Scalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm
|
|
|
- Edith Dixon
- 5 years ago
- Views:
Transcription
1 Scalability, Fidelity, and in the Potemkin Virtual Honeyfarm Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik Vandekieft, Alex C. Snoeren, Geoffrey M. Voelker, Stefan Savage Collaborative Center for Internet Epidemiology and Defenses (CCIED) University of California, San Diego The Potemkin Virtual Honeyfarm 1 / 20
2 Background Large-scale host exploitation a serious problem Worms, viruses, bots, spyware... Supports an emerging economic criminal enterprise SPAM, DDoS, phishing, piracy, ID theft... Two weeks ago, one group arrested controlled 1.5 M hosts! Quality and sophistication of malware increasing rapidly The Potemkin Virtual Honeyfarm 2 / 20
3 Motivation Intelligence about new threats is critical for defenders Principal tool is the network honeypot Monitored system deployed for the purpose of being attacked Honeyfarm: Collection of honeypots Provide early warning, accurate inference of global activity, cover wide range of software issues Scalability: How many honeypots can be deployed Fidelity: How accurately systems are emulated : How well innocent third parties are protected Challenge: tension between scalability and fidelity The Potemkin Virtual Honeyfarm 3 / 20
4 Honeyfarm Scalability/Fidelity Tradeoff High Scalability High Fidelity The Potemkin Virtual Honeyfarm 4 / 20
5 Honeyfarm Scalability/Fidelity Tradeoff Physical Honeypots (Honeynet Project) VM-based Honeyfarms (Collapsar, Symantec) High Scalability High Fidelity Execute real code The Potemkin Virtual Honeyfarm 4 / 20
6 Honeyfarm Scalability/Fidelity Tradeoff Lightweight Responders (isink, IMS, honeyd) Physical Honeypots (Honeynet Project) Network Telescopes VM-based Honeyfarms (Collapsar, Symantec) High Scalability Millions of addresses High Fidelity Execute real code The Potemkin Virtual Honeyfarm 4 / 20
7 Honeyfarm Scalability/Fidelity Tradeoff Lightweight Responders (isink, IMS, honeyd) Physical Honeypots (Honeynet Project) Network Telescopes VM-based Honeyfarms (Collapsar, Symantec) High Scalability Millions of addresses Our Goal: Both High Fidelity Execute real code The Potemkin Virtual Honeyfarm 4 / 20
8 Approach Approach Network-Level Multiplexing Host-Level Multiplexing Dedicated honeypot systems are overkill Can provide the illusion of dedicated systems via aggressive resource multiplexing at network and host levels The Potemkin Virtual Honeyfarm 5 / 20
9 Network-Level Multiplexing Approach Network-Level Multiplexing Host-Level Multiplexing Most addresses don t receive traffic most of the time Apply late binding of IP addresses to honeypots Most traffic that is received causes no interesting effects Allocate honeypots only long enough to identify interesting behavior Recycle honeypots as soon as possible How many honeypots are required? For a given request rate, depends upon recycling rate The Potemkin Virtual Honeyfarm 6 / 20
10 Approach Network-Level Multiplexing Host-Level Multiplexing Effectiveness of Network-Level Multiplexing 1 Active Machines / Total Addresses Recycling Time (s) The Potemkin Virtual Honeyfarm 7 / 20
11 Approach Network-Level Multiplexing Host-Level Multiplexing Effectiveness of Network-Level Multiplexing 1 Active Machines / Total Addresses Recycling Time (s) 2 3 orders of magnitude improvement! The Potemkin Virtual Honeyfarm 7 / 20
12 Host-Level Multiplexing Approach Network-Level Multiplexing Host-Level Multiplexing CPU utilization in each honeypot quite low (milliseconds to process traffic) Use VMM to multiplex honeypots on a single physical machine Few memory pages actually modified when handling network data Share unmodified pages among honeypots within a machine How many virtual machines can we support? Limited by unique memory required per VM The Potemkin Virtual Honeyfarm 8 / 20
13 Approach Network-Level Multiplexing Host-Level Multiplexing Effectiveness of Host-Level Multiplexing Telnet Memory Pages Modified (MB) HTTP Ping Time (s) The Potemkin Virtual Honeyfarm 9 / 20
14 Approach Network-Level Multiplexing Host-Level Multiplexing Effectiveness of Host-Level Multiplexing Telnet Memory Pages Modified (MB) HTTP Ping Time (s) Further 2 3 orders of magnitude improvement The Potemkin Virtual Honeyfarm 9 / 20
