Computer security technologies
|
|
- Beverly Jacobs
- 8 years ago
- Views:
Transcription
1 4 Computer security technologies 4.1 Introduction Determining the risk that a vulnerability poses to a computer system and also its vulnerability risk status forms part of the information security field of study and research. When searching for an aid for resolving the issue of VRS, the information security technologies currently on the information security market should be examined and assessed. There are two security technologies currently dominating the information security market. Vulnerability assessment (VA) and intrusion detection systems (IDS) are seen as essential elements in creating a secure environment for computer use in an organization. The object of this chapter is to discuss these security technologies. Through the discussions, it should become apparent which security technology, if either, will be of help in determining a computer s VRS. 4.2 Vulnerability assessment and intrusion detection security technologies The revolution of VA and IDS came about as a result of the inadequacy of computer security tools such as basic firewalls. A computer security tool can be seen as a practical instrument or apparatus that enhances computer security [MERR 02]. In other words, the security tool helps protect information assets. In the case of a firewall, a computer system is loaded with certain configured software that regulates network traffic in and between different computer systems and networks of computer systems [RANU 94]. It is therefore a tool that enhances computer security.
2 Computer vulnerability risk analysis Firewalls, while being far from obsolete in their implementation, are not enough to secure modern networks from all intrusions. They are susceptible to attack themselves and modern security threats do not always come from the outside world, but may also come from within the organization itself [RANU 94]. Fig. 4.1 is a graphical representation of the security tools and technologies in the information security market. IDS and VA are placed in the assessment section [GART 97]. Management & administration Firewalls Anti-virus Enhanced user authentication Access control and user authentication Cryptography Assessment (IDS/VA) Logging, reporting, alerting Secure, consolidating user authentication Certification Physical security Consulting Fig. 4.1 Information security market The discussion of VA and IDS in the following sections will be structured according to the areas of importance listed below. A definition of each technology will be given. A discussion of the nature of each technology will be supplied. A discussion of each technology, in connection with anti-intrusion techniques they employ, will be supplied. A conclusion as to the applicability of the technology to the VRS problem will be discussed. 40
3 Computer security technologies The comparison of the security technologies should reveal their potential application to the VRS problem. In the list mentioned above, anti-intrusion techniques are mentioned. This concept should be addressed before continuing. Since the reason for implementing security measures on a computer system is to deter unauthorized access or intrusions, through time, anti-intrusion techniques have been formulated to discourage intrusions. Anti-intrusion techniques are accepted good practices for securing the computing environment within an organization. Some accepted anti-intrusion techniques are pre-emption, prevention, deterrence, deflection, detection and countermeasures [HALM 00]. In the discussion of IDS and VA, the antiintrusion techniques they employ will be discussed further Intrusion detection systems (IDS) Some definitions of IDS include the following: An IDS is the real-time monitoring of network/system activity and the analyzing of data for attacks in progress. [OGUT 00] An IDS is a security technology attempting to identify and isolate computer system intrusions. [BIER 01] Intrusion-detection systems aim at detecting attacks against computer systems to monitor the usage of such systems and to detect the apparition of insecure states. [DEBA 99] According to the definitions of IDS listed above, it would appear that IDS monitor system and network activity to detect and identify any misuses of a computer system and system resources that may constitute an attack or intrusion. 41
4 Computer vulnerability risk analysis Nature of intrusion detection systems There are different approaches to which IDS monitoring may be applied. These approaches range from the network-based level, host-based, targetbased to application-based implementations [ICSA 98]. The basic monitoring and analysis characteristics of the IDS do not change in the different approaches to implementation, but rather focus on different aspects of importance. For example, an IDS in a network-based approach monitors the traffic on a network in promiscuous mode for any suspicious activity, while a host-based IDS monitors any attempted intrusions on a single host on which it has been installed. An additional way of implementing an IDS is the examination of the scene of the crime after an intrusion has taken place to determine the intrusion methods used and examine the possibility of tracing the origin of the intruder [LUNN 01]. In this instance the IDS is not monitoring for attempted intrusions, but rather searches for clues that relate to the intrusion. Elements, such as the points of entry into the compromised system and base of attack, are examined. Identifying these points may stop the intrusion from happening in the future and the origin of the attacker could be traced from there. This examination requires the total involvement of the IDS administrator in the process Anti-intrusion technique utilized by IDS a) Detection The anti-intrusion technique of detection forms the backbone of IDS. As shown in the definition of IDS, detection is a process of identification and in this case, intrusions are identified. Within this anti-intrusion technique different detection approaches can be identified. They are the anomaly, misuse and continuous system health monitoring approaches. Anomaly detection: This detection approach monitors system activities and compares these to activities that may be considered normal. These normal activities are established through the information gathered from 42
