Stream Mode Algorithms and. Analysis
|
|
- Caren Horton
- 6 years ago
- Views:
Transcription
1 Stream Mode Algorithms and Architecture for Line Speed Traffic Analysis Steve Liu Computer Science Department Texas A&M University March 7,
2 Background Network security solutions have broad presence in every network point Antivirus scanner, network intrusion detection systems, spamming filters Most solutions designed to operate at desktops or servers serve the intended purposes very well, but they are not perfect, nothing is perfect A DoD doctrine of defense-in-depth makes sense Use layers of (different) protection tools to make intrusion very inconvenient and very expensive Our interest: enhance network security via a stream mode traffic analysis approach at Network Access Point (NAP) of an enterprise network 2
3 Stream Mode Traffic Analysis Highly concentrated traffic flow at the network access point (NAP) is an ideal location for enterprise traffic analysis Single location to observe ingress & egress flows When the conditions are right, could even slow/stop the intrusion packets before they spread too deep, too broad into the network Commercial systems Deep Packet Inspection (DPI) engines, DAG cards Some virus and spamming filters at the gateway a Firewall is one of the oldest products for such purpose p 3
4 Stream Mode Packet Flow Analysis Packet sensor Promiscuous mode NIC card, Router feed, Libpcap, TCPDUMP. N-gram rules Remote Image src Regular expression src-dest IP pairs URL Feature extractors HW:Bivio, Cloudshield, SW: Flex Feature instances How to identify malicious traffic from the time series of feature instances? Feature: Any string that fits a regular expression rule, e.g., URL link Feature instance: An instance of a feature, e.g., 4
5 Two Key Issues: Algorithms and Resource Management Fast algorithms Efficient data structures Memory efficiency i critical for stateful t detection ti e.g., a 32 bit, y/n hash table 500MB Real time vs. virtual clocks Progressive Classifier (PEC) system architecture 5
6 spamming is no longer just a Some Facts: nuisance Botnet farms can hit any target (over millions of them) bandwidth waste (3:1 or higher) Network resource exploit & information stealing (malware planting) Highly effective hit and run strategy at different protocol levels (BGP, DNS, domain name, credit card fraud) Existing anti-spamming ware Large number of software copies and signatures to maintain Comprehensive detection rules, but slow to respond Signatures management a major bottleneck Acquisition and the deployment of signatures to numerous machines A small variation in the known signatures can easily defeat a signature based filter Spammers can test their designs with anti-spamming ware before starting the (hit and run) campaign 6
7 Spamming Behavior at a Glance Spammers do not have full freedom in launching spamming. Follow the transport protocols to deliver messages Messages must be perceivable and appealing to human users Expensive to compose and personalize spamming messages: interactive (click my URL links) or passive Low yield combined with greed lead to high h spamming volumes Cheap to launch spamming: millions of zombie machines each send a few copies Any hit back, interactive method could cause severe harm to the innocents Summary Very difficult for spammers to achieve financial goals without leaving noticeable signatures, i.e. feature instances A challenge is how to keep up with their speed,, volume,, and diversity 7
8 Our Approach Lossy detection: focused mainly on the major offenders Avoid false positive Timely acquisition of the spamming signatures: features and their instances Position the detector at the Network Access Points (NAP) Regular s are expected to have white noise like distributions of strings that happen to fall into the spamming feature space Mediated delivery of bulk, legitimate The content of a spamming campaign is divided into Invariants and variants An invariant that also appears in regular s cannot be used for filtering For the first cut effort: URL (over 95% spamming have them) 8
9 Competitive Aging-Scoring Scheme (CASS) A spamming invariant (string) is called its feature instance (FI). The essence of our technique: Extract FIs of s and keep track of their occurrences. If exceeding a threshold: an UNBE stream In a naïve approach, it takes O(1) to update the score of an FI, but O(N) to update ages of all other FIs A major computing cost CASS: The time-to-live of an FI is reset each time when its score is increased by one (when a new copy arrives) The time-to-live of all other FIs is reduced by one New complexity: O(1) for both scoring and aging Exceeding a threshold: black; move it to the blacklist No further copies in a time period: white; discard the feature instance 9
10 PEC Architecture Hash table of Known strings Feature instance extraction flow Hash vs string 32bit Sendmail Berkley DB Birth& Death Of strings New string identified Aging and scoring of unknown strings 10
11 Data Structure of Scoreboard Entries for feature instances Scoreboard Hit (SH) Table Exceeds anomaly threshold (ATF)? Scoreboard Miss (SM) Table Exceeds miss threshold (MTF) Entries for feature instances 11
12 An execution snapshot of scoreboard Hash URL : (414738(20-bit)+3724(12-bit)) HashURL : (124489(20-bit)+176(12-bit)) Current feature being processed Entry moved to blacklist MOD queue Placement Active features Arranged in their ages (mod N) history The current time location The current time location newest oldest time ATF =10, MTF =20 Queue size = 20 Next feature instance The entry [ ] is purged 12
