Host-based Intrusion Prevention on Windows and UNIX. Dr. Rich Murphey White Oak Labs
|
|
- Camilla Lang
- 8 years ago
- Views:
Transcription
1 Host-based Intrusion Prevention on Windows and UNIX Dr. Rich Murphey White Oak Labs
2 Acknowledgements Niels Provos OpenBSD s systrace DT suggested this thread last year Greg Hoglund insights md5 at da ghettohackers reviews 2 DEFCON XI 8/3/2003
3 What is Intrusion Prevention? To a netsec person it looks like a firewall. Messages Rules Messages (Packets) 3 DEFCON XI 8/3/2003
4 What is Intrusion Prevention? To a AV person it looks like an AV. Messages Signatures Messages (File IO) 4 DEFCON XI 8/3/2003
5 What is Intrusion Prevention? Network-based Packets Signatures Host-based API() Signatures 5 DEFCON XI 8/3/2003
6 What is Intrusion Prevention? Packets Signatures Consider personal firewalls that combine host and network based filtering. Socket() Signatures 6 DEFCON XI 8/3/2003
7 How is IP different? Rather than rules, it uses signatures. But these aren t the same signatures you might run in an Intrusion Detection Systems (IDS) Signatures as access controls. API() Signatures 7 DEFCON XI 8/3/2003
8 How is it different? Consider SNORT/Hogwash.. Signature-based Firewall Packets Signatures IDS vendors call this Gateway IDS 8 DEFCON XI 8/3/2003
9 What is Intrusion Prevention? It's complementary to AV & Firewall API() Signatures Filters messages between applications and the kernel. Uses signatures to recognize payload behavior or injection mechanisms. 9 DEFCON XI 8/3/2003
10 Why the heck should we care? Encryption, fragmentation and reencoding, can prevent application layer filtering on the wire. Data resides in the clear in the application layer. So do exploits. 10 DEFCON XI 8/3/2003
11 Why the heck should we care? Visibility into the application layer provides capability for better contextual discrimination. = Stops certain kinds of exploits. 11 DEFCON XI 8/3/2003
12 So, why do we need another tool? Network security App level Firewalls Attack through services/daemons. crunchy on the outside? Application state is complex. State of memory, disk, clients 12 DEFCON XI 8/3/2003
13 IP Signatures For signatures that: Are application state specific Are system state specific Use contextual clues Block from the inside 13 DEFCON XI 8/3/2003
14 Well, OK, so how does it work? Consider architectural layers in the OS. Let s take a look at: Layers in Windows architecture Layers in UNIX 14 DEFCON XI 8/3/2003
15 Win2K System Architecture Win32 App Win32 Subsystem OS/2 App OS/2 Subsystem Ntdll.dll Posix App Posix Subsystem IO File Systems Security Reference Monitor Device Drivers Executive Services Interface IPC Virtual Object Hardware Process Micro Kernel GDI Window Hardware Abstraction Layer (HAL) Window Graphics Device Drivers 15 DEFCON XI 8/3/2003
16 Win2K System Architecture Win32 App Win32 Subsystem IO Mgr. File Sys. Security Ref. Monitor Device Drivers OS/2 App OS/2 Subsystem Executive Services Interface IPC Mgr. Ntdll.dll Virtual Process Mgr. Mgr. Object Hardware Micro Kernel GDI Window Mgr. Hardware Abstraction Layer Posix App Posix Subsystem Window Mgr. Graphics Device Drivers Two distinct user-land layers: Binary compatible app layer OS specific, native layer Three distinct kernel layers: Executive services Object Hardware Abstration Layer 16 DEFCON XI 8/3/2003
17 Linux System Architecture Win32 App Mac App Games Linux App Wine or Win4Lin Basilisk MAME Libc.so System call interface Scheduler Process Virtual Allocator VFS Interface Character Devices File Systems Block Devices Socket Network Protocols Network Drivers Hardware 17 DEFCON XI 8/3/2003
18 Linux System Architecture One common abstraction layer for kernel. One common abstraction layer for user-land. Is fewer layers bad? Linux App Scheduler Process Win32 App Wine or Win4Lin Virtual Allocator Libc.so Mac App Basilisk System call interface VFS Interface Character Devices Hardware File Systems Block Devices Games MAME Socket Network Protocols Network Drivers 18 DEFCON XI 8/3/2003
19 Linux System Architecture Each layer provides context info. Linux App Win32 App Wine or Win4Lin Libc.so Mac App Basilisk Games MAME What can that information provide? Given this information, what can we distinguish? How is this different than other forms of filtering? Scheduler Process Virtual Allocator System call interface VFS Interface Character Devices Hardware File Systems Block Devices Socket Network Protocols Network Drivers 19 DEFCON XI 8/3/2003