5 Computer security technologies the audit trails of users, groups of users, application and system resource usage and are used as a basis for expected activities. If certain user activities fall outside the normal range of activities, this approach will identify them as a possible intrusion taking place [GHOS 99]. Misuse detection: Misuse detection determines whether activity that is taking place on a system or network of systems is considered to be wrong enough to warrant an alarm. In contrast to the anomaly detection approach, misuse detection does not try to compare activities to normal activities, but rather to known wrongful behaviour. The rules of wrongful behaviour are created from earlier incident scenarios and knowledge of exploitable vulnerabilities. The validity and comprehensiveness of the rules depend upon the administrator s knowledge and experience of computer misuse and intrusions [VERW 02]. Continuous system health monitoring: Lastly, the continuous monitoring of key system factors to determine whether they are functioning properly is another detection approach. The key system factors may include general performance, registry settings and a user account s utilization of a system resource. This detection method would usually run in the background with other system processes and continually monitor the key areas mentioned for any abnormalities [PAGU 00]. Abnormalities in key system factors, such as the registry settings in the Microsoft Windows operating system [MICR 03], could suggest attempted intrusions. b) Countermeasures Countermeasure anti-intrusion techniques can be seen as the steps taken to react to intrusions that have been identified. When discussing countermeasure techniques, the reaction time and the degree of involvement of the IDS administrator in the reaction process are of interest. An administrator, within this scope, is the term used to describe the user 43
6 Computer vulnerability risk analysis responsible for the implementation of the IDS. The reaction time refers to the time it takes the IDS to retaliate against a detected intrusion attempt. There are two time frames for reacting to identified intrusions, namely: Real time The IDS system detects intrusions and reacts to them automatically while they are occurring. No involvement of the administrator is necessary to apply the countermeasures to the intrusion [GHOS 00]. Near-real time The administrator manually reacts to an intrusion after the IDS warns of an intrusion in progress [NETW 97]. The IDS detects the intrusion attempts, but it is the responsibility of the administrator to react to the threat and implement the necessary countermeasures. It would be ideal if all IDS functioned in real time, since the computer s reaction time to an intrusion is much quicker than that of any administrator. The problem is that IDS record many false alarms during the monitoring process and the reaction to false alarms on the part of the IDS could have a detrimental effect on the performance of the system it is supposed to protect. Also, the development of technology for the automatic identification of intrusions has not advanced far enough Applicability of IDS technology to VRS The discussion concerning IDS revealed some important points of interest. IDS are defined as systems actively attempting to detect intrusions. Ideally the monitoring for intrusions and reactions to intrusions should occur in real time, but this is not always possible. IDS, per definition do not identify the degree of risk a computer system faces through the vulnerabilities it possesses at a certain point in time. IDS focus more on the intrusion, which is usually a vulnerability that has already been exploited, rather than on the vulnerability before exploitation occurs. It would be ideal for the resolution of the VRS problem if the IDS s focus were on the vulnerability itself. If IDS technology could be altered slightly to examine a target system for vulnerabilities in real time it might be more applicable to the VRS problem. As is, it seems that IDS will not be able to help 44
7 Computer security technologies determine the VRS of a computer system as it is utilized at the moment. The possibility of using vulnerability assessment security technology to solve the VRS problem will now be examined Vulnerability assessment (VA) The following are possible definitions of VA: Vulnerability Assessment (VA) is the ability to determine the security status of the information technology (IT) infrastructure. [SYMA 01] To protect an organization completely, it is necessary to audit the network on a regular basis, and in order to achieve this, a whole new category of software has emerged in the last few years: Vulnerability Assessment (VA). [FARM 01] The technology concerned with scanning computer systems and networks in order to find security vulnerabilities. [BACE 99] It is possible to formulate a definition by combining the literature referred to above. VA may be seen as the regular auditing and diagnostics of company computers and networks and the overall company security implementations for vulnerabilities. From the definition it seems that VA is divided into two parts: 1) The VA tools, which scan the company computer systems and networks for vulnerabilities and 2) the analytic approach to assessing the overall security flaws within a company [MIKS 01]. The VA tools referred to in this instance are the software applications or products that search for vulnerabilities on a computer system Nature of vulnerability assessment As in the case of IDS, VA can be applied to different computing approaches. These approaches range from the network-based VA, host-based VA and target-based VA to application-based VA, much the same as IDS [ICSA 98]. 45