13 Testbed Environment Three Modules included: 1. generation 2. PEC (Blacklist and scoreboard): 3. Control and visualization console 13
14 Experimental Configuration generator: Intel P4-3.0 Windows XP Server: Xeon 3.0GHz, two single core CPUs, Linux, Sendmail Within a bin, the sender sends 2000 copies of s (mixed with bulks and regulars). The distribution of bulks and regulars is uniform. Default Score threshold: 50 Miss table length: 2048 The average mail size: 1.5K bytes generator sends one mail per seconds on average. 14
15 Workflow of Generation Density Generation (uniform dist.) SMTP Protocol s (bulk/regular) URL Feature Dictionary Bulk Regular U R U U.. R MIME structures Linux Server (Sendmail) Image Src Bulk Regular Random Text Spamming Keyword selection Message Composer simulation parameters ` Subject Generation Windows Control Console From Generation 15
16 Generation Generate bulk/regular mixed copies by injecting different features, such as URL links or image sources Can adjust density or interval time between bulk copies, placement of variants and invariants. According to the parsed parameters, message composer picks the materials to generate MIME messages (bulks or regulars). extracted from 2005 TREC Public Spam Corpus, Random Text: from Internet Keywords: User defined. The message composer calls an SMTP module to send the generated s. 16
17 Detection Latency of Single UNBE source Fix threshold and age table length under different densities. Test six different UNBE densities (50, 100, 150, 200, 300 UNBE messages/bin) Experimental Value Expected Value Detection Laten ncy Number of messages in a bin 17
18 Interactive Effects Under Multiple l UNBE Sources Observe the change of the detection latency of UNBE A in the tests. Given an UNBE source A, six tests were made where one addition UNBE source is added to the experiment at a time. The density of A is fixed at 100 instances per bin, and the density of every remaining UNBE sources is increased from 50 to 300 instance/bin Line Test2: Detection latency of UNBE A when adding 2 additional UNBE sources. Conclusion: The more UNBEs sources, the detection latency of an UNBE decreases. Detecti on latency test 1 test 2 test 3 test 4 test 5 test 6 other sources Number of messages in a bin for each non-a UNBE 18
19 Throughput of Feature Parser 30 Bodys/sec Thro oughput ( K 3.0K 4.5K 6.0K 7.5K Size of Mial Body (K Bytes) The average size is from 1.5 KB to 7.5 KB, and each has 2 URLs. 19
20 Throughput of Scoreboard and Blacklist Scoreboard: 1.2M transactions Blacklist: 0.9M (avg. 30 B) URLs, without including database access Throughp put ( K URLs/sec URL length (bytes) 20
21 Pointer Table During the detection ti time window, only a limited it number of hashed h values need to be tracked Full table for 32-bit hash system takes too much space Higher order bits used as the index, and the rest, and the rest bits maintained by a linked list (for each entry) If pointer table uses 20 bits for indexing, that means it has 1M entries, and age table length is 20K~70K, the maximum depth of linked list pointed by pointer table is 2. Very effective in reducing the actual space requirements, at minor cost of more search cycles 21
22 Current Work The first generation PEC demonstrates the feasibility of high speed UNBE filtering Not meant to replace existing solutions, but to defeat major offenders (80-20 rule) Next Step Packet level filtering Handle multiple features (bad words, dirty subnets, black lists, etc) Integration with existing tools 22
23 23
24 Screen Shot (4) Aging out an Orphaned Packet \ 24
25 Screenshot (7) Parsing An message has 3 packets. Parser 1 uses DFA 0 to extract a URL link, and uses DFA 1 to extract a domain name in this message. 25
26 System Performance Parameters 26
27 Thank You! 27
Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim
Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim Manager, Client & Partner Services, Asia 1 Agenda 2010 Threats Targeted Attacks Defense Against Targeted Attacks Questions 2
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationNetDefend Firewall UTM Services
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860/1660/2560/2560G) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content
More informationIntroduction This paper will discuss the best practices for stopping the maximum amount of SPAM arriving in a user's inbox. It will outline simple
Table of Contents Introduction...2 Overview...3 Common techniques to identify SPAM...4 Greylisting...5 Dictionary Attack...5 Catchalls...5 From address...5 HELO / EHLO...6 SPF records...6 Detecting SPAM...6
More informationA Review Paper on Network Security Attacks and Defences
EUROPEAN ACADEMIC RESEARCH Vol. IV, Issue 12/ March 2017 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) A Review Paper on Network Security Attacks and ALLYSA ASHLEY
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationBUILDING A NEXT-GENERATION FIREWALL
How to Add Network Intelligence, Security, and Speed While Getting to Market Faster INNOVATORS START HERE. EXECUTIVE SUMMARY Your clients are on the front line of cyberspace and they need your help. Faced
More informationHow to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis
White paper How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis AhnLab, Inc. Table of Contents Introduction... 1 Multidimensional Analysis... 1 Cloud-based Analysis...
