Practical Intrusion Analysis



Similar documents
RFID Field Guide. Deploying Radio Frequency Identification Systems. Manish Bhuptani Shahram Moradpour. Sun Microsystems Press A Prentice Hall Title

The Data Access Handbook

Winning the Hardware-Software Game

Network Security: A Practical Approach. Jan L. Harrington

Delivery. Enterprise Software. Bringing Agility and Efficiency. Global Software Supply Chain. AAddison-Wesley. Alan W. Brown.

TheTao of Network Security Monitoring

CHAINED EXPLOITS Advanced Hacking Attacks from Start to Finish

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY

Software Security. Building Security In. Gary McGraw. A Addison-Wesley

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker

Open Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier

Social Media Marketing

Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER

Chapter 1 The Principles of Auditing 1

Building. Applications. in the Cloud. Concepts, Patterns, and Projects. AAddison-Wesley. Christopher M. Mo^ar. Cape Town Sydney.

Certified Ethical Hacker Exam Version Comparison. Version Comparison

PCI Wireless Compliance with AirTight WIPS

Computer Security. Introduction to. Michael T. Goodrich Department of Computer Science University of California, Irvine. Roberto Tamassia PEARSON

Intrusion Detection Systems

Risk Analysis and the Security Survey

Agile Methods. Introduction to. AAddison-Wesley. Sondra Ashmore, Ph.D. Kristin Runyan. Capetown Sydney Tokyo Singapore Mexico City

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Audio and Video for the Internet

Deploying Firewalls Throughout Your Organization

BUSINESS AND PROFESSIONAL COMMUNICATION

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Eleventh Hour Security+

Network Security Administrator

Windows Sockets Network Programming

Network Security Essentials:

Enterprise. ESXi in the. VMware ESX and. Planning Deployment of. Virtualization Servers. Edward L. Haletky

Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso

INCIDENT RESPONSE CHECKLIST

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow

WHITE PAPER. Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology

Network Security. Windows 2012 Server. Securing Your Windows. Infrastructure. Network Systems and. Derrick Rountree. Richard Hicks, Technical Editor

BUSINESS INTELLIGENCE

Public Relations in Schools

IDS / IPS. James E. Thiel S.W.A.T.

Cloud Computing. Theory and Practice. Dan C. Marinescu. Morgan Kaufmann is an imprint of Elsevier HEIDELBERG LONDON AMSTERDAM BOSTON

Chapter 9 Firewalls and Intrusion Prevention Systems

Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Overview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A

SANS Top 20 Critical Controls for Effective Cyber Defense

Computer Security Literacy

CONTEMPORARY DIRECT & INTERACTIVE MARKETING

Audio Over IP. Building Pro AolP Systems. with Livewire. Skip Pizzi. Steve Church. Focal. Press ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON

Course Title: Penetration Testing: Security Analysis

Open Source Security Tools

External Supplier Control Requirements

Open Source Software for Cyber Operations:

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

How to Painlessly Audit Your Firewalls

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP

Managing the Unmanageable

Passive Logging. Intrusion Detection System (IDS): Software that automates this process

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Intrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12

Network Security Demonstration - Snort based IDS Integration -

Compensating the Sales Force

NETWORK SECURITY (W/LAB) Course Syllabus

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

Networking: EC Council Network Security Administrator NSA

PCI Solution for Retail: Addressing Compliance and Security Best Practices

Course Syllabus Revised: Dec. 20, 2011.

Threat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA

SecureVue Product Brochure

Penta Security 3rd Generation Web Application Firewall No Signature Required.

Enterprise SysLog Manager (ESM)

CSCE 465 Computer & Network Security

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Flow Analysis Versus Packet Analysis. What Should You Choose?