8 Computer vulnerability risk analysis For example, VA tools scan for vulnerabilities at network level in the networkbased vulnerability assessment, and at application-based level vulnerabilities are detected in specific software applications. The time frame of the implementation of VA is of interest. VA tools are implemented on a scheduled basis, which means that VA tools, which scan for vulnerabilities, reveal vulnerabilities found at the time of the scan. In other words, VA tools give a snapshot of the vulnerabilities on a computer system at a certain point in time. This means that vulnerability assessment of the company computer systems or the company s overall security occurs only when an administrator or company policy deems it necessary. This is different from an IDS, because as defined earlier, an IDS monitors intrusions continuously after activation Anti-intrusion techniques utilized by VA a) Prevention Prevention anti-intrusion techniques are the preventative steps taken within a company to minimize the likelihood of the success of an intrusion, through the correct design, implementation, configuration and operation of a computer system. The prevention anti-intrusion technique seeks to avert intrusion before any unauthorized access to the computer system has been achieved. If prevention were implemented flawlessly, then in a perfect world, the other techniques such as detection and countermeasures would be unnecessary. In reality, total intrusion prevention is virtually impossible. An example of a VA tool that implements the prevention anti-intrusion technique is a vulnerability scanning tool. Vulnerability scanning tools are security tools that examine systems and networks to determine whether they are vulnerable to attack because of vulnerabilities that are resident in their configuration, settings or implementation [CONR 01]. b) Countermeasures The countermeasure techniques implemented by VA tools rely totally on the involvement of the administrator. VA tools only identify vulnerabilities, but do 46
9 Computer security technologies not automatically take steps to eliminate the vulnerabilities that have been detected. Vulnerabilities are not automatically eliminated for good reason. The VA tool s settings determine the specific areas of the vulnerability detection that will be applied; therefore, some of the vulnerabilities that the VA tool detects may be non-critical and acceptable to the administrator and the average user. The automatic elimination of the vulnerabilities may cause problems in the performance of the computer system and it is also very problematic to create software tools that will eliminate all computer vulnerabilities automatically. In addition, new vulnerabilities are discovered annually, which increases the complexity of automatic vulnerability elimination. In the past it was the responsibility of the administrator to address the vulnerabilities detected by the VA tools and implement countermeasure techniques. For example, if the VA tool detects an account with security settings that allow too much access, it was the administrator s responsibility to decide if the account s privileges should be decreased or if they may stay as they are. Currently the decision of which vulnerabilities to eliminate involves different entities, including the person(s) who own or are responsible for the threatened computer system as well as the relevant business unit the system resides in. Through consultation with these different entities, the identified vulnerabilities may be resolved in a responsible manner Applicability of VA technology to VRS VA technology may be quite useful to the VRS problem. As discussed, VA products detect vulnerabilities in computer systems and suggest ways of rectifying the problems they find. They do this in a scheduled manner, giving a kind of snapshot of the vulnerabilities resident on a computer system at a certain moment in time. The problem with the VA tools or products, however, is that they do not relay VRS, as preferred by the researcher. They only give a list of the vulnerabilities found and this reveals nothing of the areas within the computer system that 47
