Proxy VPN. Network Forensics. Adv Security and. Eve. Bob. Alice SIEM. Author: Prof Bill Buchanan
|
|
|
- Godfrey Nelson
- 5 years ago
- Views:
Transcription
1 Adv Security and Network Forensics Proxy VPN Eve Bob Alice Author: Prof Bill Buchanan
2
3 Big Data
4 Four Vs of Big Data V- Velocity [Speed of data generation] V- Variety [Different forms of data] V- Veracity [Trustworthiness] V- Volume [Scale of data] Firewall Alice Management report Sales analysis Router Targeted marketing Switch Trending/Correlation Web server server Intrusion Detection System FTP server Proxy server
5 Cloud Cracking HPC HPC 1997: Deep Blue deep Kasparov 2011: Watson beats humans at Jeopardy! 2013: Watson beats Cancer Specialists
6 Adv Security and Network Forensics Proxy VPN Eve Bob Alice Author: Prof Bill Buchanan
7 Protect users Detect Fraud Protect assets Protect transactions Customer trust Audit/ compliance Protect data Shareholder trust Why?
8
9
10
11
12 Risk 4: One Password Fits All 150 million accounts compromised # Count Ciphertext Plaintext EQ7fIpT7i/Q= j9p+hwtwwt86amjgzflzyg== L8qbAD3jl3jioxG6CatHBw== password BB4e6X+b2xLioxG6CatHBw== adobe j9p+hwtwwt/ioxg6cathbw== djv7ZCI2ws= qwerty dqi0aswpyvq= LqYzKVeq8I= PMDTbP0LZxu03SwrFUvYGA== photoshop e6mpxq5g6a8= million accounts 6.5 million accounts (June 2013) One account hack leads to others 1 million accounts in plain text. 77 million compromised Dropbox compromised ,000 client accounts
13 Build and Maintain and Secure Network Firewall. System passwords. Protect Cardholder Data Stored cardholder data. Encrypt data. Monitor and Test Networks Track/monitor accesses. Perform security tests. Maintain Vulnerability Management Program Anti-virus. Develop/ maintain secure systems and apps. Define/Maintain Security Policy Design and implement a policy which focuses on security. Strong Access Control Restrict access to cardholder data. Assign unique ID for each user who accesses. Restrict physical access. PCI-DSS
14 Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. U.S. Senator Paul Sarbanes and U.S. Representative Michael G. Oxley. USA, Canada, France, etc. Public Company Accounting Oversight Board Analyst Conflicts of Interest Auditor Independence Corporate Responsibility Corporate Tax Returns SOX
15 Log Aggregation: Data from many sources networks, databases, applications, servers, etc Internet Correlation: Links events together into a coherent instances (timelining) Firewall Router Alice Switch Dashboard: Provides an overview of events and alerts for analysis/response Web server server Intrusion Detection System Complaince: Gathering and reporting of audit/ compliance (PCI- DSS, etc). Retention: Longterm storage of data for audit/ compliance FTP server Proxy server Forensic Analysis: Analysis of logs across infrastructure
16 Local host logs - Application. - Security. - System - etc File and Directories - CRUD. - Security changes. Performance - CPU. - Memory. - Threads. Database Access - Logs. TCP/UDP - Syslog. Environmental - Temp. - Humidity. Remote Access - Logs. Registry Monitoring - Key changes. - Updates. Active Directory - User additions. - Host changes. - Logins Intrusion Detection - Alerts - Logs. Print Monitoring - Jobs. Logs
17 Syslog Buffered logging: 0 Emergencies System shutting down due to missing fan tray 1 Alerts Temperature limit exceeded 2 Critical Memory allocation failures 3 Errors Interface Up/Down messages 4 Warnings Configuration file written to server, via SNMP request 5 Notifications Line protocol Up/Down 6 Information Access-list violation logging 7 Debugging Debug messages Internet > enable Firewall Alice # config t (config)# logging on (config)# logging (config)# logging buffer (config)# logging trap emergency (config)# logging monitor emergency Router Switch (config)# logging console emergency (config)# logging buffer emergency (config)# clock timezone AKDT Web server server Intrusion Detection System FTP server Syslog server
