEMENT AND LEVERAGING THE EXPERTISE AND RESOURCES OF
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationFirewalls. Mahalingam Ramkumar
Firewalls Mahalingam Ramkumar Evolution of Networks Centralized data processing LANs Premises network interconnection of LANs and mainframes Enterprise-wide network interconnection of LANs in a private
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationRule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)
Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) 01.1 Purpose
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationASSET TRACKING USING RFID SRAVANI.P(07241A12A7) DEEPTHI.B(07241A1262) SRUTHI.B(07241A12A3)
ASSET TRACKING USING RFID BY SRAVANI.P(07241A12A7) DEEPTHI.B(07241A1262) SRUTHI.B(07241A12A3) OBJECTIVE Our main objective is to acquire an asset tracking system. This keeps track of all the assets you
More informationDraft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications
Draft ITU-T Recommendation X.805 (Formerly X.css), architecture for systems providing end-to-end communications Summary This Recommendation defines the general security-related architectural elements that
More informationSecurity Issues in RFID systems. By Nikhil Nemade Krishna C Konda
Security Issues in RFID systems By Nikhil Nemade Krishna C Konda Agenda Introduction to an RFID System Possible Application Areas Need for Security Vulnerabilities of an RFID system Security Measures currently
More informationWHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems
WHITE PAPER FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems Abstract: Denial of Service (DoS) attacks have been a part of the internet landscape for
More informationSoftware Engineering 4C03 Class Project. Computer Networks and Computer Security COMBATING HACKERS
Software Engineering 4C03 Class Project Computer Networks and Computer Security COMBATING HACKERS Done By: Ratinder Ricky Gill Student Number: 0048973 E-Mail: gillrr@mcmaster.ca Due: Tuesday April 5, 2005
More informationwww.pandasecurity.com 100% Malware-Free E-mail: A Guaranteed Approach
100% Malware-Free E-mail: A Guaranteed Approach 2 100% Malware-Free E-mail: A Guaranteed Approach Panda Security's Mail Filtering Managed Service Guarantees Clean E-mail Table of Contents Table of Contents...
More informationA Proposed Architecture of Intrusion Detection Systems for Internet Banking
A Proposed Architecture of Intrusion Detection Systems for Internet Banking A B S T R A C T Pritika Mehra Post Graduate Department of Computer Science, Khalsa College for Women Amritsar, India Mehra_priti@yahoo.com
More informationBio-inspired cyber security for your enterprise
Bio-inspired cyber security for your enterprise Delivering global protection Perception is a network security service that protects your organisation from threats that existing security solutions can t
More informationUnified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES
Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES SOX COMPLIANCE Achieving SOX Compliance with Professional Services The Sarbanes-Oxley (SOX)
More informationIntrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool
Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool Mukta Garg Assistant Professor, Advanced Educational Institutions, Palwal Abstract Today s society
More informationJK0 015 CompTIA E2C Security+ (2008 Edition) Exam
JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router
More informationSecurity Challenges of the EPCglobal Network
Security Challenges of the EPCglobal Network Benjamin Fabian and Oliver Günther Humboldt-Universität zu Berlin Institute of Information Systems (bfabian, guenther)@wiwi.hu-berlin.de The Internet of Things,
More informationBuilding Secure Network Infrastructure For LANs
Building Secure Network Infrastructure For LANs Yeung, K., Hau; and Leung, T., Chuen Abstract This paper discusses the building of secure network infrastructure for local area networks. It first gives
More informationIndustrial Track and Trace: Choosing the Technology that Measures Up to Your Application Demands A WHITE PAPER
Industrial Track and Trace: Choosing the Technology that Measures Up to Your Application Demands A WHITE PAPER Published 10/29/2012 I ndustries are facing fierce market competition, making more data about
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More information