More informationREPORT DOCUMENTATION PAGE
REPORT DOCUMENTATION PAGE Form Approved OMB NO. 0704-0188 The public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions,
More informationDistributed Denial of Service
Distributed Denial of Service Vimercate 17 Maggio 2005 anegroni@cisco.com DDoS 1 Agenda PREFACE EXAMPLE: TCP EXAMPLE: DDoS CISCO S DDoS SOLUTION COMPONENTS MODES OF PROTECTION DETAILS 2 Distributed Denial
More informationFlowMon ADS implementation case study
FlowMon ADS implementation case study Kamil Doležel Kamil.dolezel@advaict.com AdvaICT, a.s. Brno, Czech Republic Abstract FlowMon ADS implementation provides completely new insight into networks of all
More informationIntruders. significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders:
Intruders significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders: masquerader misfeasor clandestine user varying levels of competence
More informationProtection Blocking. Inspection. Web-Based
Protection Blocking Inspection Web-Based Anti-Virus & removal of dangerous attachments. Prevent your server from being used as open-relay. Stop mail-loops. Blocks open relay sources. Isolate known spam
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationSymantec Protection Suite Add-On for Hosted Security
Symantec Protection Suite Add-On for Hosted Email Security Overview Malware and spam pose enormous risk to the health and viability of IT networks. Cyber criminal attacks are focused on stealing money
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More information소프트웨어기반고성능침입탐지시스템설계및구현
소프트웨어기반고성능침입탐지시스템설계및구현 KyoungSoo Park Department of Electrical Engineering, KAIST M. Asim Jamshed *, Jihyung Lee*, Sangwoo Moon*, Insu Yun *, Deokjin Kim, Sungryoul Lee, Yung Yi* Department of Electrical
More informationexam. Number: Passing Score: 800 Time Limit: 120 min File Version: CHECKPOINT
156-730.exam Number: 156-730 Passing Score: 800 Time Limit: 120 min File Version: 1.0 CHECKPOINT 156-730 Check Point Accredited Sandblast Administrator Version 1.0 Exam A QUESTION 1 Regarding a proper
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 12
CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 12 Announcements Project 2 is on the web. Due: March 15th Send groups to Jeff Vaughan (vaughan2@seas) by Thurs. Feb. 22nd. Plan for
More informationFireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.
Fireware-Essentials Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.0 http://www.gratisexam.com/ Fireware Essentials Fireware Essentials Exam Exam A QUESTION 1 Which
More informationCisco s Appliance-based Content Security: IronPort and Web Security
Cisco s Appliance-based Content Security: IronPort E-mail and Web Security Hrvoje Dogan Consulting Systems Engineer, Security, Emerging Markets East 2010 Cisco and/or its affiliates. All rights reserved.