20 Architecture Comparison Win32 App Win32 Subsystem OS/2 App OS/2 Subsystem Posix App Posix Subsystem Linux App Win32 App Wine or Win4Lin Mac App Basilisk Games MAME Ntdll.dll Libc.so Executive Services Interface System call interface IO Mgr. File Sys. Security Ref. Monitor Device Drivers IPC Mgr. Virtual Process Mgr. Mgr. Object Micro Kernel GDI Window Mgr. Hardware Abstraction Layer Window Mgr. Graphics Device Drivers Scheduler Process Virtual Allocator VFS Interface Character Devices File Systems Block Devices Socket Network Protocols Network Drivers Hardware Hardware 20 DEFCON XI 8/3/2003
21 Linux System Architecture Even considering the app. as a black box we can observe at multiple layers: Linux App Win32 App Wine or Win4Lin Libc.so Mac App Basilisk System call interface Games MAME API calls System calls Instruction level Scheduler Process Virtual Allocator VFS Interface Character Devices Hardware File Systems Block Devices Socket Network Protocols Network Drivers 21 DEFCON XI 8/3/2003
22 Linux System Architecture Win32 App Mac App Games Exploits: focus on escaping IDS often cause exceptional behavior. Rather than fix IDS, let s take an entirely different approach. Linux App Scheduler Process Wine or Win4Lin Virtual Allocator Libc.so Basilisk System call interface VFS Interface Character Devices Hardware File Systems Block Devices MAME Socket Network Protocols Network Drivers 22 DEFCON XI 8/3/2003
23 Linux System Architecture Win32 App Mac App Games Because it acts at these layers it is independent of: Method of transport Method of injection. It is specific to: App state or behavior Payload behavior Linux App Scheduler Process Wine or Win4Lin Virtual Allocator Libc.so Basilisk System call interface VFS Interface Character Devices Hardware File Systems Block Devices MAME Socket Network Protocols Network Drivers 23 DEFCON XI 8/3/2003
24 Examples Yes, let's consider a specific payload (and exploit for that matter) on FreeBSD. How does it get in and how do we distinguish it's behavior. Why is this important DEFCON XI 8/3/2003
25 Demo of IP on FreeBSD Background of exploit: release date, authors, impact, subsequent variations. firewall coverage anti-virus coverage IDS and AV coverage 25 DEFCON XI 8/3/2003
26 Demo of successful exploit 26 DEFCON XI 8/3/2003
27 Review of injection and payload Code excerpts: Vulnerability Injection Payload 27 DEFCON XI 8/3/2003
28 How can we prevent it? Unique aspects of payload? How we can recognize it.. Unique aspects of injection? How we can recognize it.. 28 DEFCON XI 8/3/2003
29 Demo of blocked exploit 29 DEFCON XI 8/3/2003
30 Review of contextual information network identity user identity application state authentication workflow orthogonally to other methods 30 DEFCON XI 8/3/2003
31 What s the state of the industry? Leading products in the market? What differentiates them? How do the integrate with others? Success stories? 31 DEFCON XI 8/3/2003
32 The End Updated slides and tools will be available at: I can be contacted at: Rich@Murphey.org 32 DEFCON XI 8/3/2003
CS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationNetwork Security Market in India CY 2014
Network Security Market in India CY 2014 Advanced, Sophisticated, and Targeted Attacks Lead to High Adoption of Network Security Solutions July 2015 Contents Section Slide Number Executive Summary 3 Market
More informationReactOS is (not) Windows. Windows internals and why ReactOS couldn t just use a Linux kernel
ReactOS is (not) Windows Windows internals and why ReactOS couldn t just use a Linux kernel ReactOS is (not) Windows ReactOS is Windows Runs Windows applications Runs Windows drivers Looks like Windows
More informationHow To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering
More informationHow To Write A Windows Operating System (Windows) (For Linux) (Windows 2) (Programming) (Operating System) (Permanent) (Powerbook) (Unix) (Amd64) (Win2) (X
(Advanced Topics in) Operating Systems Winter Term 2009 / 2010 Jun.-Prof. Dr.-Ing. André Brinkmann brinkman@upb.de Universität Paderborn PC 1 Overview Overview of chapter 3: Case Studies 3.1 Windows Architecture.....3
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 9 Firewalls and Intrusion Prevention Systems First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Firewalls and Intrusion
More informationSecurity and Billing for Azure Pack. Presented by 5nine Software and Cloud Cruiser
Security and Billing for Azure Pack Presented by 5nine Software and Cloud Cruiser Meet our Speakers Symon Perriman VP of Business Development 5nine Software symon@5nine.com @SymonPerriman Paul Zinn Senior
More informationAgenda. Understanding of Firewall s definition and Categorization. Understanding of Firewall s Deployment Architectures
Firewall Agenda Unit 1 Understanding of Firewall s definition and Categorization Unit 2 Understanding of Firewall s Deployment Architectures Unit 3 Three Representative Firewall Deployment Examples in
More informationAn overwhelming majority of IaaS clouds leverage virtualization for their foundation.