10 Computer vulnerability risk analysis the vulnerabilities influence. Also, the risk the vulnerabilities pose to the computer system is not quite obvious. 4.3 Conclusion This chapter has dealt with the evaluation of existing computer security technologies, which show potential in assisting in the creation of a computer s VRS at certain point in time. From the discussions of VA and IDS, some differences between the two computer security technologies have become apparent. These differences are the reasons for the choice of VA technology over IDS to determine a computer s vulnerability risk status. The reasons are as follows: VA tools detect and report vulnerabilities in the computer system, while IDS detect intrusions taking place. This means that IDS do not focus on the vulnerability, but rather on the intrusion that may have resulted from the exploitation of the vulnerability. The security technology that aids VRS creation should focus on vulnerability identification rather than exploited vulnerabilities. The different time bases of VA and IDS implementation reveal that the scheduled approach adopted by VA is of greater value in solving the computer VRS problem than the ongoing monitoring employed by IDS. The VA tools give a snapshot of the vulnerabilities that are resident at the time of the scan and this will simplify the determination of VRS. IDS monitor continually and this makes VRS creation problematic, because time intervals will have to be used to determine VRS. Deciding on an appropriate interval to use could become overly complex. It would be ideal if the monitoring and resolution of vulnerabilities occurred in real time or near-real time in the same way that IDS technology monitors for intrusions. A combination of the two technologies might be a step in the right direction, but it seems that continuously monitoring for vulnerabilities on target systems may create huge overhead. Even though new 48
11 Computer security technologies vulnerabilities are found almost every day, this may not warrant the constant monitoring of systems for vulnerabilities to resolve. Also, the latest updates of the newest vulnerabilities identified must be immediately available for download and incorporation otherwise the monitoring process would become obsolete. Lastly, the decision as to whether a vulnerability is considered dangerous enough to eliminate has to be discussed among a number of individuals, including the owner/user of the system, the administrator as well as the business unit the system forms a part of. The productivity of the department may be lower and time and money may be wasted through endless meetings and discussions. It has been established that VA is the pre-eminent security technology to employ for determining a computer s VRS. A study of an applicable VA tool in this security technology and its implementation will be the next step. The next chapter will discuss VA tools that may be useful in resolving the computer VRS problem. 49
Vulnerability assessment tools
5 Vulnerability assessment tools 5.1 Introduction The vulnerabilities and exploitable flaws in the software or hardware of a computer system give individuals, who are aware of these flaws, the opportunity
More informationState of Vermont. Intrusion Detection and Prevention Policy. Date: 11-02-10 Approved by: Tom Pelham Policy Number:
State of Vermont Intrusion Detection and Prevention Policy Date: 11-02-10 Approved by: Tom Pelham Policy Number: 1 Table of Contents 1.0 Introduction... 3 1.1 Authority... 3 1.2 Purpose... 3 1.3 Scope...
More informationRule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)
Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) 01.1 Purpose
More informationIntrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science
A Seminar report On Intrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science SUBMITTED TO: www.studymafia.org SUBMITTED BY: www.studymafia.org
More informationTaxonomy of Intrusion Detection System
Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use
More informationIntrusion Detection Systems
Intrusion Detection Systems Sokratis K. Katsikas Dept. of Digital Systems University of Piraeus ska@unipi.gr Agenda Overview of IDS Intrusion prevention using game theory Reducing false positives Clustering
More informationPCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com
Policy/Procedure Description PCI DSS Policies Install and Maintain a Firewall Configuration to Protect Cardholder Data Establish Firewall and Router Configuration Standards Build a Firewall Configuration
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationA Review on Network Intrusion Detection System Using Open Source Snort
, pp.61-70 http://dx.doi.org/10.14257/ijdta.2016.9.4.05 A Review on Network Intrusion Detection System Using Open Source Snort Sakshi Sharma and Manish Dixit Department of CSE& IT MITS Gwalior, India Sharmasakshi1009@gmail.com,
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationIntrusion Detections Systems
Intrusion Detections Systems 2009-03-04 Secure Computer Systems Poia Samoudi Asli Davor Sutic Contents Intrusion Detections Systems... 1 Contents... 2 Abstract... 2 Introduction... 3 IDS importance...
More informationObservation and Findings
Chapter 6 Observation and Findings 6.1. Introduction This chapter discuss in detail about observation and findings based on survey performed. This research work is carried out in order to find out network
More informationPayment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version 2.0 to 3.0
Payment Card Industry (PCI) Data Security Standard Summary of s from Version 2.0 to 3.0 November 2013 Introduction This document provides a summary of changes from v2.0 to v3.0. Table 1 provides an overview
More informationIntrusion Detection System (IDS)
Intrusion Detection System (IDS) Characteristics Systems User, Process predictable actions describing process under that actions what pattern subvert actions attack of correspond the systems processes
More informationIntrusion Detection. Tianen Liu. May 22, 2003. paper will look at different kinds of intrusion detection systems, different ways of
Intrusion Detection Tianen Liu May 22, 2003 I. Abstract Computers are vulnerable to many threats. Hackers and unauthorized users can compromise systems. Viruses, worms, and other kinds of harmful code
More information<COMPANY> PR11 - Log Review Procedure. Document Reference Date 30th September 2014 Document Status. Final Version 3.
