Radware s Behavioral Server Cracking Protection
|
|
- Helena Greene
- 8 years ago
- Views:
Transcription
1 Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October
2 Page Table of Contents Abstract...3 Information Gathering...4 Scanners & Crackers...4 Scanner and Cracker Tools...4 Radware DefensePro...7 Server Cracking Protections...7 Behavioral Server Cracking Technology...8 Summary...10
3 Page Abstract The rapid development of Internet applications has brought with it new challenges. The world is in constant pursuit of innovative technologies that will replace manual processes with automated ones. This migration from manual to automated processes often introduces vulnerabilities that can be exploited by hackers and cybercriminals. The goal of these bad guys is to leverage these automatic processes to facilitate widespread attacks. Over time, hackers have developed attack tools that integrate well with legitimate forms of communication. This means that it is becoming increasingly difficult to detect and prevent network attacks. Recent attacks have exploited legitimate internet applications in order to generate hostile events. These sophisticated attacks try to take cover amid the jungle that is the new, complex Internet environment. In practice, there are several methodologies for penetrating and attacking computer networks. However, all of these methodologies generally employ the following three phases of operation: intelligence, attack planning, and attack execution, which can be explained as follows: 1. Intelligence (Information Gathering) A typical intrusion into computer networks involves pre-attack probe scanning activities, which help the attacker gain valuable knowledge about the target networks. Knowledge about which application software and versions are deployed and what level of security patches have been installed, help expose infrastructure and system vulnerabilities. Scanning methods have become more complex over the past few years. Current techniques are capable of continuously changing their scanning rate and sending decoy information during the scan - thereby making these techniques hard to detect. 2. Attack Planning Using the knowledge gained during the intelligence phase, a cyber-assailant can decide which attack type will be most effective in harming the target network. The objective is to plan an attack that can be executed in the most effective and efficient manner, i.e., execution is aimed directly at the vulnerable network resource (router, server, application, etc.) without performing unnecessary operations. Unnecessary operations can arouse suspicion that lowers the success rate of the attack. 3. Attack Execution Most network and application attacks can be executed using readily-available attack tools. These tools can be downloaded easily over the Internet. With rudimentary programming skills, these tools can be easily modified to perpetrate the pre-meditated attack. This paper describes the methods that were developed over that last few years in order to perform the first attack operation phase information gathering activity. It specifies the threat that this operation imposes, the challenge in detecting it, and the technology used by Radware s Intrusion Prevention System, the DefensePro, in order to detect and mitigate the threat.
4 Page Information Gathering Scanners & Crackers Scanners and Crackers are the main tools used for automation of security testing. In the hands of security experts they are used to speed up security audit processes that are usually done by the organization s security manager. In case of lack of expert security resources inside the organization or for regulatory reasons, the automation of the security test is done by a 3 rd party security audit company. These Scanners and Crackers tools are used to generate network-based pre-attack probes such as ping sweeps or port scans, or are used to perform application pre-attack probes such as user/password cracking and application vulnerability scans - all are done automatically rather than manual audit that can take months to conduct. While most of these tools were developed with good intention, individuals with malicious intent can also take advantage of such legitimate tools in order to quickly and efficiently find vulnerabilities in target systems and use these in order to attack the network. Moreover, worms usually propagate via automated scanning and infection processes, imitating (or simply copying) the technology used in scanners and crackers in order to identify potentially vulnerable hosts that they can automatically infect. Therefore, being able to block such tools becomes mandatory as it would eliminate most large-scale hacking attempts, block worms and considerably slow down targeted cracking operations. Scanner and Cracker Tools There are many tools used to automate security tests. To simplify the description of these tools we can map them into two main categories: Network layer and application layer tools. This paper focuses on the more challenging task of detecting and preventing scanners and crackers which fall into the application layer tools 1 category. We can recognize two main categories of threats that the application layer tools fit into: Cracking Attacks - Cracking attacks, being brute force or dictionary attacks, try to break into an application by guessing user names and passwords from known lists. The risk associated with these types of attacks is very clear. Once a useful username and password are obtained the attacker has free access to a service, information or even can get administration permissions to the server itself. Additional risks are denial of service by triggering built-in protections in the applications, locking out users or consuming system resources during authentication attempts. 1 As mentioned earlier, over time hackers have developed attack tools that integrate well with legitimate forms of communications. Application layer scanning and cracking tools are part of this family of tools.