1 2 3 An overwhelming majority of IaaS clouds leverage virtualization for their foundation. 4 With the use of virtualization comes the use of a hypervisor. Normally, the hypervisor simply provisions resources
More informationDeep Discovery. Technical details
Deep Discovery Technical details Deep Discovery Technologies DETECT Entry point Lateral Movement Exfiltration 360 Approach Network Monitoring Content Inspection Document Emulation Payload Download Behavior
More informationHow To Protect Your Firewall From Attack From A Malicious Computer Or Network Device
Ch.9 Firewalls and Intrusion Prevention Systems Firewalls: effective means of protecting LANs Internet connectivity is essential for every organization and individuals introduces threats from the Internet
More informationRed Hat Linux Internals
Red Hat Linux Internals Learn how the Linux kernel functions and start developing modules. Red Hat Linux internals teaches you all the fundamental requirements necessary to understand and start developing
More informationDevising a Server Protection Strategy with Trend Micro
Devising a Server Protection Strategy with Trend Micro A Trend Micro White Paper Trend Micro, Incorporated» A detailed account of why Gartner recognizes Trend Micro as a leader in Virtualization and Cloud
More informationAutomating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com
Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Intrusion Detection System 1 Intrusion Definitions A set of actions aimed to compromise the security
More informationDevising a Server Protection Strategy with Trend Micro
Devising a Server Protection Strategy with Trend Micro A Trend Micro White Paper» Trend Micro s portfolio of solutions meets and exceeds Gartner s recommendations on how to devise a server protection strategy.
More informationNext-Generation Firewalls: Critical to SMB Network Security
Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationWindows NT. Chapter 11 Case Study 2: Windows 2000. Windows 2000 (2) Windows 2000 (1) Different versions of Windows 2000
Chapter 11 Case Study 2: Windows 2000 11.1 History of windows 2000 11.2 Programming windows 2000 11.3 System structure 11.4 Processes and threads in windows 2000 11.5 Memory management 11.6 Input/output
More informationNetDefend Firewall UTM Services
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering (WCF) for superior
More informationTABLE OF CONTENTS NETWORK SECURITY 2...1
Network Security 2 This document is the exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors
More informationComputer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 6, Nov. 10, 2010 Firewalls, Intrusion Prevention, Intrusion Detection
More informationConfiguring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA
Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline
More informationHONE: Correlating Host activities to Network communications to produce insight
HONE: Correlating Host activities to Network communications to produce insight GLENN A. FINK, PH.D. Senior Scientist, Secure Cyber Systems SEAN STORY, PMP Project Manager, Software Engineering & Architectures
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationCustomized Data Exchange Gateway (DEG) for Automated File Exchange across Networks
Customized Data Exchange Gateway (DEG) for Automated File Exchange across Networks *Abhishek Vora B. Lakshmi C.V. Srinivas National Remote Sensing Center (NRSC), Indian Space Research Organization (ISRO),
More informationChapter 11 Cloud Application Development
Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationELEN 689: Topics in Network Security: Firewalls. Ellen Mitchell Computing and Information Services 20 April 2006
ELEN 689: Topics in Network Security: Firewalls Ellen Mitchell Computing and Information Services 20 April 2006 Firewall Historically: a wall constructed to prevent the spread of fire Firewall Function
More informationNETWORK SECURITY HACKS *
NETWORK SECURITY HACKS * Andrew %pckhart Ji O'REILLY* Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo Contents Credits Preface ix xi Chapter 1. Unix Host Security 1 1. Secure Mount Points
More informationOperating System Components and Services
Operating System Components and Services Tom Kelliher, CS 311 Feb. 6, 2012 Announcements: From last time: 1. System architecture issues. 2. I/O programming. 3. Memory hierarchy. 4. Hardware protection.
