Research Topic: Christian Proschinger (Speaker) Severin Winkler



Similar documents
How to set up a CSIRT in an ITIL driven organization. Christian Proschinger Raiffeisen Informatik GmbH

IT-Sourcing 2.0 The Next-Generation of Outsourcing. Calin Rangu Vice President Raiffeisen Informatik GmbH

Certified Cyber Security Analyst VS-1160

New Zealand Company Six full time technical staff Offices in Auckland and Wellington

i Network, Inc Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time.

Cyber Intelligence Workforce

Information Security Organizations trends are becoming increasingly reliant upon information technology in

Vulnerability Management

Copyright Soleran, Inc. esalestrack On-Demand CRM. Trademarks and all rights reserved. esalestrack is a Soleran product Privacy Statement

CONTENTS. PCI DSS Compliance Guide

Case Study: Security Implementation for a Convenience Store Retailer

Test Report. Microsoft Windows 2003 Server Network Load Balancer Setup for SuperGIS Server 3. Published by: SuperGeo Technologies Inc.

RIMS Connectivity Guide

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

PCI-DSS Penetration Testing

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

CIT 480: Securing Computer Systems. Vulnerability Scanning and Exploitation Frameworks

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Joint School Computing Service (JSCS)

Protecting critical infrastructure from Cyber-attack

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager

Cybersecurity Policies and Best Practices: Protecting small firms, large firms, and professional services from malware and other cyber-threats

CRYPTUS DIPLOMA IN IT SECURITY

Security Certification of Third- Parties Applications

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

Global Security Report 2011

Best Practices for Threat & Vulnerability Management. Don t let vulnerabilities monopolize your organization.

(BDT) BDT/POL/CYB/Circular

30 Independent Study. 60 (e.g. lectures, seminars and supervised group activity)

Penetration Testing. I.T. Security Specialists. Penetration Testing 1

(Instructor-led; 3 Days)

Cybersecurity The role of Internal Audit

Prioritisation of knowledge required for ERP implementations: client and implementation partner perspective

PREPARED BY: Ms Irene Joseph Facilitator

Contingency Planning

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera

Configuring Security for FTP Traffic

PCI DSS 3.0 and You Are You Ready?

Zak Khan Director, Advanced Cyber Defence

Information Security Assessment and Testing Services RFQ # Questions and Answers September 8, 2014

National Cybersecurity Assessment and Technical Services

Reducing Application Vulnerabilities by Security Engineering

Penetration Testing Services. Demonstrate Real-World Risk

ClearSkies SIEM Security-as-a-Service (SecaaS) Infocom Security Athens April 2014

Q&A ADDENDUM FOR INFORMATION SECURITY VULNERABILITY ASSESSMENT PUBLISHED 10/20/2015

Smart cyber security for smart cities

Internet Connection Quality Evaluation Tool The NetTest platform

Kaspersky Fraud Prevention platform: a comprehensive solution for secure payment processing

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

Solutions and IT services for Oil-Gas & Energy markets

Threat landscape how are you getting attacked and what can you do better protect yourself and your e-commerce platform

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

DEMAND DRIVEN SUPPLY NETWORK WITH SCOR FOR UZEL

network PRoteCtion and information L G S H a S P e R F o R M e D assurance networks R e D t e a M S e C U R i t Y

Critical Controls for Cyber Security.

State of Vermont. Intrusion Detection and Prevention Policy. Date: Approved by: Tom Pelham Policy Number:

South East of Process Main Building / 1F. North East of Process Main Building / 1F. At 14:05 April 16, Sample not collected

How To Understand The Security Posture Of Home Internet Users In Australia

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

INFORMATION SECURITY TRAINING CATALOG (2015)

Agenda , Palo Alto Networks. Confidential and Proprietary.

IS YOUR INFORMATION SECURE? Secure and reliable ICT. Our experience. Your benefit. SWISS CYBER SECURITY

Decoding DNS data. Using DNS traffic analysis to identify cyber security threats, server misconfigurations and software bugs

Reducing Configuration Complexity with Next Gen IoT Networks

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Security Chasm! Dr. Anton Chuvakin

CYBER SECURITY INFORMATION SHARING & COLLABORATION

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Pentests more than just using the proper tools

Seminar TK: Ubiquitous Computing

National Cybersecurity Assessment and Technical Services: Capability Brief. Presented by: Sean McAfee Updated: May 5, 2014