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

AKAMAI WHITE PAPER. The Challenges of Connecting Globally in the Pharmaceutical Industry

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Security Information and

Detection. Perspective. Network Anomaly. Bhattacharyya. Jugal. A Machine Learning »C) Dhruba Kumar. Kumar KaKta. CRC Press J Taylor & Francis Croup

Intrusion Detection in AlienVault

The Crossroads of Accounting & IT

STEALTHWATCH MANAGEMENT CONSOLE

MIKE COHN. Software Development Using Scrum. VAddison-Wesley. Upper Saddle River, NJ Boston Indianapolis San Francisco

Network Performance Monitoring at Minimal Capex

Vulnerability Management

Securing and Monitoring BYOD Networks using NetFlow

NSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs

Network Intrusion Analysis (Hands-on)

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Contents. vii. Preface. P ART I THE HONEYNET 1 Chapter 1 The Beginning 3. Chapter 2 Honeypots 17. xix

CRYPTOGRAPHY AND NETWORK SECURITY

Securing Web Applications...at the Network Layer

inet Enterprise Features Fact Sheet

The New PCI Requirement: Application Firewall vs. Code Review

Transcription:

Practical Intrusion Analysis PREVENTION AND DETECTION FOR THE TWENTY-FIRST CENTURY Ryan Trost TT Ar Addison-Wesley Upper Saddle River, NJ Boston Indianapolis * San Francisco New York Toronto Montreal London Munich Paris Madrid Capetown Sydney Tokyo Singapore * Mexico City

Contents Preface Network Overview Key Terms and Concepts Brief History of the Internet Layered Protocols TCP/IP Protocol Suite Internet Protocol Addressing IPv6 Summary IP Addresses Infrastructure Monitoring Network-Analysis Tools Packet Sniffing Accessing Packets on the Network SPANs (Port Mirroring) Network Taps To Tap or to SPAN Defense-in-Depth Summary XV I 2 2 3 10 14 21 22 27 29 31 32 35 40 40 43 48 50 51 VII

Chapter 3 Intrusion Detection Systems 53 IDS Groundwork 54 From the Wire Up 55 DoS Attacks 55 IP Fragmentation 57 TCP Stream Issues 58 Target-Based Reassembly 59 Two Detection Philosophies: Signature and Anomaly Based 60 Snort: Signature-Based IDS 61 Two Signature Writing Techniques 67 Bro: An Anomaly-Based IDS 74 Similarities Between the Systems 82 Summary 85 Chapter 4 Lifecycle of a Vulnerability 87 A Vulnerability Is Born 87 FlashGet Vulnerability 88 Collecting a Sample Packet Capture 90 Packet Analysis and Signature-Writing 95 Signature Tuning 100 Detection Tuning 100 Performance Tuning 101 Advanced Examples 104 CitectSCADA ODBC Server Buffer Overflow: Metasploit 104 FastStone Image Viewer Bitmap Parsing 109 Libspf2 DNS TXT Record Size Mismatch 114 Summary 117 Chapter 5 Proactive Intrusion Prevention and Response via Attack Graphs I 19 Topological Vulnerability Analysis (TVA) 121 Overview of Approach 121 Illustrative Example 122 Limitations 125 Attack Modeling and Simulation 126 Network Attack Modeling 126 Attack Simulation 130 Optimal Network Protection 134 Vulnerability Mitigation 135 Attack Graph Visualization 137 Security Metrics 139 viii

Intrusion Detection and Response 141 Intrusion Detection Guidance 141 Attack Prediction and Response 144 Summary 147 Acknowledgments 147 Endnotes 148 Chapter 6 Network Flows and Anomaly Detection 151 IP Data Flows 152 NetFlow Operational Theory 153 A Matter of Duplex 155 Cisco IOS NetFlow and Flexible NetFlow 156 sflow: More Data, But Less Frequency 159 Internet Protocol Flow Information Export (IPFIX) 161 It's a Virtual World 162 Endless Streams of Data 164 Behavioral Analysis and Anomaly Detection 167 Compare and Contrast 172 IDS and NetFlow 172 Signature Updates 173 IDS System Resources 174 Syslog and NetFlow 178 Technology Matrix 180 Summary 182 Endnotes 183 Chapter 7 Web Application Firewalls 185 Web Threat Overview 186 WhyaWAF? 189 WAF Protection Models 191 Positive Security Model 191 Negative Security Model 192 Virtual Patching Model 193 Output Detection Model/Content Scrubbing 194 WAF Policy Models 195 Learning 195 Vulnerability Assessment Feedback 195 Manual Entry 195 ix