18 Proxy VPN Eve Bob Alice Types Author: Prof Bill Buchanan
19
20 Data collected with Cisco NetFlow
21 Router# configure terminal // Destination is UDP Port: 999 Router(config)# ip flow-export destination Router(config)# ip flow-export version 9 Router(config)# interface ethernet 0/0 // Monitor incoming Router(config-if)# ip flow ingress Data collected with Cisco NetFlow NetFlow Route NetFlow Collection Agent FA0/0 Egress Ingress UDP Listen: 999 Router# show ip cache flow IP packet size distribution ( total packets): IP Flow Switching Cache, bytes 35 active, 4061 inactive, 980 added ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, bytes 0 active, 1024 inactive, 0 added, 0 added to flow 0 alloc failures, 0 force free 1 chunk, 1 chunk added last clearing of statistics never Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) Flows /Sec /Flow /Pkt /Sec /Flow /Flow TCP-FTP TCP-FTPD TCP-WWW TCP-SMTP TCP-BGP TCP-NNTP TCP-other UDP-TFTP UDP-other ICMP Total: SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts Et0/ Et1/ C01 51 Et0/ Null Et0/ Null Et0/ Et1/ Et0/ Et1/ Et0/ Et1/ Et0/ Et1/ Et0/ Et1/ Et0/ Et1/ Et0/ Null C 027C 49
22
23
24 Splunk
25 Splunk
26 HP ArcSight
27 HP ArcSight
28 Proxy VPN Eve Bob Alice Splunk Author: Prof Bill Buchanan
29 Web logs [11/Mar/2014:18:22:16] "GET /product.screen?productid=wc-sh-a02&jsessionid=sd0sl6ff7adff4953 HTTP 1.1" " "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/ Safari/536.5" [11/Mar/2014:18:22:16] "GET /oldlink?itemid=est-6&jsessionid=sd0sl6ff7adff4953 HTTP 1.1" " "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/ (KHTML, like Gecko) Chrome/ Safari/536.5" [11/Mar/2014:18:22:17] "GET /product.screen?productid=bs-ag-g09&jsessionid=sd0sl6ff7adff4953 HTTP 1.1" " "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/ Safari/536.5" [11/Mar/2014:18:22:19] "POST / category.screen?categoryid=strategy&jsessionid=sd0sl6ff7adff4953 HTTP 1.1" " "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/ Safari/536.5" [11/Mar/2014:18:22:20] "GET /product.screen?productid=fs-sg-g03&jsessionid=sd0sl6ff7adff4953 HTTP 1.1" " "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/ Safari/536.5" 487 Access.log #Software: Microsoft Internet Information Services 7.5 #Date: :00:09 #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(user-agent) sc-status sc-substatus sc-win32- status time-taken :00: GET /ip/whois site=asos.com Opera/ 9.80+(Windows+NT+6.2;+Win64;+x64)+Presto/ Version/ :00: GET /security/information/bmp Mozilla/5.0+(compatible;+Googlebot/ 2.1; :00: GET /ip/whois site=blogspot.nl Opera/ 9.80+(Windows+NT+6.2;+Win64;+x64)+Presto/ Version/ :00: GET /Content/footer.png Mozilla/ 5.0+(Windows+NT+6.3;+WOW64;+rv:27.0)+Gecko/ Firefox/ :00: GET /ip/whois site=proxyring.com Opera/ 9.80+(Windows+NT+6.2;+Win64;+x64)+Presto/ Version/ :00: GET /ip/whois site=surewest.net Opera/ 9.80+(Windows+NT+6.2;+Win64;+x64)+Presto/ Version/ IIS Log :00: GET / Mozilla/5.0+(Windows+NT+6.3;+WOW64;+rv:27.0)+Gecko/ Firefox/
![Thu Mar 11 2014 00:15:01 www1 sshd[4747]: Failed password for invalid user jabber from 118.142.68.](/docs-images/84/90829678/images/30-1.jpg "222 port 3187 ssh2 Thu Mar 11 2014 00:15:01 www1 sshd[4111]: Failed password for invalid user db2 from 118.142.68.")
