Εmerging Ways to Protect your Network

Similar documents
A un panal de rica miel...

CyberSecurity Research in Crete

EU FP6 LOBSTER. personal view on the future of ero-day Worm Containment. European Infrastructure for accurate network monitoring

Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology. Project Proposal 1

How to build and use a Honeypot. Ralph Edward Sutton, Jr. DTEC 6873 Section 01

Securing the system using honeypot in cloud computing environment

HONEYPOT SECURITY. February The Government of the Hong Kong Special Administrative Region

How To Protect A Network From Attack From A Hacker (Hbss)

Dynamic Honeypot Construction

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Section 12 MUST BE COMPLETED BY: 4/22

Advanced Honeypot Architecture for Network Threats Quantification

Ovation Security Center Data Sheet

Intro to Firewalls. Summary

Ovation Security Center Data Sheet

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Honeypot as the Intruder Detection System

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM


Windows Remote Access

System Specification. Author: CMU Team

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

Cisco ISR Web Security with Cisco ScanSafe

What Do You Mean My Cloud Data Isn t Secure?

Taxonomy of Hybrid Honeypots

A Case for Managed Security

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

VESZPROG ANTI-MALWARE TEST BATTERY

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

End-user Security Analytics Strengthens Protection with ArcSight

CRYPTUS DIPLOMA IN IT SECURITY

Critical Security Controls

NetDefend Firewall UTM Services

NetDefend Firewall UTM Services

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Traffic Monitoring : Experience

LASTLINE WHITEPAPER. In-Depth Analysis of Malware

Towards End-to-End Security

Lesson 5: Network perimeter security

Global Partner Management Notice

Host-based Intrusion Prevention System (HIPS)

Uncover security risks on your enterprise network

WEB ATTACKS AND COUNTERMEASURES

U06 IT Infrastructure Policy

Recommended Practice Case Study: Cross-Site Scripting. February 2007

Enhancing Your Network Security

100% Malware-Free A Guaranteed Approach

IBM Security QRadar Vulnerability Manager

Countermeasure for Detection of Honeypot Deployment

Intrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

24/7 Visibility into Advanced Malware on Networks and Endpoints

Lab 3: Recon and Firewalls

Securing the University Network

Use of Honeypot and IP Tracing Mechanism for Prevention of DDOS Attack

Cisco IPS Tuning Overview

S3 Control and System Call Indirection

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

CMPT 471 Networking II

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Inspection of Encrypted HTTPS Traffic

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

Enhancing network security with SDN

GoToMyPC Corporate Advanced Firewall Support Features

8 Steps for Network Security Protection

The current case DNSChanger what computer users can do now

Open Source Security: Opportunity or Oxymoron?

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

8 Steps For Network Security Protection

Huawei Network Edge Security Solution

Volume 2, Issue 3, March 2014 International Journal of Advance Research in Computer Science and Management Studies

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Cisco Advanced Services for Network Security

Countermeasures against Spyware

Using honeypots to study skill level of attackers based on the exploited vulnerabilities in the network

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

74% 96 Action Items. Compliance

Intelligent. Data Sheet

Extreme Networks Security Analytics G2 Vulnerability Manager

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE)

Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security

ESET CYBER SECURITY PRO for Mac Quick Start Guide. Click here to download the most recent version of this document

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

Mauro Andreolini University of Modena Michele Colajanni. unimore.

Network Incident Report

IDS / IPS. James E. Thiel S.W.A.T.

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

COMPUTER-INTERNET SECURITY. How am I vulnerable?