15 The Potemkin Honeyfarm Architecture Two components: Gateway VMM The Potemkin Virtual Honeyfarm 10 / 20
16 The Potemkin Honeyfarm Architecture Two components: Gateway VMM Basic operation: Packet received by gateway The Potemkin Virtual Honeyfarm 10 / 20
17 The Potemkin Honeyfarm Architecture Two components: Gateway VMM Basic operation: Packet received by gateway Dispatched to honeyfarm server The Potemkin Virtual Honeyfarm 10 / 20
18 The Potemkin Honeyfarm Architecture Two components: Gateway VMM Basic operation: Packet received by gateway Dispatched to honeyfarm server VM instantiated Adopts IP address The Potemkin Virtual Honeyfarm 10 / 20
19 Requirements VMs created on demand VM creation must be fast enough to maintain illusion The Potemkin Virtual Honeyfarm 11 / 20
20 Requirements VMs created on demand VM creation must be fast enough to maintain illusion Many VMs created Must be resource-efficient The Potemkin Virtual Honeyfarm 11 / 20
21 Modified version of Xen 3.0 (pre-release) Flash cloning Fork copies from a reference honeypot VM Reduces VM creation time no need to boot Applications all ready to run Delta virtualization Copy-on-write sharing (between VMs) Reduces per-vm state only stores unique data Further reduces VM creation time The Potemkin Virtual Honeyfarm 12 / 20
22 Flash Cloning Performance Time required to clone a 128 MB honeypot: Control tools overhead Low-level clone Device setup Other management overhead Networking setup & overhead Total 124 ms 11 ms 149 ms 79 ms 158 ms 521 ms 0.5 s already imperceptible to external observers unless looking for delay, but we can do even better The Potemkin Virtual Honeyfarm 13 / 20
23 Flash Cloning Performance Time required to clone a 128 MB honeypot: Control tools overhead Low-level clone Device setup Other management overhead Networking setup & overhead Total 124 ms 11 ms 149 ms 79 ms 158 ms 521 ms 0.5 s already imperceptible to external observers unless looking for delay, but we can do even better The Potemkin Virtual Honeyfarm 13 / 20
24 Delta Virtualization Performance Deployed using 128 MB Linux honeypots Using servers with 2 GB RAM, have memory available to support 1000 VMs per physical host Currently tested with 100 VMs per host Hits artificial resource limit in Xen, but this can be fixed The Potemkin Virtual Honeyfarm 14 / 20
25 Policies Must also care about traffic going out We deliberately run unpatched, insecure software in honeypots : Should not permit attacks on third parties As with scalability, there is a tension between containment and fidelity Various containment policies we support: Allow no traffic out Allow traffic over established connections Allow traffic back to original host... The Potemkin Virtual Honeyfarm 15 / 20
26 Implementation in Gateway policies implemented in network gateway Tracks mappings between IP addresses, honeypots, and past connections Modular implementation in Click Gateway adds insignificant overhead ( 1 ms) The Potemkin Virtual Honeyfarm 16 / 20
27 Traffic Reflection Example gateway policy: Redirect traffic back to honeyfarm The Potemkin Virtual Honeyfarm 17 / 20
28 Traffic Reflection Example gateway policy: Redirect traffic back to honeyfarm Packets sent out to third parties... The Potemkin Virtual Honeyfarm 17 / 20
29 Traffic Reflection Example gateway policy: Redirect traffic back to honeyfarm Packets sent out to third parties may be redirected back into honeyfarm Reuses honeypot creation functionality The Potemkin Virtual Honeyfarm 17 / 20
30 Honeypot detection If malware detects it is in a honeypot, may act differently How easy it is to detect virtualization? VMware detection code used in the wild Open arms race between honeypot detection and camouflage Resource exhaustion Under high load, difficult to maintain accurate illusion Large-scale outbreak Honeypot denial-of-service Challenge is intelligently shedding load The Potemkin Virtual Honeyfarm 18 / 20
31 Summary Can achieve both high fidelity and scalability Sufficient to provide the illusion of scale Potemkin prototype: 65k addresses 10 physical hosts Largest high-fidelity honeypot that we are aware of Provides important tool for study of and defenses against malware The Potemkin Virtual Honeyfarm 19 / 20
32 For more information: The Potemkin Virtual Honeyfarm 20 / 20
33 Windows on Xen Windows on Xen Camouflage Honeypot Monitoring The Potemkin Virtual Honeyfarm 21 / 20
