CERT Virtual Flow Collection and Analysis

Similar documents
Exploring the Interactions Between Network Data Analysis and Security Information/Event Management

Network Analysis with isilk

2012 CyberSecurity Watch Survey

Overview Presented by: Boyd L. Summers

An Application of an Iterative Approach to DoD Software Migration Planning

Monitoring Trends in Network Flow for Situational Awareness

Report Documentation Page

Network Monitoring for Cyber Security

Merging Network Configuration and Network Traffic Data in ISP-Level Analyses

Asset Management- Acquisitions

Software Security Engineering: A Guide for Project Managers

DEFENSE CONTRACT AUDIT AGENCY

73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation

John Mathieson US Air Force (WR ALC) Systems & Software Technology Conference Salt Lake City, Utah 19 May 2011

Supply-Chain Risk Management Framework

Guide to Using DoD PKI Certificates in Outlook 2000

Software Vulnerabilities in Java

Headquarters U.S. Air Force

Using the Advancement Degree of Difficulty (AD 2 ) as an input to Risk Management

Overview. CMU/SEI Cyber Innovation Center. Dynamic On-Demand High-Performance Computing System. KVM and Hypervisor Security.

DCAA and the Small Business Innovative Research (SBIR) Program

EAD Expected Annual Flood Damage Computation

The CERT Approach to Cybersecurity Workforce Development

DoD Software Migration Planning

AFRL-RX-WP-TP

Cyber Intelligence Workforce

VoIP in Flow A Beginning

ELECTRONIC HEALTH RECORDS. Fiscal Year 2013 Expenditure Plan Lacks Key Information Needed to Inform Future Funding Decisions

Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience

Mr. Steve Mayer, PMP, P.E. McClellan Remediation Program Manger Air Force Real Property Agency. May 11, 2011

CAPTURE-THE-FLAG: LEARNING COMPUTER SECURITY UNDER FIRE

RT 24 - Architecture, Modeling & Simulation, and Software Design

Military Health System Conference

Contracting Officer s Representative (COR) Interactive SharePoint Wiki

How To Use Elasticsearch

In June 1998 the Joint Military Intelligence. Intelligence Education for Joint Warfighting A. DENIS CLIFT

FIRST IMPRESSION EXPERIMENT REPORT (FIER)

AUSTRALIAN INNOVATIONS

Cancellation of Nongroup Health Insurance Policies

Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division

Moving Target Reference Implementation

Award Number: MIPR 3GD3DJ3078. TITLE: Outcome Analysis Tool for Army Refractive Surgery Program. PRINCIPAL INVESTIGATOR: Kraig S. Bower, M.D.

Issue Paper. Wargaming Homeland Security and Army Reserve Component Issues. By Professor Michael Pasquarett

$100 SiLK Network Flow Sensor

Pima Community College Planning Grant For Autonomous Intelligent Network of Systems (AINS) Science, Mathematics & Engineering Education Center

Department of Homeland Security Cyber Resilience Review (Case Study) Matthew Butkovic Technical Manager - Cybersecurity Assurance, CERT Division

Assurance Cases for Design Analysis of Complex System of Systems Software

IISUP-. NAVAL SUPPLY SVSTE:MS COMMAND. Ready. Resourceful. Responsive!

DEFENSE BUSINESS PRACTICE IMPLEMENTATION BOARD

Advanced Micro Ring Resonator Filter Technology

Interagency National Security Knowledge and Skills in the Department of Defense

Regional Field Verification Operational Results from Four Small Wind Turbines in the Pacific Northwest

Achieving QoS for Aeronautical Telecommunication Networks Over Differentiated Services

Evaluating the Quality of Software Engineering Performance Data

THE MIMOSA OPEN SOLUTION COLLABORATIVE ENGINEERING AND IT ENVIRONMENTS WORKSHOP

Risk Management Framework

Simulation of Air Flow Through a Test Chamber

Small PV Systems Performance Evaluation at NREL's Outdoor Test Facility Using the PVUSA Power Rating Method

Insider Threat Control: Using Centralized Logging to Detect Data Exfiltration Near Insider Termination

Resolving Chaos Arising from Agile Software Development

NAVSUP FLC NORFOLK PHILADELPHIA OFFICE

Dr. Gary S. E. Lagerloef Earth and Space Research, 1910 Fairview Ave E

Kurt Wallnau Senior Member of Technical Staff

Extending AADL for Security Design Assurance of the Internet of Things

Optical Blade Position Tracking System Test

A GPS Digital Phased Array Antenna and Receiver

A Study of Systems Engineering Effectiveness. Building a Business Case for Systems Engineering

Integrated Force Method Solution to Indeterminate Structural Mechanics Problems

Building Security Into Closed Network Design

Addressing the Real-World Challenges in the Development of Propulsion IVHM Technology Experiment (PITEX)