More informationComprehensive datacenter protection
Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack
More informationSecurity: Worms. Presenter: AJ Fink Nov. 4, 2004
Security: Worms Presenter: AJ Fink Nov. 4, 2004 1 It s a War Out There 2 Analogy between Biological and Computational Mechanisms The spread of self-replicating program within computer systems is just like
More informationHigh Performance Packet Processing with FlexNIC
High Performance Packet Processing with FlexNIC Antoine Kaufmann, Naveen Kr. Sharma Thomas Anderson, Arvind Krishnamurthy University of Washington Simon Peter The University of Texas at Austin Ethernet
More informationStochastic Pre-Classification for SDN Data Plane Matching
Stochastic Pre-Classification for SDN Data Plane Matching Luke McHale, C. Jasson Casey, Paul V. Gratz, Alex Sprintson Presenter: Luke McHale Ph.D. Student, Texas A&M University Contact: luke.mchale@tamu.edu
More informationNovetta Cyber Analytics
Know your network. Arm your analysts. Introduction Novetta Cyber Analytics is an advanced network traffic analytics solution that empowers analysts with comprehensive, near real time cyber security visibility
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 Yes: Creating a secure channel for communication (Part I) Protecting
More informationVenusense UTM Introduction
Venusense UTM Introduction Featuring comprehensive security capabilities, Venusense Unified Threat Management (UTM) products adopt the industry's most advanced multi-core, multi-thread computing architecture,
More informationConfiguring Access Rules
Configuring Access Rules Rules > Access Rules About Access Rules Displaying Access Rules Specifying Maximum Zone-to-Zone Access Rules Changing Priority of a Rule Adding Access Rules Editing an Access Rule
More informationTales from cloud nine. Mihai Chiriac, BitDefender
Tales from cloud nine Mihai Chiriac, BitDefender Talk outline Motivation Technical challenges Implementation results Future ideas Conclusions Reasons Malware numbers have grown at exponential rates 5000000
More informationDPtech IPS2000 Series Intrusion Prevention System User Configuration Guide v1.0
DPtech IPS2000 Series Intrusion Prevention System User Configuration Guide v1.0 i Hangzhou DPtech Technologies Co., Ltd. provides full- range technical support. If you need any help, please contact Hangzhou
More informationThe evolution of malevolence
Detection of spam hosts and spam bots using network traffic modeling Anestis Karasaridis Willa K. Ehrlich, Danielle Liu, David Hoeflin 4/27/2010. All rights reserved. AT&T and the AT&T logo are trademarks
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationUTM Firewall Registration & Activation Manual DFL-260/ 860. Ver 1.00 Network Security Solution
UTM Firewall Registration & Activation Manual DFL-260/ 860 Ver 1.00 curitycu Network Security Solution http://security.dlink.com.tw 1.Introduction...02 2.Apply for a D-Link Membership...03 3.D-Link NetDefend
More informationForescout. Configuration Guide. Version 8.1
Forescout Version 8.1 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationVery Fast Containment of Scanning Worms. Nicholas Weaver, Stuart Staniford, Vern Paxson ICSI, Nevis Networks, ICSI & LBNL
Very Fast Containment of Scanning Worms Nicholas Weaver, Stuart Staniford, Vern Paxson ICSI, Nevis Networks, ICSI & LBNL 1 Outline Worm Containment Scan Suppression Hardware Implementation Cooperation
More informationEstimating Persistent Spread in High-speed Networks Qingjun Xiao, Yan Qiao, Zhen Mo, Shigang Chen
Estimating Persistent Spread in High-speed Networks Qingjun Xiao, Yan Qiao, Zhen Mo, Shigang Chen Southeast University of China University of Florida Motivation for Persistent Stealthy Spreaders Imagine
More informationFranzes Francisco Manila IBM Domino Server Crash and Messaging
Franzes Francisco Manila IBM Domino Server Crash and Messaging Topics to be discussed What is SPAM / email Spoofing? How to identify one? Anti-SPAM / Anti-email spoofing basic techniques Domino configurations
More informationDeliverable 4.1: Experimental Evaluation and Real-world Deployment
SCIENTIFIC and TECHNOLOGICAL COOPERATION between RTD ORGANISATIONS in GREECE and RTD ORGANISATIONS in U.S.A, CANADA, AUSTRALIA, NEW ZEALAND, JAPAN, SOUTH KOREA, TAIWAN, MALAISIA and SINGAPORE HELLENIC
More informationProject Proposal. ECE 526 Spring Modified Data Structure of Aho-Corasick. Benfano Soewito, Ed Flanigan and John Pangrazio
Project Proposal ECE 526 Spring 2006 Modified Data Structure of Aho-Corasick Benfano Soewito, Ed Flanigan and John Pangrazio 1. Introduction The internet becomes the most important tool in this decade
More informationNetwork Security in the Patched Environment. Guy Helmer, Ph.D. Palisade Systems, Inc.