More informationFirewall Testing Methodology W H I T E P A P E R
Firewall ing W H I T E P A P E R Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness
More informationNetDefend Firewall UTM Services
Product Highlights Intrusion Prevention System Dectects and prevents known and unknown attacks/ exploits/vulnerabilities, preventing outbreaks and keeping your network safe. Gateway Anti Virus Protection
More informationGoals. Understanding security testing
Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3
More informationIs the Scanning of Computer Networks Dangerous?
Baltic DB & IS 2008 Tallinn University of Technology Is the Scanning of Computer Networks Dangerous? 5.06.2008 The talk is about... The need of network scanning, its main principles and related problems
More informationNETWORK SECURITY HACKS
SECOND EDITION NETWORK SECURITY HACKS 2008 AGI-Information Management Consultants May be used for personal purporses only or by libraries associated to dandelon.com network. Andrew Lockhart O'REILLY Beijing
More informationInformation Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100
Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Course Description: Introduction to Cybersecurity is designed to provide students the basic concepts and terminology
More informationBM482E Introduction to Computer Security
BM482E Introduction to Computer Security Lecture 7 Database and Operating System Security Mehmet Demirci 1 Summary of Lecture 6 User Authentication Passwords Password storage Password selection Token-based
More informationOPERATING SYSTEMS STRUCTURES
S Jerry Breecher 2: OS Structures 1 Structures What Is In This Chapter? System Components System Calls How Components Fit Together Virtual Machine 2: OS Structures 2 SYSTEM COMPONENTS These are the pieces
More informationCrossOver Compared to Competing Emulation Solutions
CrossOver Compared to Competing Emulation Solutions CrossOver Compared to Competing Emulation Solutions Every Windows compatibility solution has pros and cons. Overview: Whether you re running a Linux
More informationCS222: Systems Programming
CS222: Systems Programming The Basics January 24, 2008 A Designated Center of Academic Excellence in Information Assurance Education by the National Security Agency Agenda Operating System Essentials Windows
More informationLinux Kernel Architecture
Linux Kernel Architecture Amir Hossein Payberah payberah@yahoo.com Contents What is Kernel? Kernel Architecture Overview User Space Kernel Space Kernel Functional Overview File System Process Management
More informationEugene Tsyrklevich. Ozone HIPS: Unbreakable Windows
Eugene Tsyrklevich Eugene Tsyrklevich has an extensive security background ranging from designing and implementing Host Intrusion Prevention Systems to training people in research, corporate, and military
More informationIntroduction to Endpoint Security
Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user
More informationSecure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationSecurity. TestOut Modules 12.6 12.10
Security TestOut Modules 12.6 12.10 Authentication Authentication is the process of submitting and checking credentials to validate or prove user identity. 1. Username 2. Credentials Password Smart card
More informationApple Share IP and the Mac OS X Model
FAQ Q. What is? A. is Apple s next-generation server platform, combining the strengths of AppleShare IP with the power and innovation of Mac OS X. It simplifies network administration by integrating services
More informationAttackers are reusing attacks (because they work)
The Problem Attackers are reusing attacks (because they work) Defenders are collecting and/or sharing information, but Often a manual process (copy-paste from a PDF) Different sources provide different
More informationOperating System Structure
Operating System Structure Lecture 3 Disclaimer: some slides are adopted from the book authors slides with permission Recap Computer architecture CPU, memory, disk, I/O devices Memory hierarchy Architectural
More informationHost Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)
Host Hardening (March 21, 2011) Abdou Illia Spring 2011 CERT Report on systems vulnerabilities Source: CERT Report @ http://www.kb.cert.org/vuls/bymetric 2 OS Vulnerability test Source: http://www.omninerd.com/articles/2006_operating_system_vulnerabilit
More informationVIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS
VIEWABILL Cloud Security and Operational Architecture featuring RUBY ON RAILS VAB_CloudSecurity V1 : May 2014 Overview The Viewabill.com cloud is a highly-secure, scalable and redundant solution that enables
More informationHost/Platform Security. Module 11
Host/Platform Security Module 11 Why is Host/Platform Security Necessary? Firewalls are not enough All access paths to host may not be firewall protected Permitted traffic may be malicious Outbound traffic
More informationOPERATING SYSTEM SERVICES
OPERATING SYSTEM SERVICES USER INTERFACE Command line interface(cli):uses text commands and a method for entering them Batch interface(bi):commands and directives to control those commands are entered
More informationIntrusion Defense Firewall
Intrusion Defense Firewall Available as a Plug-In for OfficeScan 8 Network-Level HIPS at the Endpoint A Trend Micro White Paper October 2008 I. EXECUTIVE SUMMARY Mobile computers that connect directly
More informationELEC 377. Operating Systems. Week 1 Class 3
Operating Systems Week 1 Class 3 Last Class! Computer System Structure, Controllers! Interrupts & Traps! I/O structure and device queues.! Storage Structure & Caching! Hardware Protection! Dual Mode Operation
More informationHost-based Intrusion Prevention System (HIPS)
Host-based Intrusion Prevention System (HIPS) White Paper Document Version ( esnhips 14.0.0.1) Creation Date: 6 th Feb, 2013 Host-based Intrusion Prevention System (HIPS) Few years back, it was relatively
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationHow to scan/exploit a ssl based webserver. by xxradar. http://www.radarhack.com mailto:xxradar@radarhack.com. Version 1.