THE FLATWORLD SIMULATION CONTROL ARCHITECTURE (FSCA): A FRAMEWORK FOR SCALABLE IMMERSIVE VISUALIZATION SYSTEMS

REPORT DOCUMENTATION PAGE *

SOA for Healthcare: Promises and Pitfalls

Assurance in Service-Oriented Environments

THE NATIONAL SHIPBUILDING RESEARCH PROGRAM

Monitoring of Arctic Conditions from a Virtual Constellation of Synthetic Aperture Radar Satellites

Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis

Architectural Implications of Cloud Computing

THE NATIONAL SHIPBUILDING RESEARCH PROGRAM

Multiple Network Marketing coordination Model

A Systematic Method for Big Data Technology Selection

PROBLEM STATEMENT: Will reducing the ASD for Kadena AB F-15 C/Ds increase the CPFH for this Mission Design Series (MDS)?

mini w Requirements Analysis Defense Commissary Agency Credit Card Program Logistics Management Institute Credit Card Terminals and Printers v / i

Applying Software Quality Models to Software Security

Obsolescence Considerations for Materials in the Lower Sub-Tiers of the Supply Chain

An Oil-Free Thrust Foil Bearing Facility Design, Calibration, and Operation

MINDS: A NEW APPROACH TO THE INFORMATION SECURITY PROCESS

Intelligence Community Public Key Infrastructure (IC PKI)

A DOCTORAL PROGRAM WITH SPECIALIZATION IN INFORMATION SECURITY A High Assurance Constructive Security Approach

The Key to Successful Monitoring for Detection of Insider Attacks

Testing the Revised Moving Target Tutor

TITLE: The Impact Of Prostate Cancer Treatment-Related Symptoms On Low-Income Latino Couples

The CERT Top 10 List for Winning the Battle Against Insider Threats

OPTICAL IMAGES DUE TO LENSES AND MIRRORS *

Operationally Critical Threat, Asset, and Vulnerability Evaluation SM (OCTAVE SM ) Framework, Version 1.0

Cyber Security Training and Awareness Through Game Play

Graduate Level Credit for Resident EWS Students. Natasha McEachin CG 1

Automated Provisioning of Cloud and Cloudlet Applications

"OTHER TRANSACTIONS" (OT) GUIDE FOR PROTOTYPE PROJECTS

Transcription:

CERT Virtual Flow Collection and Analysis For Training and Simulation George Warnagiris 2011 Carnegie Mellon University

Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. 1. REPORT DATE JAN 2011 2. REPORT TYPE 3. DATES COVERED 00-00-2011 to 00-00-2011 4. TITLE AND SUBTITLE CERT Virtual Flow Collection and Analysis: For Training and Simulation 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Carnegie Mellon University,Software Engineering Institute,Pittsburgh,PA,15213 8. PERFORMING ORGANIZATION REPORT NUMBER 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR S ACRONYM(S) 12. DISTRIBUTION/AVAILABILITY STATEMENT Approved for public release; distribution unlimited 13. SUPPLEMENTARY NOTES FloCon 2011, in Salt Lake City, Utah, on January 10-13, 2011. 14. ABSTRACT 11. SPONSOR/MONITOR S REPORT NUMBER(S) 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT a. REPORT unclassified b. ABSTRACT unclassified c. THIS PAGE unclassified Same as Report (SAR) 18. NUMBER OF PAGES 14 19a. NAME OF RESPONSIBLE PERSON Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18

2011 Carnegie Mellon University NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE IS FURNISHED ON AN AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This presentation may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. This work was created in the performance of Federal Government Contract Number FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The government of the United States has a royalty-free government-purpose license to use, duplicate, or disclose the work, in whole or in part and in any manner, and to have or permit others to do so, for government purposes pursuant to the copyright license under the clause at 252.227-7013. CERT is a registered mark owned by Carnegie Mellon University. 2

Software Engineering Institute Carnegie Mellon Un S Acquisition Support CERT Research Technology and Systems Solutions Software Engineering Process Enterprise and Workforce Development Digital Investigations and Intelligence Cyber Threat and Vulnerability Analysis Secure Software and Systems 3

Software Engineering Institute CERT Enterprise and Workforce Development Digital Investigations and Intelligence Cyber Threat and Vulnerability Analysis Secure Software and Systems Immersive Learning Technologies XNET Network Situational Awareness 4

CERT Network Situational Awareness ( NetSA ) Among other work: Applied Research and Development Maintains the SiLK tool suite Analysis Pipeline Operational Analysis Private Network Analysis Network Profiling of Waladec-Infected IP Space Capacity Building Open source software and publications In person and online training 5