About Effective Penetration Testing Methodology

McAfee Network Security Platform

Simple. Smart. Professional. A 2BSecured Company

Case Study: Security Implementation for a Non-Profit Hospital

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Computer Concepts And Applications CIS-107-TE. TECEP Test Description

The RT module VT6000 (VT6050 / VT6010) can be used to enhance the RT. performance of CANoe by distributing the real-time part of CANoe to a

Cisco IPS Tuning Overview

Procuring Penetration Testing Services

Continuous Penetration Testing

A Biologically Inspired Approach to Network Vulnerability Identification

Course Title: Course Description: Course Key Objective: Fee & Duration:

Intel Security Certified Product Specialist Security Information Event Management (SIEM)

Innovative means to exchange telecom fraud and network security risks information

Change, Configuration and Release Management Techniques for Data Centers

Authentication in WLAN

Acellus Lab Cart. User s Manual. Version 4B. Acellus Corporation Copyright 2010 Acellus Corporation. All Rights Reserved.

ERP For Small & Medium Enterprises. The most effective and efficient way to run your business. Version 2.0

U06 IT Infrastructure Policy

CENTR Security Working Group

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL

Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager

Report on Cyber Security Alerts Processed by CERT-RO in 2014

Transcription:

Research Topic: Collaborative Penetration Testing David Huemer David Huemer Christian Proschinger (Speaker) Severin Winkler

Introduction Raiffeisen Informatik Definition Collaborative Penetration Testing Motivation Prototype t Future Work Raiffeisen Informatik 25.09.2008 2

Raiffeisen Informatik IT Operations Outsourcing Software Solutions Client Management 2nd largest IT Service Provider in Austria 3000 Server 20.000 Clients 40.000 km Network 520 TB Storage 1 Mrd. Transactions/Year Security Competence Center Zwettl Department of Raiffeisen Informatik Working on security topics Research Cooperations Secure Business Austria Security Services Output Services Raiffeisen Informatik 25.09.2008 3

Collaborative Penetration Testing Security Research for Business and Indust ry. Teambased Tests >2persons Stronger specialisation Local separation (partially) timeseparation Using timeshift of different timezones Research Areas Penetration Testing Computer Supported Collaborative Work Raiffeisen Informatik 25.09.2008 4

Attack Cycle vs. Penetration Test Security Research for Business and Industry. Attack Information gathering g Identification of vulnerabilities Attack itself Covering tracks Difference Workshop with system owner Reporting Quelle: ISSAF Raiffeisen Informatik 25.09.2008 5

Constraints of Penetration Testing Security Research for Business and Indust ry. Snapshot Money/Time Limit it Collateral Damage Availability Test systems Out of office hours You are attacking to improve the defense Raiffeisen Informatik 25.09.2008 6

Development in Cybercrime Security Research for Business and Indust ry. Targeted Attacks Division i i of Work Vulnerability Research Botnets Malware as Software as a Service Markets Nearly no Limitations Money Time Raiffeisen Informatik 25.09.2008 7

Attack Vectors Security Research for Business and Industry. Possible Entry Points physical personal Social Engineering g Applications Implementation Errors in Applications Configuration Errors Design Errors Information Aggregation Growing complexity of systems Tl Telecommunication Network Wireless Raiffeisen Informatik 25.09.2008 8

Prototype Security Research for Business and Indust ry. Modular Design Integration of 3rd party open source tools Flexibility P2P based Reporting Engine Summary of the certain modul reports Integrity Check Between results of modules Basic workflow definition Raiffeisen Informatik 25.09.2008 9

Workflow Management Security Research for Business and Indust ry. Allocation of Tasks Functional Specialists Infrastructure E.q. IP Range Process based Reliability between modules Ad-Hoc Workflows Static behaviour at macro level Dynamic aspects at micro level Large amount of small activities Finished Finished Finished Planned Planned Planned InProgress Finished Finished InProgress Planned Finished Finished Planned Planned Planned InProgress Finished InProgress New SubProcess Planned Raiffeisen Informatik 25.09.2008 10

Future Work Security Research for Business and Indust ry. Implement support for different process models Support for Ad-Hoc Workflows Implement new attack patterns Proof of efficiency and effectivity gain Raiffeisen Informatik 25.09.2008 11

Thank you for your attention! Raiffeisen Informatik GmbH Lilienbrunngasse 7-9 A-1020 Wien T +431/99399-0 F +43 1/99 3 99-1100 E info@r-it.at www.raiffeiseninformatik.at Raiffeisen Informatik 25.09.2008 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information