34 Camouflage Windows on Xen Camouflage Honeypot Monitoring Malware may detect honeypot environment in various ways: Detect virtualization Via incomplete x86 virtualization Searching for characteristic hardware configurations More complete virtualization can mitigate these leaks Detect monitoring tools Network, VM-instrospection tools harder to detect Detect network environment requirement places some limits on camouflage effectiveness Network security trends may be in our favor here The Potemkin Virtual Honeyfarm 22 / 20
35 Honeypot Monitoring Windows on Xen Camouflage Honeypot Monitoring Various means to monitor honeypots for interesting activity Network-level monitoring: Network intrusion detection systems, Earlybird-like detectors,... Host-level intrusion detection Virtual machine introspection The Potemkin Virtual Honeyfarm 23 / 20
Scalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm
Scalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik Vandekieft, Alex C. Snoeren, Geoffrey M. Voelker, and Stefan Savage Collaborative
Internet Outbreaks Epidemiology and Defenses
Internet Outbreaks Epidemiology and Defenses Geoffrey M. Voelker Collaborative Center for Internet Epidemiology and Defenses (CCIED) Computer Science and Engineering g UC San Diego February 28, 2007 With
Virtualization as a Defense. Issues raised. Encapsulation for Protection. Motivation 3/18/2009
Virtualization as a Defense We know that our systems are under attack by all sorts of threats Ken Birman Can we use virtual machines as a defensive tool? Ideas: Encapsulate applications: infection can
LaBrea p. 74 Installation and Setup p. 75 Observations p. 81 Tiny Honeypot p. 81 Installation p. 82 Capture Logs p. 83 Session Logs p.
Preface p. xiii Acknowledgments p. xxi About the Authors p. xxiii Honeypot and Networking Background p. 1 Brief TCP/IP Introduction p. 1 Honeypot Background p. 7 High-Interaction Honeypots p. 9 Low-Interaction
Virtual Machine Monitors (VMMs) are a hot topic in
CSE 120 Principles of Operating Systems Winter 2007 Lecture 16: Virtual Machine Monitors Keith Marzullo and Geoffrey M. Voelker Virtual Machine Monitors Virtual Machine Monitors (VMMs) are a hot topic
3-2 GHOST Sensor: Development of a Proactive Cyber-attack Observation Platform
3 Cybersecurity Technologies : Darknet Monitoring and Analysis 3-2 GHOST Sensor: Development of a Proactive Cyber-attack Observation Platform Masashi ETO There have been several network monitoring projects
Key Features. DATA SHEET
DATA SHEET Total Defense THREAT MANAGER r12 Overview: Total Defense Threat Manager r12 integrates anti-malware, groupware protection and network access control in one easy-touse solution, providing comprehensive
Malware Research at SMU. Tom Chen SMU
Malware Research at SMU Tom Chen SMU tchen@engr.smu.edu www.engr.smu.edu/~tchen Outline About SMU and Me Virus Research Lab Early Worm Detection Epidemic Modeling New Research Interests TC/BT/11-5-04 SMU
DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors
DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors 1 Table of Content Preamble...3 About Radware s DefensePro... 3 About Radware s Emergency Response Team
Active defence through deceptive IPS
Active defence through deceptive IPS Authors Apostolis Machas, MSc (Royal Holloway, 2016) Peter Komisarczuk, ISG, Royal Holloway Abstract Modern security mechanisms such as Unified Threat Management (UTM),
Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
Fast and Evasive Attacks: Highlighting the Challenges Ahead
Fast and Evasive Attacks: Highlighting the Challenges Ahead Moheeb Rajab, Fabian Monrose, and Andreas Terzis Computer Science Department Johns Hopkins University Outline Background Related Work Sampling
ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
Usage of Honeypot to Secure datacenter in Infrastructure as a Service data
Usage of Honeypot to Secure datacenter in Infrastructure as a Service data Ms. Priyanka Paliwal M. Tech. Student 2 nd yr.(comp. Science& Eng.) Government Engineering College Ajmer Ajmer, India (Erpriyanka_paliwal06@rediffmail.com)
CE Advanced Network Security Honeypots
CE 817 - Advanced Network Security Honeypots Lecture 12 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained
Symantec Endpoint Protection