5 Page Brute force attack tools usually use a technique called Mass Generator. This technique is designed to launch a massive number of similar operations at high speed. In the case of a brute force attack the similar operation includes different types of login attempts. A common type of brute force tool is called the generic brute forcers. These tools support the capability to target multiple applications, including methods to test more than 20 different authentication types, from the usual ones such as HTTP and FTP, to quite exotic ones such as cvs, pc anywhere etc. These types of tools test authentication methods that are defined in standards, such as the Basic HTTP authentication. Application Vulnerability Scanning - These scanners perform thousands of tests and provide a list of potential vulnerabilities that may be exploited. Typically, these scanners do not send an exploit to the server but a more legitimate request that only shows the existence of the vulnerability, and as such will not trigger signature-based protection systems. These scanners can be classified into three families: Generic scanners : These tools perform thousands of tests and provide a list of potential vulnerabilities that may be exploited; Dedicated scanners: These tools also test for multiple vulnerabilities but only those that affect one specific type of operating system or application. Exploitation tools: These tools launch a sequence of real attacks on targeted systems. As mentioned before this method is less common as it is easy to detect. These application scanners generate thousands of application requests to the server and analyze the different behaviors of its responses. Through analysis of the application responses, the tools can identify the exact targeted application information (type, version etc.). According to the discovered application s information the tool typically searches into a vulnerabilities database and selects a specific set of application requests that fit the application type and version and sends them to the probed application. Through this scheme the tool can automatically identify which vulnerabilities exist in the application.
6 Page The following figures show a typical HTTP vulnerability scanning: Get /cgi-bin/info2www HTTP/1.0 Attacker Get /cgi-bin/files.pl HTTP/1.0 Get /cgi-bin/finger HTTP/1.0 Get /cgi HTTP/1.0 Get /cgi/websendmail HTTP/1.0 Get /cgi/textcounter HTTP/1.0 Public Web Server Figure 1a HTTP Vulnerability Scan Activities (1 st phase) After the 1 st scanning phase the following results are achieved by the hacker: Information about the server application type and version is discovered. During the scanning activities the server resources (CPU and Memory) are misused and this can result in service disruption. Known potential application vulnerabilities are detected. As shown in Figure 1b below, in the 2 nd phase a direct vulnerability exploitation attempt can be generated with a high probability of success. Exploitation Attacker Figure 1b Exploitation (2 nd phase) Public Web Server Aforementioned application pre-attack probes, by definition, cloak themselves as legitimate traffic since they usually do not violate protocol rules or match pre-defined attack signatures that represent an exploitation attempt of known application vulnerabilities. Therefore, Network Intrusion Prevention Systems [NIPS] that support only signature-based detection capabilities are ineffective against these threats. Only a behavior-based product that can evaluate changing application traffic patterns will be able to effectively defeat these pre-attack probes.