How to scan/exploit a ssl based webserver. by xxradar. http://www.radarhack.com mailto:xxradar@radarhack.com. Version 1.0 21-09-2003 1. Introduction Sometimes late at night, playing with openssl and connecting
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationWhat to Look for When Evaluating Next-Generation Firewalls
What to Look for When Evaluating Next-Generation Firewalls Using independent tests to compare performance, cost and functionality Table of Contents Why Use Independent Tests in Evaluations?... 3 What to
More informationTuning U2 Databases on Windows. Nik Kesic, Lead Technical Support
Tuning U2 Databases on Windows Nik Kesic, Lead Technical Support Nik Kesic s Bio Joined unidata in 1995 ATS (Advanced Technical Support), U2 Common Clients and DB tools College degree in Telecommunications
More informationJK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates
More informationStorm Worm & Botnet Analysis
Storm Worm & Botnet Analysis Jun Zhang Security Researcher, Websense Security Labs June 2008 Introduction This month, we caught a new Worm/Trojan sample on ours labs. This worm uses email and various phishing
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationIntrusion Detection System Based Network Using SNORT Signatures And WINPCAP
Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Aakanksha Vijay M.tech, Department of Computer Science Suresh Gyan Vihar University Jaipur, India Mrs Savita Shiwani Head Of
More informationDetecting Malware With Memory Forensics. Hal Pomeranz SANS Institute
Detecting Malware With Memory Forensics Hal Pomeranz SANS Institute Why Memory Forensics? Everything in the OS traverses RAM Processes and threads Malware (including rootkit technologies) Network sockets,
More informationEmerging Trends in the Network Security Market in India, CY 2013
Emerging Trends in the Network Security Market in India, CY 2013 Advanced Threat Landscape will Give Rise to Increased Network Security Spending 9AC3-74 July 2014 Contents Section Slide Numbers Executive
More informationCS 377: Operating Systems. Outline. A review of what you ve learned, and how it applies to a real operating system. Lecture 25 - Linux Case Study
CS 377: Operating Systems Lecture 25 - Linux Case Study Guest Lecturer: Tim Wood Outline Linux History Design Principles System Overview Process Scheduling Memory Management File Systems A review of what
More informationVirtualization for Security
Virtualization for Security t j Including Sandboxing, Disaster Recovery, High Availability, Forensic Analysis, and Honeypotting John Hoopes Technical Editor Aaron Bawcom Paul Kenealy Wesley J. Noonan Craig
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationKernel Types System Calls. Operating Systems. Autumn 2013 CS4023
Operating Systems Autumn 2013 Outline 1 2 Types of 2.4, SGG The OS Kernel The kernel is the central component of an OS It has complete control over everything that occurs in the system Kernel overview
More informationLSKA 2010 Survey Report I Device Drivers & Cloud Computing
LSKA 2010 Survey Report I Device Drivers & Cloud Computing Yu Huang and Hao-Chung Yang {r98922015, r98944016}@csie.ntu.edu.tw Department of Computer Science and Information Engineering March 31, 2010 Abstract
More informationComputer Security DD2395
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasak12/ Fall 2012 Sonja Buchegger buc@kth.se Lecture 9 Firewalls (maybe start on Multilevel Security) DD2395 Sonja Buchegger
More informationIntroduction to the NI Real-Time Hypervisor
Introduction to the NI Real-Time Hypervisor 1 Agenda 1) NI Real-Time Hypervisor overview 2) Basics of virtualization technology 3) Configuring and using Real-Time Hypervisor systems 4) Performance and
More informationChapter 10 Case Study 1: LINUX
MODERN OPERATING SYSTEMS Third Edition ANDREW S. TANENBAUM Chapter 10 Case Study 1: LINUX History of UNIX and Linux UNICS PDP-11 UNIX Portable UNIX Berkeley UNIX Standard UNIX MINIX Linux UNIX/Linux Goals
More informationWindows Filtering Platform, engine for local security
ICT Innovations 2010 Web Proceedings ISSN 1857-7288 387 Windows Filtering Platform, engine for local security Zoran Spasov, Ana Madevska Bogdanova 1 1 Faculty for Natural Sciences and Mathematics, Institute
More informationDisclaimer: The contents in this document are only my personal opinions, do not reflect the opinions of my employer or anyone else.