Overview provides unrivaled security across physical and virtual platforms and support for the latest operating systems-mac OS X 10.9 and Windows 8.1. Powered by Symantec Insight and by SONAR, a single,
Data Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
Comparison of Firewall, Intrusion Prevention and Antivirus Technologies
Comparison of Firewall, Intrusion Prevention and Antivirus Technologies (How each protects the network) Dr. Gaurav Kumar Jain Email: gaurav.rinkujain.jain@gmail.com Mr. Pradeep Sharma Mukul Verma Abstract
Internet Security Threat Report Volume XIII. Patrick Martin Senior Product Manager Symantec Security Response October, 2008
Internet Security Threat Report Volume XIII Patrick Martin Senior Product Manager Symantec Security Response October, 2008 Agenda 1 ISTR XIII Important Facts 2 ISTR XIII Key Messages 3 ISTR XIII Key Facts
Securing Today s Mobile Workforce
WHITE PAPER Securing Today s Mobile Workforce Secure and Manage Mobile Devices and Users with Total Defense Mobile Security Table of Contents Executive Summary..................................................................................
Assessing Global Security Threat Levels Bryan Lu, Project Manager / Researcher
I AM NOT A NUMERO! Assessing Global Security Threat Levels Bryan Lu, Project Manager / Researcher 21-23 September 2009 Geneva, Switzerland Numero English: numero or number or No No. or # Spanish: número
The Dark Oracle: Perspective-Aware Unused and Unreachable Address Discovery
The Dark Oracle: Perspective-Aware Unused and Unreachable Address Discovery Evan Cooke *, Michael Bailey *, Farnam Jahanian *, Richard Mortier *University of Michigan Microsoft Research - 1 - NSDI 2006
Virtual CMS Honey pot capturing threats In web applications 1 BADI ALEKHYA, ASSITANT PROFESSOR, DEPT OF CSE, T.J.S ENGINEERING COLLEGE
International Journal of Scientific & Engineering Research, Volume 4, Issue 4, April-2013 1492 Virtual CMS Honey pot capturing threats In web applications 1 BADI ALEKHYA, ASSITANT PROFESSOR, DEPT OF CSE,
Fundamentals of Information Systems Security Lesson 8 Mitigation of Risk and Threats to Networks from Attacks and Malicious Code
Fundamentals of Information Systems Security Lesson 8 Mitigation of Risk and Threats to Networks from Attacks and Malicious Code Learning Objective Explain the importance of network principles and architecture
Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments
Trusted protection for endpoints and messaging environments Overview creates a protected endpoint and messaging environment that is secure against today s complex data loss, malware, and spam threats controlling
Honeypot-Aware Advanced Botnet Construction and Maintenance
Honeypot-Aware Advanced Botnet Construction and Maintenance Cliff C. Zou Ryan Cunningham School of Electrical Engineering and Computer Science University of Central Florida Orlando, FL 32816-2362 {czou,rcunning}@cs.ucf.edu
Extensible Network Security Services on Software Programmable Router OS. David Yau, Prem Gopalan, Seung Chul Han, Feng Liang
Extensible Network Security Services on Software Programmable Router OS David Yau, Prem Gopalan, Seung Chul Han, Feng Liang System Software and Architecture Lab Department of Computer Sciences Purdue University
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74
Analysis of the Global Distributed Denial of Service (DDoS) Mitigation Market Abridged Version Rise of the DDoS Attack Spurs Demand for Comprehensive Solutions A custom excerpt from Frost & Sullivan s
Boundary detection and containment of local worm infections
Boundary detection and containment of local worm infections Diego Zamboni, James Riordan, Milton Yates IBM Zurich Research Laboratory {dza,rij}@zurich.ibm.com, milton.yates@loule.info May 15, 2007 Abstract
Chapter 1 B: Exploring the Network
Chapter 1 B: Exploring the Network Types of Networks The two most common types of network infrastructures are: Local Area Network (LAN) Wide Area Network (WAN). Other types of networks include: Metropolitan
NetDefend Firewall UTM Services
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860/1660/2560/2560G) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content
Enterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
WatchGuard XTMv Setup Guide Fireware XTM v11.8
WatchGuard XTMv Setup Guide Fireware XTM v11.8 All XTMv Editions Copyright and Patent Information Copyright 1998 2013 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo,