7 Page Radware DefensePro Radware s Server Cracking Protection is a behavioral server-based technology that detects and prevents both known and unknown application scans and brute-force attacks. This behavioral protection is part of Radware s DefensePro Full Spectrum Protection Technology. The technology includes an adaptive behavioral network-based protection that mitigates network DoS & DDoS attacks, adaptive behavioral user-based protections that mitigate network pre-attack probes and zero-day worm propagation activities, and stateful signature-based protections against exploitation attempts of known application vulnerabilities. Figure 2 illustrates the unique layers of defense security architecture that is implemented inside the DefensePro system. The server cracking protection is part of the 2 nd layer server-based behavioral technology shown in the figure: Network & DoS/DDoS Flood attacks Server-Based Attacks Zero-Day Worms Propagation Intrusion Activities Clean Environment Proactive Network-Based Proactive Server-Based Proactive User-Based Stateful Signature- Behavioral Analysis Behavioral Analysis Behavioral Analysis Based Protections Figure 2 DefensePro Multi-layered Protections Server Cracking Protections The Server Cracking behavioral protection detects and prevents the following known and unknown (zero-day) threats: Web Authentication brute-force & dictionary attacks HTTP vulnerability scans SMTP (Mail) brute-force & dictionary attacks FTP brute-force & dictionary attacks POP3 (Mail) brute-force & dictionary attacks MySQL brute-force & dictionary attacks
8 Page MSSQL brute-force & dictionary attacks SIP brute-force & dictionary attacks SIP scans About SIP scanning & Brute-force Attacks SIP Scanning - In SIP scanning the attacker s aim is slightly different then the usual application vulnerability scanning goal. While it is possible to find vulnerable SIP implementation, the actual gain from SIP scanning is to obtain a list of SIP subscribers and to send them SIP SPAM messages, also known as SPIT (Spam over IP Telephony). Attacker will use scripts to send the SPIT messages to a list of guessed subscriber names and will note the ones that reply. SPIT can cause annoyance to the subscribers and can disrupt service if done in high volumes. SIP Brute Force - A register brute force is an attempt to gain access to a user account and through it to the service, thus allowing the attacker to use the service without paying for it. This is turn causes revenue loss, reputation loss and an increase in bill verification activities. For more detailed information about Radware s DefensePro VoIP protections, refer to Radware s Mutli-layered VoIP Security White paper at: Behavioral Server Cracking Technology Radware s server cracking behavioral-based mechanism uses an advanced statistical engine and an adaptive fuzzy logic decision engine in order to detect users that try to scan or brute force server applications. The engine classifies plurality of application response messages that are generated by the protected servers and extracts the user identifier from them. The statistical engine then computes statistical characteristics such as frequency, quantity and distribution parameters of the plurality of response messages corresponding to each user. The Fuzzy Logic decision engine assigns an anomaly weight to each characteristic parameter, correlates between these weights through expert rules, and generates a degree of anomaly corresponding to each user. One of the challenges that every system administrator faces with protection systems is to define the time-out interval in which the system will monitor the user s activities until a decision can be made (e.g., until a certain threshold is breached). Wrong time-out settings can lead immediately to false positive or false negative decisions. Monitor interval that are too long increase the chances for false positive decisions, while intervals that are set too short increase the risk that the system will not detect the scan or brute force attack.
9 Page In order to solve this problem, Radware s server cracking decision engine automatically adjusts the user monitoring interval based upon the user s degree of anomaly. This dynamic monitoring interval determines how much time the system will consider the user suspect and continue to analyze his activities until a decision can be made. This adaptation process increases the accuracy of the system s decisions and reduces dramatically the configuration and maintenance operations that are required from the system administrator. Once a user has been identified as an attacker he is blocked, meaning no more connections from this source to the attack target server will be accepted. In case of attack, DefensePro inserts the source IP to a dynamic block list, or extends the blocking duration in case the source IP address was already blocking in the past during the same attack lifecycle. Server Cracking Closed-Feedback Mechanism Besides the dynamic user monitoring interval, Radware's DP Closed Feedback Module is responsible for further minimizing false positive decisions. The closed-feedback methodology that the system supports is characterized by a dynamic blocking period. When the system discovers attacker activities, it will use a very short first blocking period against him. During this period, the system keeps tracing the blocked user and checks for consistency in his abnormal activities. If his activities are discovered as a one time case, the system will immediately reduce the blocking duration to zero and release the user. If the user s abnormal activities are consistent, then it will automatically increase the blocking duration. Figure 3 illustrates the server cracking decision making process: Dynamic Blocking Dynamic blocking closed-feedback Fuzzy Logic Decision Engine Statistics Collection Adaptive user monitoring interval User Classification Figure 3 - Server Cracking Decision Making Process