PR11 - Log Review Procedure Document Reference PR11 - Log Review Procedure Date 30th September 2014 Document Status Final Version 3.0 Revision History 1.0 12 January 2010 - Initial release. 1.1 14 September
More informationIntrusion Detection for Mobile Ad Hoc Networks
Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems
More informationIntroduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.
Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationName. Description. Rationale
Complliiance Componentt Description DEEFFI INITION Network-Based Intrusion Detection Systems (NIDS) Network-Based Intrusion Detection Systems (NIDS) detect attacks by capturing and analyzing network traffic.
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationFinancial Institution Letters
Financial Institution Letters Risk Assessment Tools And Practices For Information System Security FIL-68-99 July 7, 1999 TO: SUBJECT: CHIEF EXECUTIVE OFFICER FDIC Issues Paper on Information System Security
More informationNetwork- vs. Host-based Intrusion Detection
Network- vs. Host-based Intrusion Detection A Guide to Intrusion Detection Technology 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free: 800.776.2362 Fax: 678.443.6477
More informationIncident Response Plan for PCI-DSS Compliance
Incident Response Plan for PCI-DSS Compliance City of Monroe, Georgia Information Technology Division Finance Department I. Policy The City of Monroe Information Technology Administrator is responsible
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationRealize That Big Security Data Is Not Big Security Nor Big Intelligence
G00245789 Realize That Big Security Data Is Not Big Security Nor Big Intelligence Published: 19 April 2013 Analyst(s): Joseph Feiman Security intelligence's ultimate objective, enterprise protection, is
More informationThe Base Rate Fallacy and its Implications for the Difficulty of Intrusion Detection
The Base Rate Fallacy and its Implications for the Difficulty of Intrusion Detection Stefan Axelsson Presented by Kiran Kashalkar Agenda 1. 1. General Overview of of IDS 2. 2. Bayes Theorem and Base-Rate
More informationOur Security. History of IDS Cont d In 1983, Dr. Dorothy Denning and SRI International began working on a government project.
Our Security Ways we protect our valuables: By Edith Butler Fall 2008 Locks Security Alarm Video Surveillance, etc. History about IDS It began in 1980, with James Anderson's paper: History of IDS Cont
More informationLogRhythm and PCI Compliance
LogRhythm and PCI Compliance The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent
More informationContents. Intrusion Detection Systems (IDS) Intrusion Detection. Why Intrusion Detection? What is Intrusion Detection?
Contents Intrusion Detection Systems (IDS) Presented by Erland Jonsson Department of Computer Science and Engineering Motivation and basics (Why and what?) IDS types and principles Key Data Problems with
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationSecurity Event Management. February 7, 2007 (Revision 5)
Security Event Management February 7, 2007 (Revision 5) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 CRITICAL EVENT DETECTION... 3 LOG ANALYSIS, REPORTING AND STORAGE... 7 LOWER TOTAL COST
More informationLogRhythm and NERC CIP Compliance
LogRhythm and NERC CIP Compliance The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is reliable, adequate
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationIntrusion Detection Systems
Intrusion Detection Systems (IDS) Presented by Erland Jonsson Department of Computer Science and Engineering Contents Motivation and basics (Why and what?) IDS types and detection principles Key Data Problems
More informationCSE590IS Intrusion Detection Systems. Marianne Shaw January 29, 2003. DDoS: Can t prevent malicious traffic reaching you
CSE590IS Intrusion Detection Systems Marianne Shaw January 29, 2003 Plan DDoS: Can t prevent malicious traffic reaching you Worms: Huge number of mostly-identical, poorly managed hosts Cost/effort of timely
More informationTowards End-to-End Security
Towards End-to-End Security Thomas M. Chen Dept. of Electrical Engineering Southern Methodist University PO Box 750338 Dallas, TX 75275-0338 USA Tel: 214-768-8541 Fax: 214-768-3573 Email: tchen@engr.smu.edu
More informationFor more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa.