Anti-DDoS. User Guide. Issue 05 Date
Issue 05 Date 2017-02-08 Contents Contents 1 Introduction... 1 1.1 Functions... 1 1.2 Application Scenarios...1 1.3 Accessing and Using Anti-DDoS... 2 1.3.1 How to Access Anti-DDoS...2 1.3.2 How to Use
INSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic
Virus Protection & Content Filtering TECHNOLOGY BRIEF Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server Enhanced virus protection for Web and SMTP traffic INSIDE The need
FP7 NEMESYS Project: Advances on Mobile Network Security
Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem FP7 NEMESYS Project: Advances on Mobile Network Security Elina Theodoropoulou R&D Projects Section Manager etheodorop@cosmote.gr
Cisco Systems Korea
(kiseo@cisco.com) Cisco Systems Korea 2008 Cisco Systems, Inc. All rights reserved. 1 Agenda 2008 Cisco Systems, Inc. All rights reserved. 2 2008 Cisco Systems, Inc. All rights reserved. 3 Threats Are
A Unified Threat Defense: The Need for Security Convergence
A Unified Threat Defense: The Need for Security Convergence Udom Limmeechokchai, Senior system Engineer Cisco Systems November, 2005 1 Agenda Evolving Network Security Challenges META Group White Paper
ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS INTRODUCTION Attivo Networks has partnered with McAfee to detect real-time in-network threats and to automate incident response
Automating Security Response based on Internet Reputation
Add Your Logo here Do not use master Automating Security Response based on Internet Reputation IP and DNS Reputation for the IPS Platform Anthony Supinski Senior Systems Engineer www.h3cnetworks.com www.3com.com
Presentation by Brett Meyer
Presentation by Brett Meyer Traditional AV Software Problem 1: Signature generation Signature based detection model Sheer volume of new threats limits number of signatures created by one vendor Not good
Gladiator Incident Alert
Gladiator Incident Alert Allen Eaves Sabastian Fazzino FINANCIAL PERFORMANCE RETAIL DELIVERY IMAGING PAYMENT SOLUTIONS INFORMATION SECURITY & RISK MANAGEMENT ONLINE & MOBILE 1 2016 Jack Henry & Associates,
Huawei Cloud Fabric Data Center Security and Application Optimization Solution
Huawei Cloud Fabric Data Center and Application Highly Secure s and High-Performance, High-Efficiency Networks Emerging new technologies such as cloud computing, Big Data, and virtualization drive data
USG2110 Unified Security Gateways
USG2110 Unified Security Gateways The USG2110 series is Huawei's unified security gateway developed to meet the network security needs of various organizations including the small enterprises, branch offices,
CSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Spring 2018 Lecture 16: Virtual Machine Monitors Geoffrey M. Voelker Virtual Machine Monitors 2 Virtual Machine Monitors Virtual Machine Monitors (VMMs) are a hot
Sizing and Scoping ecrime
ICANN MEXICO CITY MARCH 5 TH, 2009 Sizing and Scoping ecrime Jeffrey R. Bedser President/COO The Internet Crimes Group Inc. ithreat Solutions Sophos: Downadup May Cause Friday the 13th / Southwest Airlines
Epidemiology and Defenses. Internet Outbreaks: Internet Outbreaks: Department of Computer Science & Engineering. University of California at San Diego
Internet Outbreaks: Internet Outbreaks: Epidemiology and Defenses Stefan Savage Collaborative Center for Internet Epidemiology and Defenses Department of Computer Science & Engineering University of California
Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks
Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks So we are proposing a network intrusion detection system (IDS) which uses a Keywords: DDoS (Distributed Denial
CloudAV. Malware Analysis in the Network Cloud. Jon Oberheide. University of Michigan. June 12, 2008 MMC '08
- CloudAV Malware Analysis in the Network Cloud Jon Oberheide University of Michigan June 12, 2008 MMC '08 Introduction Jon Oberheide Advisor: Farnam Jahanian 2nd year PhD at U of M (BS, MS) Research Slide
Basic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
GQ: Building a Large-Scale Honeyfarm
#!/usr/bin/perl while () { chomp; if ( /^(get post options head...)(.*)/i ) { # Do not respond if it looks like an exploit last if length > 000; my $date = gmtime; if ( $ =~ /get head/i ) print "HTTP/.