10 Page Summary Radware s DefensePro integrates multiple layers of defense, including signature-based protection, adaptive behavioral network-based protection that covers threats such as zero-day worm propagation and DoS&DDoS network flood attacks and bandwidth management. Looking into the next level of attacks, the server cracking feature set complements the IPS offering with the adaptive behavioral server-based protection technology. Understanding today s threats and security challenges lead to the conclusion that effective protection should include the following key capabilities: Wide Security Coverage Application protection should include a multi-layer of defense technology that includes network, transport and application layer protections. Both known and unknown attacks should be confronted through both proactive behavioral-based and signature-based security technologies. Scalability The security product should be able to work in a high-speed environment with minimal impact on traffic latency. This important capability should be supported through advanced hardware architecture accompanied by advanced security technologies. Low TCO Maintaining low Total Cost of Ownership forces systems to be more independent of the human factor ( hands-off systems). Relying less on the human factor means that operations that were usually conducted by the security expert need now to be performed automatically by the systems themselves. Accuracy - The accuracy of both the detection and prevention technologies that the product has to offer, especially in real-time environments are paramount. Even low percentages of false positive detections or false preventions (i.e., packets that are dropped unnecessarily) render the security product useless. Radware's Behavioral server cracking protection system has the ability to accurately prevent application pre-attack probes such as application vulnerability scans and brute force attack and the misuse of application server resources, all in real-time. The Behavioral protection supports statistical algorithms, which characterize the pattern of ongoing attacks and then filter these attacks accordingly, without any human intervention. Thus, Radware s DefensePro introduces a Network Intrusion Prevention System that was deigned to fulfill all the aforementioned key capabilities. To read more about Radware s DefensePro, please refer to:
Radware s Attack Mitigation Solution On-line Business Protection
Radware s Attack Mitigation Solution On-line Business Protection Table of Contents Attack Mitigation Layers of Defense... 3 Network-Based DDoS Protections... 3 Application Based DoS/DDoS Protection...
More informationApplication Security Backgrounder
Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationMulti-Layered VoIP Security. A DefensePro White Paper - Avi Chesla, VP Security
Multi-Layered VoIP Security A DefensePro White Paper - Avi Chesla, VP Security Table of Content Abstract...3 What is VoIP...3 VoIP Protocols...4 VoIP Architecture...4 The VoIP Market & Standards...6 The
More informationSmart Network. Smart Business. APSolute Immunity with DefensePro Brochure
Smart Network. Smart Business. APSolute Immunity with DefensePro Brochure APSolute Immunity: Your Business Clear Choice for Proactive Network Security The Changing Threats Landscape: Non-Vulnerability
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationSHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
More informationHillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis
Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Keywords: Intelligent Next-Generation Firewall (ingfw), Unknown Threat, Abnormal Parameter, Abnormal Behavior,
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationComplete Protection against Evolving DDoS Threats
Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion
More informationDefensePro Whitepaper Fighting Cybercrime: Rethinking Application Security By Ron Meyran
DefensePro Whitepaper Fighting Cybercrime: Rethinking Application Security By Ron Meyran Table of Contents Introduction...3 The Changing Threat Landscape...3 Organized Crime...3 Botnets The Rise Of The
More informationA Layperson s Guide To DoS Attacks
A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationSHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper
SHARE THIS WHITEPAPER On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper Table of Contents Overview... 3 Current Attacks Landscape: DDoS is Becoming Mainstream... 3 Attackers Launch
More informationINCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS
WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by
More informationWhite paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.
TrusGuard DPX: Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls...
More informationArrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015
Arrow ECS University 2015 Radware Hybrid Cloud WAF Service 9 Ottobre 2015 Get to Know Radware 2 Our Track Record Company Growth Over 10,000 Customers USD Millions 200.00 150.00 32% 144.1 16% 167.0 15%
More informationFirst Line of Defense to Protect Critical Infrastructure
RFI SUBMISSION First Line of Defense to Protect Critical Infrastructure Developing a Framework to Improve Critical Infrastructure Cybersecurity Response to NIST Docket # 130208119-3119-01 Document # 2013-044B
More informationIntrusion Detection for Mobile Ad Hoc Networks
Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems
More informationWhite Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationHONEYPOT SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
HONEYPOT SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationThe Critical Importance of Three Dimensional Protection (3DP) in an Intrusion Prevention System
The Critical Importance of Three Dimensional Protection (3DP) in an Intrusion Prevention System Top Layer Networks, Inc. Enterprises without a sound intrusion prevention strategy across the three threat
More informationBanking Security using Honeypot
Banking Security using Honeypot Sandeep Chaware D.J.Sanghvi College of Engineering, Mumbai smchaware@gmail.com Abstract New threats are constantly emerging to the security of organization s information
More informationDDoS Protection Technology White Paper
DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of
More information10 Things Every Web Application Firewall Should Provide Share this ebook
The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationHow To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)
McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationData Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.
Data Centers Protection from DoS attacks. Trends and solutions Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.2010 Cybercrime Trends Page 2 Types of DoS attacks and classical
More informationSHARE THIS WHITEPAPER
Denial-of-Service (DoS) Secured Virtual Tenant Networks (VTN) Value-added DoS protection as a service for Software Defined Network (SDN) a solution paper by Radware & NEC Corporation of America Whitepaper
More informationIntruPro TM IPS. Inline Intrusion Prevention. White Paper
IntruPro TM IPS Inline Intrusion Prevention White Paper White Paper Inline Intrusion Prevention Introduction Enterprises are increasingly looking at tools that detect network security breaches and alert
More informationExam 1 - CSIS 3755 Information Assurance
Name: Exam 1 - CSIS 3755 Information Assurance True/False Indicate whether the statement is true or false. 1. Antiquated or outdated infrastructure can lead to reliable and trustworthy systems. 2. Information
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationEnterprise-Grade Security from the Cloud
Datasheet Website Security Enterprise-Grade Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-of-breed security
More informationAn Introduction to Network Vulnerability Testing
CONTENTS Introduction 3 Penetration Testing Overview 4 Step 1: Defining the Scope 4 Step 2: Performing the Penetration Test 5 Step 3: Reporting and Delivering Results 6 VeriSign SecureTEST 7 Common Vulnerability
More informationAdvantages of Managed Security Services
Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network
More informationNEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT
Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent
More informationHack Your SQL Server Database Before the Hackers Do
Note: This article was edited in Oct. 2013, from numerous Web Sources. TJS At the Install: The default install for SQL server makes it is as secure as it will ever be. DBAs and developers will eventually
More informationFortiDDos Size isn t everything
FortiDDos Size isn t everything Martijn Duijm Director Sales Engineering April - 2015 Copyright Fortinet Inc. All rights reserved. Agenda 1. DDoS In The News 2. Drawing the Demarcation Line - Does One
More informationSecurity Event Management. February 7, 2007 (Revision 5)
Security Event Management February 7, 2007 (Revision 5) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 CRITICAL EVENT DETECTION... 3 LOG ANALYSIS, REPORTING AND STORAGE... 7 LOWER TOTAL COST
More informationDatabase Security, Virtualization and Cloud Computing
Whitepaper Database Security, Virtualization and Cloud Computing The three key technology challenges in protecting sensitive data in modern IT architectures Including: Limitations of existing database
More informationSecurity Toolsets for ISP Defense
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
More informationCSE331: Introduction to Networks and Security. Lecture 17 Fall 2006
CSE331: Introduction to Networks and Security Lecture 17 Fall 2006 Announcements Project 2 is due next Weds. Homework 2 has been assigned: It's due on Monday, November 6th. CSE331 Fall 2004 2 Summary:
More informationReducing Application Vulnerabilities by Security Engineering
Reducing Application Vulnerabilities by Security Engineering - Subash Newton Manager Projects (Non Functional Testing, PT CoE Group) 2008, Cognizant Technology Solutions. All Rights Reserved. The information
More informationBarracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper
Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper Securing Web Applications As hackers moved from attacking the network to attacking the deployed applications, a category
More informationSECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning
SECURITY TERMS: Advisory - A formal notice to the public on the nature of security vulnerability. When security researchers discover vulnerabilities in software, they usually notify the affected vendor
More informationHow Cisco IT Protects Against Distributed Denial of Service Attacks
How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationHOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT
HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT The frequency and sophistication of Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Most of the earliest
More informationEnd to End Security do Endpoint ao Datacenter
do Endpoint ao Datacenter Piero DePaoli & Leandro Vicente Security Product Marketing & Systems Engineering 1 Agenda 1 Today s Threat Landscape 2 From Endpoint: Symantec Endpoint Protection 3 To Datacenter:
More informationNetwork Security: Introduction
Network Security: Introduction 1. Network security models 2. Vulnerabilities, threats and attacks 3. Basic types of attacks 4. Managing network security 1. Network security models Security Security has
More information1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?
Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against
More informationDDoS Attacks & Defenses
DDoS Attacks & Defenses DDOS(1/2) Distributed Denial of Service (DDoS) attacks form a significant security threat making networked systems unavailable by flooding with useless traffic using large numbers
More informationIntrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12
Intrusion Detection Systems and Supporting Tools Ian Welch NWEN 405 Week 12 IDS CONCEPTS Firewalls. Intrusion detection systems. Anderson publishes paper outlining security problems 1972 DNS created 1984
More informationHow To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationIBM Managed Security Services Vulnerability Scanning:
IBM Managed Security Services August 2005 IBM Managed Security Services Vulnerability Scanning: Understanding the methodology and risks Jerry Neely Network Security Analyst, IBM Global Services Page 2
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationTechnology Blueprint. Protect Your VoIP/SIP Servers. Insulating your voice network and its servers from attacks and disruption
Technology Blueprint Protect Your VoIP/SIP Servers Insulating your voice network and its servers from attacks and disruption LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationWhy a Network-based Security Solution is Better than Using Point Solutions Architectures
Why a Network-based Security Solution is Better than Using Point Solutions Architectures In This Paper Many threats today rely on newly discovered vulnerabilities or exploits CPE-based solutions alone
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationColumbia - Verizon Research Securing SIP: Scalable Mechanisms For Protecting SIP-Based Systems
Columbia - Verizon Research Securing SIP: Scalable Mechanisms For Protecting SIP-Based Systems Henning Schulzrinne Eilon Yardeni Somdutt Patnaik Columbia University CS Department Gaston Ormazabal Verizon
More informationProduct Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity
NIP IDS Product Overview The Network Intelligent Police (NIP) Intrusion Detection System (IDS) is a new generation of session-based intelligent network IDS developed by Huaweisymantec. Deployed in key
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationHögskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :
Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh Written Exam in Network Security ANSWERS May 28, 2009. Allowed aid: Writing material. Name (in block letters)
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationClient logo placeholder XXX REPORT. Page 1 of 37
Client logo placeholder XXX REPORT Page 1 of 37 Report Details Title Xxx Penetration Testing Report Version V1.0 Author Tester(s) Approved by Client Classification Confidential Recipient Name Title Company
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationCisco Security Intelligence Operations
Operations Operations of 1 Operations Operations of Today s organizations require security solutions that accurately detect threats, provide holistic protection, and continually adapt to a rapidly evolving,