Network Security in the Patched Environment Guy Helmer, Ph.D. Palisade Systems, Inc. Introduction Target audience: Network Managers Topic: Transport and Application Networklayer techniques Defend vulnerabilities
More informationFighting Spam, Phishing and Malware With Recurrent Pattern Detection
Fighting Spam, Phishing and Malware With Recurrent Pattern Detection White Paper September 2017 www.cyren.com 1 White Paper September 2017 Fighting Spam, Phishing and Malware With Recurrent Pattern Detection
More informationPass4sure q. Cisco Securing Cisco Networks with Sourcefire IPS
Pass4sure.500-285.42q Number: 500-285 Passing Score: 800 Time Limit: 120 min File Version: 6.1 Cisco 500-285 Securing Cisco Networks with Sourcefire IPS I'm quite happy to announce that I passed 500-285
More informationFuture-ready security for small and mid-size enterprises
First line of defense for your network Quick Heal Terminator (UTM) (Unified Threat Management Solution) Data Sheet Future-ready security for small and mid-size enterprises Quick Heal Terminator is a high-performance,
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationDetecting and Quantifying Abusive IPv6 SMTP!
Detecting and Quantifying Abusive IPv6 SMTP Casey Deccio Verisign Labs Internet2 2014 Technical Exchange October 30, 2014 Spam, IPv4 Reputation and DNSBL Spam is pervasive Annoying (pharmaceuticals) Dangerous
More informationProject Proposal. ECE 526 Spring Modified Data Structure of Aho-Corasick. Benfano Soewito, Ed Flanigan and John Pangrazio
Project Proposal ECE 526 Spring 2006 Modified Data Structure of Aho-Corasick Benfano Soewito, Ed Flanigan and John Pangrazio 1. Introduction The internet becomes the most important tool in this decade
More informationDistributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 29. Firewalls Paul Krzyzanowski Rutgers University Fall 2015 2013-2015 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive data & systems not accessible Integrity:
More informationWeb Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates
Web Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates A test commissioned by McAfee, Inc. and performed by AV-Test GmbH Date of the report: December 7 th, 2010 (last
More informationCollaborative Spam Mail Filtering Model Design
I.J. Education and Management Engineering, 2013, 2, 66-71 Published Online February 2013 in MECS (http://www.mecs-press.net) DOI: 10.5815/ijeme.2013.02.11 Available online at http://www.mecs-press.net/ijeme
More informationThe following topics describe how to manage various policies on the Firepower Management Center:
The following topics describe how to manage various policies on the Firepower Management Center: Policy Deployment, page 1 Policy Comparison, page 11 Policy Reports, page 12 Out-of-Date Policies, page
More informationSymantec Ransomware Protection
Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway
More informationPineApp Mail Secure SOLUTION OVERVIEW. David Feldman, CEO
PineApp Mail Secure SOLUTION OVERVIEW David Feldman, CEO PineApp Mail Secure INTRODUCTION ABOUT CYBONET CORE EXPERIENCE PRODUCT LINES FACTS & FIGURES Leader Product Company Servicing Multiple Vertical
More informationChapter 10: Denial-of-Services
Chapter 10: Denial-of-Services Technology Brief This chapter, "Denial-of-Service" is focused on DoS and Distributed Denial-of-Service (DDOS) attacks. This chapter will cover understanding of different
More informationConfiguring Advanced Firewall Settings
Configuring Advanced Firewall Settings This section provides advanced firewall settings for configuring detection prevention, dynamic ports, source routed packets, connection selection, and access rule
More informationSecuring Your Microsoft Azure Virtual Networks
Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up
More informationOutline Computer Networking. TCP slow start. TCP modeling. TCP details AIMD. Congestion Avoidance. Lecture 18 TCP Performance Peter Steenkiste
Outline 15-441 Computer Networking Lecture 18 TCP Performance Peter Steenkiste Fall 2010 www.cs.cmu.edu/~prs/15-441-f10 TCP congestion avoidance TCP slow start TCP modeling TCP details 2 AIMD Distributed,
More informationLecture 12 Malware Defenses. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422
Lecture 12 Malware Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422 Malware review How does the malware start running? Logic bomb? Trojan horse?