ModSecurity 196 ModSecurity Rule Sets 196 VA+WAF 201 VA+WAF Example: WhiteHat Security and F5 Networks 201 WAFs and PCI Compliance 203 WAF Realities 203 IDS/IPS!= WAF 204 False Positives 205 Misconfigured WAFs 205 WAFs Do Not Fix Bad Logic 205 WAFs!= Bad Code Patch 206 Summary 206 References 207 Chapter 8 Wireless IDS/IPS 209 Why a Wireless IDS? 209 Wireless Intrusion Detection/Prevention Realities 212 Types of Wireless IDSs/IPSs 213 Overlay 213 Combined AP/WIDS 214 Combined AP/WIDS/Access Controller 215 Wireless IDS Events 215 Unauthorized Activity 216 Active Recon/Cracking 217 DoS Attacks 221 Intrusion Prevention Techniques 224 Limitations 224 Isolation 225 WEP Cloaking (WEP Chaffing) 228 Location Detection 229 Honeypot 231 Other Wireless Threats 233 Legacy Wireless Technology 233 Bluetooth 233 Sniffers 233 Summary 234 Endnote 234

Chapter 9 Physical Intrusion Detection for IT 235 Origins of Physical Security 236 Assumed, Yet Overlooked 236 A Parallel Universe to IT Security 239 Physical Security Background 241 Common Physical Access Control Components 243 This Is Not Your Father's CCTV 255 Old Habits Die Hard 259 Convergence of Physical and Logical Security 260 How Convergence Works 261 HSPD-12: Convergence Trial by Fire 265 A Look at Some Vendor Offerings 266 Intrusion Detection Examples in a Converged Environment 270 Summary 274 Endnotes 274 Chapter 10 Geospatial Intrusion Detection 275 Current Uses of Geocoding 278 Introduction to Geographic Information Systems 279 GIS Basic Functions 282 Framework for Cooperation 282 Map Projection 283 Raster Versus Vector 285 Vector Data Model 287 Spatial Point Pattern Analysis 288 Classes of Spatial Analysis 289 Point Intensity 290 Point Process Statistics 290 Dynamics of a Professional Attack 293 Cornerstone Theory 295 Example of Attack Steps and Methods 296 Geocoding Techniques 299 Geocoding Limitations 315 Accuracy 316 GeoLocation Intelligence Vendors 317 xi

Case Study of Geographic Intrusion Detection 320 Case Outline 322 Breakdown of the Steps 322 Summary 344 Endnotes 345 References 346 Chapter 11 Visual Data Communications 347 Introduction to Visualization 348 Developing a Visualization Strategy 355 User Audiences 356 Statistical Graphing Techniques 361 Technological Considerations 365 Scalability 365 Installation and Support 366 Data Management 368 Security Event Visualization 370 Example Graphs 371 Starlight Visual Information System 378 ETRI: VisNet and VisMon 381 Use-Case: Security Audit 385 Summary 387 Terminology 388 Endnotes 390 Reference 390 Chapter 12 Return on Investment: Business Justification 391 Not If, But When 393 Compliance Plays a Role 394 CoBIT Framework 394 ISO 27001/27002 Frameworks 395 ITIL Framework 396 Health Insurance Portability and Accountability Act of 1996 (HIPAA) 397 Payment Card Industry Data Security Standard (PCI-DSS) 398 Federal Information Security Management Act of 2002 (FISMA)/National Institute of Standards and Technology 399 Security Breaches 400 Breach Costs 401 Security Investment Within the Organization 402 xii

Data Breaches and the Law ROI as a Unifying Benchmark Cost Breakdown Cost-Benefit Analysis: Building an Economic Model Gain from Investment Cost of Investment Return on Investment Net Present Value Internal Rate of Return ROI Versus NPV Versus IRR Security Investment: Should Security Operations Be Outsourced? Benefits of MSSPs Downfalls of MSSPs The Financial Aspect of an MSSP Cyber Liability Insurance (CLI) CLI Coverage Types Privacy Liability Insurance Network Security Liability Insurance Property Loss Insurance Loss of Revenue Insurance Cyber Extortion Insurance Notification Costs Insurance Regulatory Defense Insurance Media Liability Insurance CLI Underwriting Process Summary Endnotes 402 404 405 408 409 413 414 414 416 417 418 418 419 422 426 428 429 429 429 429 430 430 430 430 431 432 434 Appendix Bro Installation Guide Compiling and Building Options Operations Use References 435 437 438 440 Index 441 xlii

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information