30 Thu Mar :15:01 www1 sshd[4747]: Failed password for invalid user jabber from port 3187 ssh2 Thu Mar :15:01 www1 sshd[4111]: Failed password for invalid user db2 from port 4150 ssh2 Thu Mar :15:01 www1 sshd[5359]: Failed password for invalid user pmuser from port 3356 ssh2 Thu Mar :15:01 www1 su: pam_unix(su:session): session opened for user root by djohnson(uid=0) Thu Mar :15:01 www1 sshd[2660]: Failed password for invalid user irc from port 4343 ssh2 Thu Mar :15:01 www1 sshd[1705]: Failed password for happy from port 4174 ssh2 Thu Mar :15:01 www1 sshd[1292]: Failed password for nobody from port 1654 ssh2 Thu Mar :15:01 www1 sshd[1560]: Failed password for invalid user local from port 4616 ssh2 Thu Mar :15:01 www1 sshd[59414]: Accepted password for myuan from port 1569 ssh2 Thu Mar :15:01 www1 sshd[1876]: Failed password for invalid user db2 from port 1151 ssh2 Thu Mar :15:01 www1 sshd[3310]: Failed password for apache from port 4343 ssh2 Thu Mar :15:01 www1 sshd[2149]: Failed password for nobody from port 1527 ssh2 Thu Mar :15:01 www1 sshd[2766]: Failed password for invalid user guest from port 2581 ssh2 Secure.log Security log
31 Security log
32 Adv Security and Network Forensics Proxy VPN Eve Bob Alice Author: Prof Bill Buchanan
Incident Response Introduction. Risk Analysis. Risk Management. Outline of threats. Data Loss. Fundamentals.
Stateful PIX/ASA firewall Incident Response Introduction. Risk Analysis. Risk Management. Outline of threats. Data Loss. Fundamentals. Eve Bob Trent Bob Alice Inc Response Types Stateful PIX/ASA firewall
NetFlow and NetFlow Data Export.
Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export This module contains the minimum amount of information about and instructions necessary for configuring NetFlow to capture and
Sybex ICND2/CCNA R/S Chapter 17: IP Services. Instructor & Todd Lammle
Sybex ICND2/CCNA R/S Chapter 17: IP Services Instructor & Todd Lammle Chapter 17 Objectives The ICND2 Topics Covered in this chapter include: IP Services Recognize high availability (FHRP) VRRP HSRP GLBP
The Risks and Opportunities of Mobile Working within Cloud Environments
The Risks and Opportunities of Mobile Working within Cloud Environments http://asecuritysite.com Prof Bill Buchanan, Adrian Smales DFET Training in Napier Cloud Campus-based training On-site training Mac
Configuring NetFlow and NetFlow Data Export
This module contains information about and instructions for configuring NetFlow to capture and export network traffic data. NetFlow capture and export are performed independently on each internetworking
Configuring MPLS Egress NetFlow Accounting and Analysis
Configuring MPLS Egress NetFlow Accounting and Analysis This module contains information about and instructions for configuring the MPLS Egress NetFlow Accounting feature. The MPLS Egress NetFlow Accounting
IP Source Tracker. Finding Feature Information. Restrictions for IP Source Tracker. Last Updated: January 18, 2012
IP Source Tracker Last Updated: January 18, 2012 The IP Source Tracker feature tracks information in the following ways: Gathers information about the traffic that is flowing to a host that is suspected
Computing Science: Now and The Future
Computing Science: Now and The Future Inc. Computer Security Prof Bill Buchanan, Twitter: @billatnapier Web: asecuritysite.com, brightredbooks.net Xmas Cyber Lectures (3000 pupils 4 cities) + IET Xmas
Configuring NetFlow and NetFlow Data Export
Configuring NetFlow and NetFlow Data Export This module contains information about and instructions for configuring NetFlow to capture and export network traffic data. NetFlow capture and export are performed
Configuring NetFlow BGP Next Hop Support for Accounting and Analysis
Configuring NetFlow BGP Next Hop Support for Accounting and Analysis This document provides information about and instructions for configuring NetFlow Border Gateway Protocol (BGP) next hop support. This
Detecting IPv6 Tunnels in an Enterprise Network
Detecting IPv6 Tunnels in an Enterprise Network Introduction The ongoing depletion of unique and global IPv4 addresses is creating an increased focus on IPv6 technology. The regional registries run ongoing
Configuring NetFlow BGP Next Hop Support for Accounting and Analysis
Configuring NetFlow BGP Next Hop Support for Accounting and Analysis Last Updated: November 27, 2012 This document provides information about and instructions for configuring NetFlow Border Gateway Protocol
CHAPTER 44 This chapter describes how to configure NetFlow Statistics on the Catalyst 4500 series switches. It also provides guidelines, procedures, and configuration examples. To use the NetFlow feature,
Configuring NetFlow Statistics Collection
38 CHAPTER This chapter describes how to configure NetFlow statistics on the Catalyst 4500 series switches. It also provides guidelines, procedures, and configuration examples. This feature is only available
Phase 4 Traceback the Attack. 2002, Cisco Systems, Inc. All rights reserved.