McAfee Endpoint Security
McAfee Endpoint Security Frequently Asked Questions Overview You re facing new challenges in light of the increase of advanced malware. Limited integration between threat detection, network, and endpoint
Symantec Protection Suite Add-On for Hosted Security
Symantec Protection Suite Add-On for Hosted Email Security Overview Malware and spam pose enormous risk to the health and viability of IT networks. Cyber criminal attacks are focused on stealing money
MONITORING AND MANAGING NETWORK FLOWS IN VMWARE ENVIRONMENTS
WHITEPAPER MONITORING AND MANAGING NETWORK FLOWS IN VMWARE ENVIRONMENTS By Trevor Pott www.apcon.com onitoring and managing network flows is a critical part of a secure and efficient approach to IT. Unfortunately,
Service Provider View of Cyber Security. July 2017
Service Provider View of Cyber Security July 2017 Quick Stats Caribbean and LatAm: 3 rd largest population of Internet Users You Are Here Visualization from the Opte Project of the various routes through
HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL
HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL CONTENTS EXECUTIVE SUMMARY 1 WEB APPLICATION SECURITY CHALLENGES 2 INSIST ON BEST-IN-CLASS CORE CAPABILITIES 3 HARNESSING ARTIFICIAL INTELLIGENCE
THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY
THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY DATA CENTER WEB APPS NEED MORE THAN IP-BASED DEFENSES AND NEXT-GENERATION FIREWALLS table of contents.... 2.... 4.... 5 A TechTarget White Paper Does
WatchGuard XTMv Setup Guide
WatchGuard XTMv Setup Guide All XTMv Editions Copyright and Patent Information Copyright 1998 2011 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, LiveSecurity, and
The YAKSHA Cybersecurity Solution and the Ambassadors Programme. Alessandro Guarino YAKSHA Innovation Manager CEO, StudioAG
The YAKSHA Cybersecurity Solution and the Ambassadors Programme Alessandro Guarino YAKSHA Innovation Manager CEO, StudioAG 1st Webinar December 17, 2018 1 Agenda I. Introduction to the YAKSHA project III.