More informationSOLUTION MANAGEMENT GROUP
InterScan Messaging Security Virtual Appliance 8.0 Reviewer s Guide February 2011 Trend Micro, Inc. 10101 N. De Anza Blvd. Cupertino, CA 95014 T 800.228.5651 / 408.257.1500 F 408.257.2003 www.trendmicro.com
More informationSonicWALL Security Software
Email Security SonicWALL Email Security 7.2.4 Software System Compatibility SonicWALL Email Security 7.2.4 Software is supported on systems with the following: Operating Systems Windows 2003, SP2 Windows
More informationCheck Point DDoS Protector Introduction
Check Point DDoS Protector Introduction Petr Kadrmas SE Eastern Europe pkadrmas@checkpoint.com Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 2 (D)DoS Attack Methods
More informationGFI MailSecurity 2011 for Exchange/SMTP. Administration & Configuration Manual
GFI MailSecurity 2011 for Exchange/SMTP Administration & Configuration Manual http://www.gfi.com info@gfi.com The information and content in this document is provided for informational purposes only and
More informationDetecting Specific Threats
The following topics explain how to use preprocessors in a network analysis policy to detect specific threats: Introduction to Specific Threat Detection, page 1 Back Orifice Detection, page 1 Portscan
More informationCisco Security Monitoring, Analysis and Response System 4.2
Q&A Cisco Security Monitoring, Analysis and Response System 4.2 GENERAL Q. What is the Cisco Security Monitoring, Analysis and Response System? A. The Cisco Security Monitoring, Analysis and Response System
More informationFirefly Perimeter ( vsrx ) Technical information 12.1 X47 D10.2. Tuncay Seyran
Firefly Perimeter ( vsrx ) Technical information 12.1 X47 D10.2 Tuncay Seyran Security in a virtualized environment: same security risks + more TRADITIONAL SECURITY RISKS IMPACTING VIRTUAL ENVIRONMENTS
More informationUSG2110 Unified Security Gateways
USG2110 Unified Security Gateways The USG2110 series is Huawei's unified security gateway developed to meet the network security needs of various organizations including the small enterprises, branch offices,
More informationMESSAGING SECURITY GATEWAY. Solution overview
MESSAGING SECURITY GATEWAY Solution overview April 2017 CONTENTS Executive Summary...3 The case for email protection and privacy... 3 Privacy in email communication... 3 LinkedIn Phishing Sample...4 Messaging
More informationMcAfee Network Security Platform 9.2
Revision B McAfee Network Security Platform 9.2 (9.2.7.9-9.2.7.10 Manager-Virtual IPS Release Notes) Contents About this release New features Enhancements Resolved issues Installation instructions Known
More informationIntroduction to Network Discovery and Identity
The following topics provide an introduction to network discovery and identity policies and data: Host, Application, and User Detection, page 1 Uses for Host, Application, and User Discovery and Identity
More informationMaster Course Computer Networks IN2097
Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master Course Computer Networks IN2097 Prof. Dr.-Ing. Georg Carle Christian Grothoff, Ph.D. Dr. Nils
More informationBotnets: major players in the shadows. Author Sébastien GOUTAL Chief Science Officer
Botnets: major players in the shadows Author Sébastien GOUTAL Chief Science Officer Table of contents Introduction... 3 Birth of a botnet... 4 Life of a botnet... 5 Death of a botnet... 8 Introduction
More informationWHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief
WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION A Novetta Cyber Analytics Brief Why SIEMs with advanced network-traffic analytics is a powerful combination. INTRODUCTION Novetta
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
Comparison of Firewall, Intrusion Prevention and Antivirus Technologies (How each protects the network) Dr. Gaurav Kumar Jain Email: gaurav.rinkujain.jain@gmail.com Mr. Pradeep Sharma Mukul Verma Abstract
More informationintelop Stealth IPS false Positive
There is a wide variety of network traffic. Servers can be using different operating systems, an FTP server application used in the demilitarized zone (DMZ) can be different from the one used in the corporate
More informationBehavior-Based IDS: StealthWatch Overview and Deployment Methodology
Behavior-Based IDS: Overview and Deployment Methodology Lancope 3155 Royal Drive, Building 100 Alpharetta, Georgia 30022 Phone: 770.225.6500 Fax: 770.225.6501 www.lancope.com techinfo@lancope.com Overview
More informationCisco Service Control Service Security: Outgoing Spam Mitigation Solution Guide, Release 4.1.x
CISCO SERVICE CONTROL SOLUTION GUIDE Cisco Service Control Service Security: Outgoing Spam Mitigation Solution Guide, Release 4.1.x 1 Introduction and Scope 2 Functionality Overview 3 Mass-Mailing-Based
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationChapter 4. Routers with Tiny Buffers: Experiments. 4.1 Testbed experiments Setup
Chapter 4 Routers with Tiny Buffers: Experiments This chapter describes two sets of experiments with tiny buffers in networks: one in a testbed and the other in a real network over the Internet2 1 backbone.