Phase 4 Traceback the Attack 1 Six Phases to ISP Security Incident Response Preparation Identification Classification Traceback Reaction Post Mortem 2 Traceback Attacks to their Source Valid IPv4 Source
Configuring NetFlow Top Talkers using Cisco IOS CLI Commands or SNMP Commands
Configuring NetFlow Top Talkers using Cisco IOS CLI Commands or SNMP Commands This module contains information about and instructions for configuring NetFlow Top Talkers feature. The NetFlow Top Talkers
NetFlow Layer 2 and Security Monitoring Exports
The feature improves your ability to detect and analyze network threats such as denial of service (DoS) attacks by increasing the number of fields from which NetFlow can capture relevant data. NetFlow
Using NetFlow Sampling to Select the Network Traffic to Track
Using NetFlow Sampling to Select the Network Traffic to Track This module contains information about and instructions for selecting the network traffic to track through the use of NetFlow sampling. The
Top 10 use cases of HP ArcSight Logger
Top 10 use cases of HP ArcSight Logger Sridhar Karnam @Sri747 Karnam@hp.com #HPSecure Big data is driving innovation The Big Data will continue to expand Collect Big Data for analytics Store Big Data for
Advanced Registry Operations Curriculum NetFlow
Advanced Registry Operations Curriculum NetFlow These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) as
Net-fow Ne t wo r k S e c u r i t y J u n e Pa p e e t e, F r e n c h Po l y n e s i a
Net-fow Ne t wo r k S e c u r i t y J une 2009 Pa p e e t e, F r e n c h Po l y n e s i a Agenda Netflow What it is and how it works Uses and Applications Vendor Configurations/ Implementation Cisco and
Introduction to Network Discovery and Identity
The following topics provide an introduction to network discovery and identity policies and data: Host, Application, and User Detection, on page 1 Uses for Host, Application, and User Discovery and Identity
Introduction to Network Discovery and Identity
The following topics provide an introduction to network discovery and identity policies and data: Host, Application, and User Detection, page 1 Uses for Host, Application, and User Discovery and Identity
Configuring NetFlow Top Talkers using Cisco IOS CLI Commands or SNMP Commands
Configuring NetFlow Top Talkers using Cisco IOS CLI Commands or SNMP Commands Last Updated: April 12, 2012 This module contains information about and instructions for configuring NetFlow Top Talkers feature.
Identifying Operating System Using Flow-based Traffic Fingerprinting
Identifying Operating System Using Flow-based Traffic Fingerprinting Tomáš Jirsík, Pavel Čeleda {jirsik celeda}@ics.muni.cz Institute of Computer Science, Masaryk University EUNICE 2014 September, 1. 5.,
FlowMonitor for WhatsUp Gold v16.3 User Guide
FlowMonitor for WhatsUp Gold v16.3 User Guide Contents Flow Monitor Overview Welcome to WhatsUp Gold Flow Monitor... 1 What is Flow Monitor?... 2 How does Flow Monitor work?... 2 Flow Monitor System requirements...