Global Partner Management Notice Subject: Visa Data Security Alert Malicious Software and Internet Protocol Addresses Dated: April 10, 2009 Announcement: The protection of account information is a responsibility
More informationPCI DSS Reporting WHITEPAPER
WHITEPAPER PCI DSS Reporting CONTENTS Executive Summary 2 Latest Patches not Installed 3 Vulnerability Dashboard 4 Web Application Protection 5 Users Logging into Sensitive Servers 6 Failed Login Attempts
More informationIntrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12
Intrusion Detection Systems and Supporting Tools Ian Welch NWEN 405 Week 12 IDS CONCEPTS Firewalls. Intrusion detection systems. Anderson publishes paper outlining security problems 1972 DNS created 1984
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationNetwork-Based and Host- Based Intrusion Detection. Harley Kozushko. Graduate Seminar
Network-Based and Host- Based Intrusion Detection Graduate Seminar 1 Goal This presentation is an in-depth overview of intrusion detection. As such, the purpose of the presentation is for reference. 2
More informationCOMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY POLICY Name Of Policy: Security Audit Logging Policy Domain: Security Date Issued: 05/23/11 Date
More informationEffective Threat Management. Building a complete lifecycle to manage enterprise threats.
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
More informationMarch 2012 www.tufin.com
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
More informationPerformance Evaluation of Intrusion Detection Systems
Performance Evaluation of Intrusion Detection Systems Waleed Farag & Sanwar Ali Department of Computer Science at Indiana University of Pennsylvania ABIT 2006 Outline Introduction: Intrusion Detection
More informationFoundstone ERS remediation System
Expediting Incident Response with Foundstone ERS Foundstone Inc. August, 2003 Enterprise Risk Solutions Platform Supports Successful Response and Remediation Introduction The Foundstone Enterprise Risk
More informationA Proposed Architecture of Intrusion Detection Systems for Internet Banking
A Proposed Architecture of Intrusion Detection Systems for Internet Banking A B S T R A C T Pritika Mehra Post Graduate Department of Computer Science, Khalsa College for Women Amritsar, India Mehra_priti@yahoo.com
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to
More informationTOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series
TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE ebook Series 2 Headlines have been written, fines have been issued and companies around the world have been challenged to find the resources, time and capital
More informationAUDIT REPORT 03-11 WEB PORTAL SECURITY REVIEW. 2004 FEBRUARY R. D. MacLEAN CITY AUDITOR
AUDIT REPORT 03-11 WEB PORTAL SECURITY REVIEW 2004 FEBRUARY R. D. MacLEAN CITY AUDITOR Web Portal Security Review Page 2 Audit Report 03-11 Web Portal Security Review INDEX SECTION I EXECUTIVE SUMMARY
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationOutline Intrusion Detection CS 239 Security for Networks and System Software June 3, 2002
Outline Intrusion Detection CS 239 Security for Networks and System Software June 3, 2002 Introduction Characteristics of intrusion detection systems Some sample intrusion detection systems Page 1 Page
More informationIPLocks Vulnerability Assessment: A Database Assessment Solution
IPLOCKS WHITE PAPER February 2006 IPLocks Vulnerability Assessment: A Database Assessment Solution 2665 North First Street, Suite 110 San Jose, CA 95134 Telephone: 408.383.7500 www.iplocks.com TABLE OF
More informationSPEAR PHISHING UNDERSTANDING THE THREAT
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
More informationBio-inspired cyber security for your enterprise
Bio-inspired cyber security for your enterprise Delivering global protection Perception is a network security service that protects your organisation from threats that existing security solutions can t
More informationComplete Web Application Security. Phase1-Building Web Application Security into Your Development Process
Complete Web Application Security Phase1-Building Web Application Security into Your Development Process Table of Contents Introduction 3 Thinking of security as a process 4 The Development Life Cycle
More informationOhio Supercomputer Center
Ohio Supercomputer Center Intrusion Prevention and Detection No: Effective: OSC-12 5/21/09 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationTHE ROLE OF IDS & ADS IN NETWORK SECURITY
THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker
More informationAPPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK AND INFORMATION PROTECTION
18-19 September 2014, BULGARIA 137 Proceedings of the International Conference on Information Technologies (InfoTech-2014) 18-19 September 2014, Bulgaria APPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK
More informationGlobal Partner Management Notice
Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with
More informationAn ISMS Implementation Practice in Environments with Limited Resources Prepared for APEC-OECD Workshop on Security of Information Systems and Networks
An ISMS Implementation Practice in Environments with Limited Resources Prepared for APEC-OECD Workshop on Security of Information Systems and Networks September 05, 2005 Sophie, Lihsuan Liang, Project
More informationWHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT
WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT WHAT S INSIDE: 1. GENERAL INFORMATION 1 2. EXECUTIVE SUMMARY 1 3. BACKGROUND 2 4. QUESTIONS FOR CONSIDERATION
More informationFairWarning Mapping to PCI DSS 3.0, Requirement 10
FairWarning Mapping to PCI DSS 3.0, Requirement 10 Requirement 10: Track and monitor all access to network resources and cardholder data Logging mechanisms and the ability to track user activities are
More informationPCI DSS Requirements - Security Controls and Processes
1. Build and maintain a secure network 1.1 Establish firewall and router configuration standards that formalize testing whenever configurations change; that identify all connections to cardholder data
More informationTake the Red Pill: Becoming One with Your Computing Environment using Security Intelligence
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationCORE Security and the Payment Card Industry Data Security Standard (PCI DSS)
CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns
More informationPCI Compliance. Top 10 Questions & Answers
PCI Compliance Top 10 Questions & Answers 1. What is PCI Compliance and PCI DSS? 2. Who needs to follow the PCI Data Security Standard? 3. What happens if I don t comply? 4. What are the basic requirements
More informationHONEYPOT SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
HONEYPOT SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationBeyond Check The Box
Beyond Check The Box Powering Intrusion Investigations PRESENTED BY: Jim Aldridge 27 MARCH 2014 Five Important Capabilities Mapping an IP address to a hostname Identifying the systems to which a specified
More informationSafeguarding the cloud with IBM Dynamic Cloud Security
Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationOvercoming PCI Compliance Challenges
Overcoming PCI Compliance Challenges Randy Rosenbaum - Security Services Exec. Alert Logic, CPISM Brian Anderson - Product Manager, Security Services, SunGard AS www.sungardas.com Goal: Understand the
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2. Intrusion Detection and Prevention Systems
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 13 Intrusion Detection and Prevention Systems By Whitman, Mattord, & Austin 2008 Course Technology Learning Objectives Describe
More informationNextiraOne, LLC d/b/a Black Box Network Services
NextiraOne, LLC d/b/a Black Box Network Services Black Box Network Services Additional Terms and Conditions Managed Services ( Additional Terms ) applicable to furnishing of equipment and services within
More informationNetwork Based Intrusion Detection Using Honey pot Deception
Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.
More informationB database Security - A Case Study
WHITE PAPER: ENTERPRISE SECURITY Strengthening Database Security White Paper: Enterprise Security Strengthening Database Security Contents Introduction........................................................................4
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationIntroduction of Intrusion Detection Systems
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
More informationGetting Ahead of Malware
IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,
More informationThe Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency
logo The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency Understanding the Multiple Levels of Security Built Into the Panoptix Solution Published: October 2011
More informationMOST FRAUD CASES INVOLVE SENIOR MANAGEMENT. HOW TO PREVENT THEM FROM MISUSING THEIR POWER?
1 www.e-safecompliance.com MOST FRAUD CASES INVOLVE SENIOR MANAGEMENT. HOW TO PREVENT THEM FROM MISUSING THEIR POWER? Based on Gartner Worldwide spending on information security will reach $71.1 billion
More informationInformation Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationEnvironment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.
Cyber Security. Environment, Solutions and Case study. Special Telecommunications Service David Gabriel, Buciu Adrian Contact: gdavid13@sts.ro adibuciu@sts.ro Environment Network/services can be damaged
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationTeleran PCI Customer Case Study
Teleran PCI Customer Case Study Written by Director of Credit Card Systems for Large Credit Card Issuer Customer Case Study Summary A large credit card issuer was engaged in a Payment Card Industry Data
More informationLevel 3 Public Use. Information Technology. Log/Event Management Guidelines
Page 1 of 5 Prepared by: Leigh Lopez Approved by: Chris Olsen, ISO Date: May 12, 2009 Date: June 8, 2009 Last revised by: Chris Olsen Last approved by: Chris Olsen, ISO Date: June 6, 2009 Date: January
More informationPCI Compliance Top 10 Questions and Answers
Where every interaction matters. PCI Compliance Top 10 Questions and Answers White Paper October 2013 By: Peer 1 Hosting Product Team www.peer1.com Contents What is PCI Compliance and PCI DSS? 3 Who needs
More informationIDS : Intrusion Detection System the Survey of Information Security
IDS : Intrusion Detection System the Survey of Information Security Sheetal Thakare 1, Pankaj Ingle 2, Dr. B.B. Meshram 3 1,2 Computer Technology Department, VJTI, Matunga,Mumbai 3 Head Of Computer TechnologyDepartment,
More information