More informationTop Three POS System Vulnerabilities Identified to Promote Data Security Awareness
CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA
More informationCisco RSA Announcement Update
Cisco RSA Announcement Update May 7, 2009 Presented by: WWT and Cisco Agenda Cisco RSA Conference Announcements Collaborate with Confidence Overview Cisco s Security Technology Differentiation Review of
More informationNetwork Security. 1 Pass the course => Pass Written exam week 11 Pass Labs
Network Security Ola Lundh ola.lundh@hh.se Schedule/ time-table: landris.hh.se/ (NetwoSec) Course home-page: hh.se/english/ide/education/student/coursewebp ages/networksecurity cisco.netacad.net Packet
More informationIDS and Penetration Testing Lab ISA 674
IDS and Penetration Testing Lab ISA 674 Ethics Statement Network Security Student Certification and Agreement I,, hereby certify that I read the following: University Policy Number 1301: Responsible Use
More informationTop 5 Essential Log Reports
Top 5 Essential Log Reports Version 1.0 Contributors: Chris Brenton - Independent Security Consultant - chris@chrisbrenton.org Tina Bird, Security Architect, PGP Corporation Marcus J Ranum, CSO, Tenable
More informationRole of Anomaly IDS in Network
Role of Anomaly IDS in Network SumathyMurugan 1, Dr.M.Sundara Rajan 2 1 Asst. Prof, Department of Computer Science, Thiruthangal Nadar College, Chennai -51. 2 Asst. Prof, Department of Computer Science,
More informationNetDefend Firewall UTM Services
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering (WCF) for superior
More informationWindows Remote Access
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
More informationChoose Your Own - Fighting the Battle Against Zero Day Virus Threats
Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats 1 of 2 November, 2004 Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats Choose Your Weapon: Fighting the Battle
More informationSafeguards Against Denial of Service Attacks for IP Phones
W H I T E P A P E R Denial of Service (DoS) attacks on computers and infrastructure communications systems have been reported for a number of years, but the accelerated deployment of Voice over IP (VoIP)
More informationBlackRidge Technology Transport Access Control: Overview
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
More informationSELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM:
SELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM: 12 Key Questions to Ask Executive Summary Host Intrusion Prevention Systems (HIPS) complement perimeter defenses, and play a vital role in protecting
More informationWEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
More informationNetwork- vs. Host-based Intrusion Detection
Network- vs. Host-based Intrusion Detection A Guide to Intrusion Detection Technology 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free: 800.776.2362 Fax: 678.443.6477
More informationProtecting Against Application DDoS Attacks with BIG-IP ASM: A Three-Step Solution
Protecting Against Application DDoS Attacks with BIG-IP ASM: A Three-Step Solution Today s security threats increasingly involve application-layer DDoS attacks mounted by organized groups of attackers
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationSecurityDAM On-demand, Cloud-based DDoS Mitigation
SecurityDAM On-demand, Cloud-based DDoS Mitigation Table of contents Introduction... 3 Why premise-based DDoS solutions are lacking... 3 The problem with ISP-based DDoS solutions... 4 On-demand cloud DDoS
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationNext Generation. VoIP Application Firewall. www.novacybersecurity.com
Next Generation VoIP Application Firewall Are you aware that you are vulnerable to all threats on the Internet? With increasing voice and video transmission over IP and emerging new technologies such as
More informationREPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB
REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB Conducted: 29 th March 5 th April 2007 Prepared By: Pankaj Kohli (200607011) Chandan Kumar (200607003) Aamil Farooq (200505001) Network Audit Table of
More informationIntrusion Detection System (IDS)
Intrusion Detection System (IDS) Characteristics Systems User, Process predictable actions describing process under that actions what pattern subvert actions attack of correspond the systems processes
More informationRadware Solutions for NGDC
Radware Solutions for NGDC Ofir Hatsor, June 2011 Main Drivers for NGDC Eliminate Costs of Downtime Improve Customer Experience & Employee Productivity Cut Application Infrastructure Cost by 20-50% Enhance
More informationCisco IPS Tuning Overview
Cisco IPS Tuning Overview Overview Increasingly sophisticated attacks on business networks can impede business productivity, obstruct access to applications and resources, and significantly disrupt communications.
More information