Using NetFlow Sampling to Select the Network Traffic to Track
Using NetFlow Sampling to Select the Network Traffic to Track Last Updated: September 17, 2012 This module contains information about and instructions for selecting the network traffic to track through
Three interface Router without NAT Cisco IOS Firewall Configuration
Three interface Router without NAT Cisco IOS Firewall Configuration Document ID: 13893 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations
Using NetFlow Filtering or Sampling to Select the Network Traffic to Track
Using NetFlow Filtering or Sampling to Select the Network Traffic to Track First Published: June 19, 2006 Last Updated: December 17, 2010 This module contains information about and instructions for selecting
Ethernet / TCP-IP - Training Suite Application level protocols
Ethernet / TCP-IP - Training Suite 05 - Application level protocols Application layer protocols 2 World Wide Web HTTP I want HTTP this resource. Hypertext Transfer Protocol (HTTP) Used by the World Wide
VPN Console: Monitoring Menu
CHAPTER 8 This chapter provides an explanation of collection tasks and reports categorized under the Monitoring menu option, as follows: Collect Router Configuration Files, page 8-2 Collect VPN Accounting
Securing CS-MARS C H A P T E R
C H A P T E R 4 Securing CS-MARS A Security Information Management (SIM) system can contain a tremendous amount of sensitive information. This is because it receives event logs from security systems throughout
Viewing System Status, page 404. Backing Up and Restoring a Configuration, page 416. Managing Certificates for Authentication, page 418
This chapter describes how to maintain the configuration and firmware, reboot or reset the security appliance, manage the security license and digital certificates, and configure other features to help
Integration with ArcSight. Guardium Version 7.0
Integration with ArcSight Guardium Version 7.0 Contents Contents...2 Preface...3 About this Document...3 Target Audience...3 Introduction...4 Benefits of SIEM integration with Guardium...4 SIEM integration
Overview. About the Cisco Context-Aware Mobility Solution CHAPTER
1 CHAPTER This chapter describes the role of the Cisco 3300 series mobility services engine (MSE), a component of the Cisco Context-Aware Mobility (CAM) solution, within the overall Cisco Unified Wireless
Computer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
Chapter 3: Using Maintenance & Troubleshooting Tools and Applications
Chapter 3: Using Maintenance & Troubleshooting Tools and Applications CCNP TSHOOT: Maintaining and Troubleshooting IP Networks Course v6 1 Chapter 3 Objectives Use Cisco IOS commands to gather information
Network security session 9-2 Router Security. Network II
Network security session 9-2 Router Security Network II Router security First line of defense of the network Compromise of a router can lead to many issues: Denial of network services Degrading of network
Electronic Access Controls June 27, Kevin B. Perry Director, Critical Infrastructure Protection
Electronic Access Controls June 27, 2017 Kevin B. Perry Director, Critical Infrastructure Protection kperry.re@spp.org 501.614.3251 1 Electronic Access Point 2 What does your access control look like?
90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
EventSentry Quickstart Guide
Contents I Part I About This Guide 2 Part II Overview 3 Part III Installing EventSentry 6 1 Installation with... Setup 7 2 Management Application... 8 3 Configuration... 9 4 Remote Update... 12 5 Heartbeat
HP ArcSight Port and Protocol Information
Important Notice HP ArcSight Port and Protocol Information The information (data) contained on all sheets of this document constitutes confidential information of Hewlett- Packard Company or its affiliates
LOGmanager and PCI Data Security Standard v3.2 compliance
LOGmanager and PCI Data Security Standard v3.2 compliance Whitepaper how deploying LOGmanager helps to maintain PCI DSS regulation requirements Many organizations struggle to understand what and where
Logging. About Logging. This chapter describes how to log system messages and use them for troubleshooting.
This chapter describes how to log system messages and use them for troubleshooting. About, page 1 Guidelines for, page 7 Configure, page 8 Monitoring the Logs, page 26 History for, page 29 About System
Advanced NetFlow Accounting
1 Advanced NetFlow Accounting Session Copyright Printed in USA. 2 Table of Content NetFlow Basics NetFlow Versions NetFlow on the Router (Version 5) NetFlow on the Router (Version 8) NetFlow on the Switches
Advanced Security and Forensic Computing
Advanced Security and Forensic Computing Unit 2: Network Security Elements Dr Dr Bill Buchanan, Reader, School of of Computing. >Unit 2: 2: Network Security Elements Advanced Security and Forensic Computing
Global Information Assurance Certification Paper
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
Note that you can also use the password command but the secret command gives you a better encryption algorithm.