More informationIntroduction to Network Discovery and Identity
The following topics provide an introduction to network discovery and identity policies and data: Host, Application, and User Detection, on page 1 Uses for Host, Application, and User Discovery and Identity
More informationSecurity and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1
Security and Privacy Xin Liu Computer Science University of California, Davis Introduction 1-1 What is network security? Confidentiality: only sender, intended receiver should understand message contents
More informationCisco Intrusion Prevention Solutions
Cisco Intrusion Prevention Solutions Proactive Integrated, Collaborative, and Adaptive Network Protection Cisco Intrusion Prevention System (IPS) solutions accurately identify, classify, and stop malicious
More information68% 63% 50% 25% 24% 20% 17% Credit Theft. DDoS. Web Fraud. Cross-site Scripting. SQL Injection. Clickjack. Cross-site Request Forgery.
PRESENTED BY: Credit Theft 68% DDoS 63% Web Fraud 50% Cross-site Scripting SQL Injection Clickjack Cross-site Request Forgery 25% 24% 20% 17% Other 2% F5 Ponemon Survey -Me East-West Traffic Flows App
More information10 MONITORING AND OPTIMIZING
MONITORING AND OPTIMIZING.1 Introduction Objectives.2 Windows XP Task Manager.2.1 Monitor Running Programs.2.2 Monitor Processes.2.3 Monitor System Performance.2.4 Monitor Networking.2.5 Monitor Users.3
More informationMikroTik, A Router for Today & Tomorrow
MikroTik, A Router for Today & Tomorrow By- Md. Shaqul Hasan hasan@aitlbd.com Aftab IT Limited MUM Bangladesh 2016 Routing The World Millions of RouterOS powered devices currently routing the world MikroTik
More informationIntegrate Clavister Firewall
Integrate Clavister Firewall EventTracker v7.x Publication Date: July 7, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract The highly acclaimed Clavister cos offers
More informationMonitoring the Device
The system includes dashboards and an Event Viewer that you can use to monitor the device and traffic that is passing through the device. Enable Logging to Obtain Traffic Statistics, page 1 Monitoring
More informationNET0183 Networks and Communications
Lectures 7 and 8 Measured performance of an Ethernet Ethernet is a CSMA/CD network. Carrier Sense Multiple Access with Collision Detection 1 Historical Case Study http://portal.acm.org/beta/citation.cfm?id=359044
More informationManaging SonicWall Gateway Anti Virus Service
Managing SonicWall Gateway Anti Virus Service SonicWall Gateway Anti-Virus (GAV) delivers real-time virus protection directly on the SonicWall security appliance by using SonicWall s IPS-Deep Packet Inspection
More informationCyber Security. Our part of the journey
Cyber Security Our part of the journey The Journey Evolved Built on the past Will be continued Not always perfect Small Steps moving forward The Privileged How to make enemies quickly Ask before acting
More informationFregata. DDoS Mitigation Solution. Technical Specifications & Datasheet 1G-5G
Fregata DDoS Mitigation Solution Technical Specifications & Datasheet 1G-5G Amidst fierce competition, your business cannot afford to slow down With HaltDos, you don t have to sacrifice productivity and
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationBOTNET-GENERATED SPAM
BOTNET-GENERATED SPAM By Areej Al-Bataineh University of Texas at San Antonio MIT Spam Conference 2009 www.securitycartoon.com 3/27/2009 Areej Al-Bataineh - Botnet-generated Spam 2 1 Botnets: A Global
More informationESET Mobile Security for Windows Mobile. Installation Manual and User Guide - Public Beta
ESET Mobile Security for Windows Mobile Installation Manual and User Guide - Public Beta Contents...3 1. Installation of ESET Mobile Security 1.1 Minimum...3 system requirements 1.2 Installation...3 1.2.1
More informationDeployment Guides. Help Documentation
Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2019 SmarterTools Inc. Deployment Guides SmarterMail in Individual and Micro-business
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More information