Maximum Security with Minimum Impact : Going Beyond Next Gen
SESSION ID: SP03-W10 Maximum Security with Minimum Impact : Going Beyond Next Gen Wendy Moore Director, User Protection Trend Micro @WMBOTT Hyper-competitive Cloud Rapid adoption Social Global Mobile IoT
AutoFocus: A Tool for Automatic Traffic Analysis. Cristian Estan, University of California, San Diego
AutoFocus: A Tool for Automatic Traffic Analysis Cristian Estan, University of California, San Diego Who is using my link? October 2003 AutoFocus - NANOG 29 2 Informal problem definition Gigabytes of measurement
Cisco IOS Inline Intrusion Prevention System (IPS)
Cisco IOS Inline Intrusion Prevention System (IPS) This data sheet provides an overview of the Cisco IOS Intrusion Prevention System (IPS) solution. Product Overview In today s business environment, network
Network Security Protection Alternatives for the Cloud
A Trend Micro White Paper May 2016 Network Security Protection Alternatives for the Cloud» A technical brief summarizing the deployment options that can be used to deploy IDS/IPS protection for cloud instances
How To Remove A Virus Manually Windows 7 Without Antivirus Security Pro
How To Remove A Virus Manually Windows 7 Without Antivirus Security Pro Security Defender is a fake antivirus program, it should not be trusted, since it is a The program usually installs on PCs without
Cisco Incident Control System
Cisco Incident Control System The Cisco Incident Control System (ICS) prevents new worm and virus outbreaks from affecting businesses by enabling the network to rapidly adapt and provide a distributed
Prevx 3.0 v Product Overview - Core Functionality. April, includes overviews of. MyPrevx, Prevx 3.0 Enterprise,
Prevx 3.0 v3.0.1.65 Product Overview - Core Functionality April, 2009 includes overviews of MyPrevx, Prevx 3.0 Enterprise, and Prevx 3.0 Banking and Ecommerce editions Copyright Prevx Limited 2007,2008,2009
Seqrite Endpoint Security
Enterprise Security Solutions by Quick Heal Integrated enterprise security and unified endpoint management console Enterprise Suite Edition Product Highlights Innovative endpoint security that prevents
Darknet Traffic Monitoring using Honeypot
Darknet Traffic Monitoring using Honeypot 1 Hemal khorasia, 2 Mr. Girish Khilari 1 IT Systems & Network Security, 1 Gujarat Technological University, Ahmedabad, India Abstract - A "Darknet" is a portion
Mitigating Outgoing Spam, DoS/DDoS Attacks and Other Security Threats
Solution Brief Mitigating Outgoing Spam, DoS/DDoS Attacks and Other Security Threats 2006 Allot Communications Ltd. Allot Communications, NetEnforcer and the Allot logo are registered trademarks of Allot
ISA 564 SECURITY LAB. Introduction & Class Mechanics. Angelos Stavrou, George Mason University
ISA 564 SECURITY LAB Introduction & Class Mechanics Angelos Stavrou, George Mason University Course Mechanics Course URL: http://cs.gmu.edu/~astavrou/isa564_f16.html Instructor Angelos Stavrou Email: astavrou@gmu.edu
Extended Page Tables (EPT) A VMM must protect host physical memory Multiple guest operating systems share the same host physical memory VMM typically implements protections through page-table shadowing
A Honeyfarm Data Control Mechanism: Design, Implementation, Evaluation and Forensic Study
8 IJCSNS International Journal of Computer Science and Network Security, VOL.18 No.6, June 2018 A Honeyfarm Data Control Mechanism: Design, Implementation, Evaluation and Forensic Study Wei YIN, Hongjian
SaaS Flyer for Trend Micro
SaaS Flyer for Trend Micro Prices Effective July 1, 2008 1 Internet Security 2008 Trend Micro Internet Security 2008 makes it easy to protect your home or small business network, personal identity, and
A Modular Approach for Implementation of Honeypots in Cyber Security
A Modular Approach for Implementation of Honeypots in Cyber Security Muneeb Mirza 1, Muhammad Usman 1, Robert P. Biuk-Aghai 2, Simon Fong 2 1 Department of Computing, SZABIST-Islamabad, Pakistan 2 Department
The emerging battle between Cyber Defense and Cybercrime: How Technology is changing to keep Company and HR data safe
The emerging battle between Cyber Defense and Cybercrime: How Technology is changing to keep Company and HR data safe Copyright 2017 Protocol 46, Inc. All Rights Reserved Copyright 2017 Protocol 46, Inc.
DOCUMENT* PRESENTED BY
DOCUMENT* PRESENTED BY CYBER SECURITY formerly Wick Hill * Nuvias and the Nuvias logo are trademarks of Nuvias Group. Registered in the UK and other countries. Other logo, brand and product names are trademarks
Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com
Protect Your Endpoint, Keep Your Business Safe. White Paper Exosphere, Inc. getexosphere.com White Paper Today s Threat Landscape Cyber attacks today are increasingly sophisticated and widespread, rendering
Barracuda Advanced Threat Protection. Bringing a New Layer of Security for . White Paper
Barracuda Advanced Threat Protection Bringing a New Layer of Security for Email White Paper Evolving Needs for Protection Against Advanced Threats IT security threats are constantly evolving and improving,
Unit 2 Assignment 2. Software Utilities?