Router Device Security Lab Configuring Secure Passwords 1. Configure the enable secret and password enable password TRUSTME enable secret letmein Look at the configuration: show config terminal Note the
Integrate Apache Web Server
Publication Date: January 13, 2017 Abstract This guide helps you in configuring Apache Web Server and EventTracker to receive Apache Web server events. The detailed procedures required for monitoring Apache
Network Infrastructure Filtering at the border. PacNOG19 28th November - 2nd December 2016 Nadi, Fiji
Network Infrastructure Filtering at the border PacNOG19 28th November - 2nd December 2016 Nadi, Fiji Issue Date: [Date] Revision: [XX] What we have in network? Router Switch CPE (ADSL Router / WiFi Router)
Connection Logging. Introduction to Connection Logging
The following topics describe how to configure the Firepower System to log connections made by hosts on your monitored network: Introduction to, page 1 Strategies, page 2 Logging Decryptable Connections
Russian Cyber Attack Warning and Impact on AccessEnforcer UTM Firewall
Russian Cyber Attack Warning and Impact on AccessEnforcer UTM Firewall 1 U.S. and U.K. authorities last week alerted the public to an on-going effort to exploit network infrastructure devices including
Security Hardening Checklist for Cisco Routers/Switches in 10 Steps
Security Hardening Checklist for Cisco Routers/Switches in 10 Steps Network infrastructure devices (routers, switches, load balancers, firewalls etc) are among the assets of an enterprise that play an
SIEM Product Comparison
SIEM Product Comparison SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013) Only products with technology
Troubleshooting the Network Analysis Module. Netflow Data Export. Web Application CHAPTER
CHAPTER 5 This chapter describes how to troubleshoot the NAM and includes these sections: Netflow Data Export, page 5-1 Error Messages, page 5-9 Web Username and Password Guidelines, page 5-15 Supported
Connection Logging. About Connection Logging
The following topics describe how to configure the Firepower System to log connections made by hosts on your monitored network: About, page 1 Strategies, page 2 Logging Decryptable Connections with SSL
This document is intended to give guidance on how to read log entries from a Cisco PIX / ASA. The specific model in this case was a PIX 501.
1.0 Overview This document is intended to give guidance on how to read log entries from a Cisco PIX / ASA. The specific model in this case was a PIX 501. 2.0 PIX Config The following is the PIX config
Overview of the Cisco NCS Command-Line Interface
CHAPTER 1 Overview of the Cisco NCS -Line Interface This chapter provides an overview of how to access the Cisco Prime Network Control System (NCS) command-line interface (CLI), the different command modes,
Network Security: Firewall, VPN, IDS/IPS, SIEM
Security: Firewall, VPN, IDS/IPS, SIEM Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr What is a Firewall? A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
AuditConfigurationArchiveandSoftwareManagementChanges (Network Audit)
This section contains the following topics: Audit Configuration Archive and Software Management Changes (Network Audit), on page 1 Audit Changes Made By Users (Change Audit), on page 1 Audit Actions Executed
Hands-On Ethical Hacking and Network Defense 3 rd Edition
Hands-On Ethical Hacking and Network Defense 3 rd Edition Chapter 13 Network Protection Systems Last modified 1-11-17 Objectives Explain how routers are used to protect networks Describe firewall technology
IC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
HPE Security ArcSight Connectors
HPE Security ArcSight Connectors SmartConnector for IP Flow (NetFlow/J-Flow) Configuration Guide October 17, 2017 SmartConnector for IP Flow (NetFlow/J-Flow) October 17, 2017 Copyright 2004 2017 Hewlett
Configuring NetFlow. Understanding NetFlow CHAPTER
50 CHAPTER This chapter describes how to configure NetFlow statistics collection on the Cisco 7600 series routers. Note For complete syntax and usage information for the commands used in this chapter,
NetFlow Configuration Guide
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
Bring Context To Your Machine Data With Hadoop, RDBMS & Splunk
Bring Context To Your Machine Data With Hadoop, RDBMS & Splunk Raanan Dagan and Rohit Pujari September 25, 2017 Washington, DC Forward-Looking Statements During the course of this presentation, we may
User and System Administration
CHAPTER 5 This chapter provides information about performing user and system administration tasks in Cisco Prime Network Analysis Module 5.1and generating diagnostic information for obtaining technical
SecureVue. SecureVue
SecureVue SecureVue Detects Cyber-Attacks Before They Impact Your Business Provides Situational Awareness to Proactively Address Enterprise Threats Ensures Quick and Easy Compliance Reporting and Documentation
Database Security Service. FAQs. Issue 19 Date HUAWEI TECHNOLOGIES CO., LTD.