NetSA Online Training Modules Network Flow SiLK Beginning Flow Analysis rwfilter Counting Tools: rwcount, rwstats, rwuniq rwappend-rwsplit rwfileinfo-rwglob rwcut and rwcat rwsort Sets Prefix Maps (pmaps) Advanced SiLK Tools: Bags Using Tuples with SiLK LAB: SiLK Training 6

NetSA Online Virtual Lab I Find ~ Software Engineering Institute Table of Contents 2 Introduction 1. 1 Lau ToJJology 1.2 Description of data in the lnb repo~ i t o rie3 1.3 Tips on using th9 SiLKNTE lab systgms SILKIVTE Lab Exercises 2.1 Lab Section 1 Bcginring 1\nalysit E ~ orci coc 2. 1. 1 Lab 1.1 - Conm~cti ng to and logging onto thq SiLK lab 2.1.2 Lab 1.2 - Determine d ata repository's dates, classes and sensors 2.1.3 Lab 1.3- Explore the rapository 2.2 Lab Section 2 - rwfilter Exercises 2.2.1 Lab2.1 - Explore rwt:lter Options 2.2.2 Lab 2.2 T ack an ind ii id~al 3ddrocs or individual ad:lrctc block 2.2.3 Lab 2.3 - Categorizing Traffic with rw: 11 :er 2.2.4 Lab 2.4 - T ending T ralfic 2.2.5 Lab2.5 - Olaining r wfil:er Commands Together 2.3 Lab Se<tion 3 - Printing ard Sortirg T~ 2.3.1 Lab 3.1 - R>rmattirg OUtput 2.3.2 Lab 32- F nding Specific Behavior 2.4 l ab Se<tion 4 - Other - ools 2.4.1 _ab 4.1 - Llsif11< Other Too s to Find &havior 2.4.2 Lab4.2 - numq and the IJesllnabon If' Utstnc1 reature 2.4.3 l ab 4.3- [xplcring Lw(llda!v 2.5 lab Section 5 - Se:s 2.5.1 Lab 5.1 - Llsi f11< Block lists 2.5.2 Lab 5.2- Takirg Network lnvento1ies 2.o Lab Sec~ on o- Bags 2.6. 1 Lab 6.1 - F ud DNS Clieuts 2.7 Lab SG>ction 7 - Prgfix I.Aaps 2. 7.1 Lab 7.1 - Experimenting with pma,os 2.7.2 Lab 7.2 - pmaps and ICMP 3 3 4 4 6 6 6 6 6 7 7 8 8 9 9 9 10 11 11 11 12 12 12 12 13 13 13 13 14 {c;) I Software Engineering Institute I CarnegieMellon 7

NetSA Online Virtual Lab Time Remainin!l: 2:56 Extend I I'm Done. I Restart Lab I!::m.!J!. I {c;) I.. Software Engineering Institute I Carnegie Mellon 8

New Training Modules in 2010 Introduction to isilk Overview of PySiLK Basic PySiLK Objects 9

Modules Proposed for 2011 10

Virtual Training Environment ( VTE ) Training from anywhere with a web browser and Internet connection Recorded lectures on a variety of topics Hands-on training labs Narrated demonstrations XXX modules and counting! Topics range from CompTIA Network+ to Malware Analysis 11

Next Generation: VTE3 Courses Create a New Course Ghare )'OUI ~:no-.vledge end e:q:erierc~. Search: Gea c1 1-1uo t;jres.. ms tou1a. 1 2~:!.~ Wireless Comms an<l Wireless Network Security Th s class ~ov3rs sign;~l theo'y RF' pdp;g;~tion antennas, ;me wirp. P.~~ np.1\vnr< 'Y'l;:j:lpinc ~lllhf w~ytn lhp. l=tn? 11 nrntnr.nl ~t:rit:l'::, :ita:u iij ifflfjiitelijii~ Lf'Nft:!'ltn>~ r t:l'.wulkir y, l:h lj IJt:n>l practices. S~L:fiuus: 0 NF!tnltP.r~: r Vulni!ralltltty Ass>'!ssment ana Remi!atatton Vu nerability'.o..s~essment :;~nc Remedieti)n Sections: 1 Netnher~: 1 VI3WOela IS Using SilK tor Ni!tvlork Traffic Analy~is llsirg Cill< for Netvtcrk -rafic Ana ysis Oescriotion S~L:fiuus: 0 Netnher~: C {c;) I.. Software Engineering Institute I CarnegieMellon 12

VTE3 New site design Faster, more robust Authoring environment Labs based on the next generation of VMWare Communities Social networking 13

CERT Exercise Network ( XNET ) New site design Faster, more robust Authoring environment Labs based on the next generation of VMWare Communities Social networking 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information