VSI Predict Able. We Focus on Your IT So You Can Focus on Your Business

Transcription:

Εmerging Ways to Protect your Network From Vulnerability Scanning to Real-time Monitoring and Detection of Cyber-attacks Konstantinos Xinidis Software Engineer xinidis@vtripgroup.com Development Dept., http://www.vtrip.net Thessaloniki, Greece Research and Technological, Virtual Trip Ltd 1

Roadmap Motivation Approaches Estia What are vulnerability scanners? Estia architecture NoAH What are honeypots? NoAH architecture Conclusions 2

Motivation Estia Too many known vulnerabilities Most users do not know that they are vulnerable NoAH Exploits for unknown vulnerabilities are used for installing malicious software (malware) Viruses, worms, trojans, keyboard loggers continue to plague our computers Malware spreads too fast while human intervention is too slow Traditional approaches (e.g. IDS) too slow too inaccurate looking for known attacks 3

Estia Goals www.estiasecurity.gr Provide a service that improves the security of computers/small networks users can find and remove vulnerabilities SMEs can easily remove vulnerabilities from their networks requires no expertise no installation of complex software packages easy to use web-based interface 4

What is a Vulnerability Scanner? A tool that can be used to analyse, define, identify, and classify the security holes (vulnerabilities) in a system evaluate the effectiveness of countermeasures Vulnerability scanners rely on an up-to-date database of vulnerabilities try to exploit each vulnerability that is discovered provide clear reports of the found vulnerabilities provide recommendations for countermeasures to eliminate discovered vulnerabilities 5

Estia Architecture Estia uses nessus vulnerability scanner The examined system can be behind a firewall or NAT Authentication Server Can be the same computer Report Database User Computer Firewall/NAT Nessus Vulnerability Scanner Portal Server Computer to Examine VPN Router 6

Estia Limitations Estia pinpoints only known vulnerabilities Unprotected against worms that exploit unknown vulnerabilities (zeroday worms) Estia requires human intervention Malware spreads too fast for humans to react Network of Affined Honeypots (NoAH) Protects against unknown vulnerabilities No humans in the loop 7

NoAH Goals www.fp6-noah.org Goals Detect zero-day attacks and worms Track down selective attacks Analyse unknown exploit code Generate signatures Reach the goals by building a pilot infrastructure that allows for malware collection, identification and analysis combination of low- and highinteraction honeypots dark traffic redirectors 8

What is a Honeypot? An undercover computer Which has no ordinary users Which provides no regular service or a few selected services if needed Just waits to be attacked Its value lies on being compromised or in being exploited, scanned, etc. Honeypots are an easy target But heavily monitored ones If attacked, they log as much information as possible 9

Low- and High-Interaction Honeypots Low-interaction honeypots emulate services using scripts + Lightweight processes, able to cover large network space - Emulation cannot provide a high level of interaction with attackers High-interaction honeypots do not perform emulation, they run real services - Heavyweight processes, able to cover small network space + Provide the highest level of interaction with attackers NoAH uses the advantages of both types 10

NoAH Architecture 11

Low-Interaction Honeypots and Funnels Low-interaction honeypot: honeyd Emulates thousands of IP addresses Highly configurable and lightweight Filters out efficiently unestablished and uninteresting connections Proxy for connections to high-interaction honeypots Funnel component Based on farpd (or router configuration) Allows a wide dark address space to be handled by few honeypots Aggregates and forwards traffic to the NoAH core 12

High-Interaction Honeypot: Argos An emulator, based on Qemu Emulates entire PC systems OS agnostic, runs on commodity hardware Key idea: data coming from the network should never be executed Tracks network data throughout execution Detects illegal uses of network data Detects all exploit attempts, including zero-days! www.few.vu.nl/argos 13

honey@home www.honeyathome.org Honeypots listen to unused IP address space This space is limited to provide results fast and accurately NoAH tries to empower people to participate with honey@home Tool appropriate for home users Monitors unused IP addresses Usually provided by DHCP Redirects possibly malicious traffic to NoAH core No configuration, install and run! 14

Conclusions Estia protects systems from known vulnerabilities Uses nessus vulnerability scanner Easy to use for non-expert NoAH protects systems from unknown vulnerabilities Distributed architecture Detects all exploits, including zero-days No human intervention Enables unfamiliar users to effortlessly participate to NoAH 15

Questions? Research and Technological, Virtual Trip Ltd 16

Thanks! http://www.vtrip.net http://www.fp6-noah.org http://www.estiasecurity.gr Research and Technological, Virtual Trip Ltd 17

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information