Issue 19 Date 2019-04-08 HUAWEI TECHNOLOGIES CO., LTD. Copyright Huawei Technologies Co., Ltd. 2019. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any
Lab Configure Cisco IOS Firewall CBAC on a Cisco Router
Lab 3.8.3 Configure Cisco IOS Firewall CBAC on a Cisco Router Objective Scenario Topology Estimated Time: 35 minutes Number of Team Members: Two teams with four students per team In this lab, students
Internet Security: Firewall
Internet Security: Firewall What is a Firewall firewall = wall to protect against fire propagation More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
Using the Management Interfaces
The following management interfaces are provided for external users and applications: Gigabit Ethernet Management Interface, page 1 SNMP, page 7 Gigabit Ethernet Management Interface Gigabit Ethernet Management
White Paper: Next-Gen Network Traffic Analysis (NTA): Log-based NTA vs. Packet-based NTA
White Paper: Next-Gen Network Traffic Analysis (NTA) Log-based NTA vs. Packet-based NTA ALEX VAYSTIKH, SecBI CTO & Co-Founder February 2018 Executive Summary Network Traffic Analysis (NTA) is a critical
Cisco Exam. Volume: 223 Questions. Question No: 1 Which three commands can be used to harden a switch? (Choose three.)
Volume: 223 Questions Question No: 1 Which three commands can be used to harden a switch? (Choose three.) A. switch(config-if)# spanning-tree bpdufilter enable B. switch(config)# ip dhcp snooping C. switch(config)#
Cisco Security Monitoring, Analysis and Response System 4.2
Q&A Cisco Security Monitoring, Analysis and Response System 4.2 GENERAL Q. What is the Cisco Security Monitoring, Analysis and Response System? A. The Cisco Security Monitoring, Analysis and Response System
10 Defense Mechanisms
SE 4C03 Winter 2006 10 Defense Mechanisms Instructor: W. M. Farmer Revised: 23 March 2006 1 Defensive Services Authentication (subject, source) Access control (network, host, file) Data protection (privacy
System Configuration. The following topics explain how to configure system configuration settings on Firepower Management Centers and managed devices:
The following topics explain how to configure system configuration settings on Firepower Management Centers and managed devices: Introduction to, page 2 Appliance Information, page 5 Custom HTTPS Certificates,
Applied Networks & Security
Applied Networks & Security Applications http://condor.depaul.edu/~jkristof/it263/ John Kristoff jtk@depaul.edu IT 263 Winter 2006/2007 John Kristoff - DePaul University 1 HTTP/HTTPS The language of the
CISCO EXAM QUESTIONS & ANSWERS
CISCO 300-206 EXAM QUESTIONS & ANSWERS Number: 300-206 Passing Score: 800 Time Limit: 120 min File Version: 35.2 http://www.gratisexam.com/ Exam Code: 300-206 Exam Name: Implementing Cisco Edge Network
Using the Management Ethernet Interface
This chapter covers the following topics: Gigabit Ethernet Management Interface Overview, page 1 Gigabit Ethernet Port Numbering, page 1 IP Address Handling in ROMmon and the Management Ethernet Port,
itexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공
itexamdump 최고이자최신인 IT 인증시험덤프 http://www.itexamdump.com 일년무료업데이트서비스제공 Exam : 642-832 Title : Troubleshooting and maintaing cisco ip networks Vendors : Cisco Version : DEMO Get Latest & Valid 642-832 Exam's
OER uses the following default value if this command is not configured or if the no form of this command is entered: timer: 300
holddown holddown To configure the Optimized Edge Routing (OER) prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected, use
Cisco Configuration. Network Monitoring and Management
Network Monitoring and Management Cisco Configuration These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
Configuring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
Viewing Router Information
CHAPTER39 The Cisco Router and Security Device Manager (Cisco SDM) Monitor mode lets you view a current snapshot of information about your router, the router interfaces, the firewall, and any active VPN