Disclaimer: The contents in this document are only my personal opinions, do not reflect the opinions of my employer or anyone else. Android overview From a system design perspective Xiao-Feng Li xiaofeng.li@gmail.com
More informationQuestion Name C 1.1 Do all users and administrators have a unique ID and password? Yes
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
More information70-646 R3: Windows Server 2008 Administration. Course Overview. Course Outline. Course Length: 4 Day
70-646 R3: Windows Server 2008 Administration Course Length: 4 Day Course Overview This course will prepare the student for Exam 70-646: Pro: Windows Server 2008, Server Administrator. Topics covered include
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationAttacking Host Intrusion Prevention Systems. Eugene Tsyrklevich eugene@securityarchitects.com
Attacking Host Intrusion Prevention Systems Eugene Tsyrklevich eugene@securityarchitects.com Agenda Introduction to HIPS Buffer Overflow Protection Operating System Protection Conclusions Demonstration
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationTable of Contents. Page 1 of 6 (Last updated 30 July 2015)
Table of Contents What is Connect?... 2 Physical Access Controls... 2 User Access Controls... 3 Systems Architecture... 4 Application Development... 5 Business Continuity Management... 5 Other Operational
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationFirewall and UTM Solutions Guide
Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: info@lsasystems.com Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers
More informationCS420: Operating Systems OS Services & System Calls
NK YORK COLLEGE OF PENNSYLVANIA HG OK 2 YORK COLLEGE OF PENNSYLVAN OS Services & System Calls James Moscola Department of Physical Sciences York College of Pennsylvania Based on Operating System Concepts,
More informationCore Syllabus. Version 2.6 C OPERATE KNOWLEDGE AREA: OPERATION AND SUPPORT OF INFORMATION SYSTEMS. June 2006
Core Syllabus C OPERATE KNOWLEDGE AREA: OPERATION AND SUPPORT OF INFORMATION SYSTEMS Version 2.6 June 2006 EUCIP CORE Version 2.6 Syllabus. The following is the Syllabus for EUCIP CORE Version 2.6, which
More informationAnalysis of advanced issues in mobile security in android operating system
Available online atwww.scholarsresearchlibrary.com Archives of Applied Science Research, 2015, 7 (2):34-38 (http://scholarsresearchlibrary.com/archive.html) ISSN 0975-508X CODEN (USA) AASRC9 Analysis of
More informationCorporate VPN Using Mikrotik Cloud Feature. By SOUMIL GUPTA BHAYA Mikortik Certified Trainer
Corporate VPN Using Mikrotik Cloud Feature By SOUMIL GUPTA BHAYA Mikortik Certified Trainer What is a VPN? A virtual private network (VPN) is a method for the extension of a private network across a public
More informationApplications erode the secure network How can malware be stopped?
Vulnerabilities will continue to persist Vulnerabilities in the software everyone uses everyday Private Cloud Security It s Human Nature Programmers make mistakes Malware exploits mistakes Joe Gast Recent
More informationCybersecurity: An Innovative Approach to Advanced Persistent Threats
Cybersecurity: An Innovative Approach to Advanced Persistent Threats SESSION ID: AST1-R01 Brent Conran Chief Security Officer McAfee This is who I am 2 This is what I do 3 Student B The Hack Pack I used
More informationTopic 5a Operating System Fundamentals
Topic 5a Operating System Fundamentals What is an operating system? a computer is comprised of various types of software device drivers (storage, I/O, etc.) process and control software memory management
More information