NMS300 Network Management System Application
NMS300 Network Management System Application Quick Start Guide October 2013 202-11288-02 350 East Plumeria Drive San Jose, CA 95134 USA Support Thank you for purchasing this NETGEAR product. After installing
Using NetFlow Filtering or Sampling to Select the Network Traffic to Track
Using NetFlow Filtering or Sampling to Select the Network Traffic to Track Last Updated: December 7, 2011 This module contains information about and instructions for selecting the network traffic to track
Cisco Security Information Event Management Deployment Guide. Revision: H2CY10
Cisco Security Information Event Management Deployment Guide Revision: H2CY10 The Purpose of this Document This guide focuses on Cisco products and discusses how those products integrate with any third
McAfee Network Security Platform 9.1
9.1.7.49-9.1.3.6 Manager-M-series, Mxx30-series, XC Cluster Release Notes McAfee Network Security Platform 9.1 Revision C Contents About the release New features Enhancements Resolved issues Installation
The following topics describe how to configure correlation policies and rules.
The following topics describe how to configure correlation policies and rules. Introduction to and Rules, page 1 Configuring, page 2 Configuring Correlation Rules, page 5 Configuring Correlation Response
Integration With Third Party SIEM Solutions NetIQ Secure Configuration Manager. October 2016
Integration With Third Party SIEM Solutions NetIQ Secure Configuration Manager October 2016 Legal Notice For information about NetIQ legal notices, disclaimers, warranties, export and other use restrictions,
Symantec Control Compliance Suite Vulnerability Manager User's Guide
Symantec Control Compliance Suite Vulnerability Manager User's Guide Document version 1.0 Copyright 2010 Symantec Corporation. All rights reserved. Contents Revision history... 3 About this guide... 4
Cisco Router Security: Principles and Practise. The foundation of network security is router security.
The foundation of network security is router security. 1) Router security within a general IT security plan, IOS software and standard access. 2) Password security and authentication. 3) Services, applications
Introduction to Change and Configuration Management
CHAPTER 1 Introduction to Change and Configuration Management Cisco Prime Network Change and Configuration Management provides tools that allow you to manage the software and device configuration changes
Configuring Data Export for Flexible NetFlow with Flow Exporters
Configuring Data Export for Flexible NetFlow with Flow Exporters Last Updated: September 4, 2012 This document contains information about and instructions for configuring flow exporters to export Flexible
CCNA Semester 2 labs. Labs for chapters 2 10
CCNA Semester 2 labs Labs for chapters 2 10 2.2.2.5 Lab - Configuring IPv4 Static and Default Routes 2.3.2.4 Lab - Troubleshooting Static Routes 3.2.1.9 Lab - Configuring Basic RIPv2 5.2.2.9 Lab - Configuring
Cisco IOS Firewall Authentication Proxy
Cisco IOS Firewall Authentication Proxy This feature module describes the Cisco IOS Firewall Authentication Proxy feature. It includes information on the benefits of the feature, supported platforms, configuration
IBM Security QRadar Version Architecture and Deployment Guide IBM
IBM Security QRadar Version 7.3.1 Architecture and Deployment Guide IBM Note Before you use this information and the product that it supports, read the information in Notices on page 41. Product information
Introducing the VNE Customization Builder (VCB)
17 CHAPTER This chapter introduces the Virtual Network Element Customization Builder (VCB) in Cisco Prime Network. Topics include: About the VCB, page 17-1 A Quick Tour of the VCB, page 17-2, page 17-4
Context Based Access Control (CBAC): Introduction and Configuration
Context Based Access Control (CBAC): Introduction and Configuration Document ID: 13814 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information What Traffic Do