1 Unit 2 Assignment 2 Software Utilities? OBJECTIVES Identify software utility types and examples of common software Why are software utilities used? Identify and describe the various networking threats.
Firewall Identification: Banner Grabbing
Honey POt Firewall Identification: Banner Grabbing Banners are messages sent out by network services during the connection to the service. Banners announce which service is running on the system. Banner
Stakeholders Analysis
Stakeholders Analysis Introduction National Stakeholders ISP citizens CNIIP Media National CIRT Academia ONG, Public And Private Institutions sectoral CSIRTs Law enforcement 2 2 CIRT ISP A specialized
Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe
Advanced Malware Protection Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe How would you do security differently if you knew you were going to be hacked? Security Challenges Changing
Intelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
ARAKIS An Early Warning and Attack Identification System
ARAKIS An Early Warning and Attack Identification System Piotr Kijewski Piotr.Kijewski@cert.pl 16th Annual FIRST Conference June 13-18, Budapest, Hungary Presentation outline Trends in large scale malicious
HYBRID HONEYPOT -SYSTEM FOR PRESERVING PRIVACY IN NETWORKS
HYBRID HONEYPOT -SYSTEM FOR PRESERVING PRIVACY IN NETWORKS K.SURESH, KUSH KUMAR YADAV, R.SRIJIT, KARTHIK.P.BHAT STUDENT 3 rd YEAR - INFORMATION TECHNOLOGY SRI SAIRAM ENGINEERING COLLEGE, WEST TAMBARAM,
Rob Sherwood Bobby Bhattacharjee Ryan Braud. University of Maryland. Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse p.
Rob Sherwood Bobby Bhattacharjee Ryan Braud University of Maryland UCSD Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse p.1 Sender Receiver Sender transmits packet 1:1461 Time Misbehaving
OS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
An Efficient and Practical Defense Method Against DDoS Attack at the Source-End
An Efficient and Practical Defense Method Against DDoS Attack at the Source-End Yanxiang He Wei Chen Bin Xiao Wenling Peng Computer School, The State Key Lab of Software Engineering Wuhan University, Wuhan
Internet Outbreaks: Epidemiology and Defenses
Internet Outbreaks: Epidemiology and Defenses Stefan Savage Collaborative Center for Internet Epidemiology and Defenses Department of Computer Science & Engineering University of California at San Diego
Check Point Threat Prevention Appliance With SandBlast Threat Emulation Cloud Service 2015 SWG Industry Assessment
Check Point 12200 Threat Prevention Appliance With SandBlast Threat Emulation Cloud Service 2015 SWG Industry Assessment DR151209G March 2016 Miercom www.miercom.com Contents Executive Summary... 3 Overview...
The Threats of Internet Worms. Based on Addressing the Threat of Internet Worms Vern Paxson UCB/ICSI
The Threats of Internet Worms Based on Addressing the Threat of Internet Worms Vern Paxson UCB/ICSI 1 Internet abuse 2 What is a worm? A worm is self-replicating software designed to spread through the
DoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action
DoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action 1 Table of Content Preamble...3 About Radware s DefensePro... 3 About Radware s Emergency Response
DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH
DDoS Protector Block Denial of Service attacks within seconds Simon Yu Senior Security Consultant CISSP-ISSAP, MBCS, CEH 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012
CSE Computer Security
CSE 543 - Computer Security Lecture 22 - Denial of Service November 15, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Denial of Service Intentional prevention of access to valued resource CPU,
Symantec Endpoint Protection 14
Symantec Endpoint Protection Cloud Security Made Simple Symantec Endpoint Protection 14 Data Data Sheet: Sheet: Endpoint Endpoint Security Security Overview Last year, we saw 431 million new malware variants,
Deploying File Based Security on Dynamic Honeypot Enabled Infrastructure as a Service Data Centre
International Journal of Engineering Research and Development e-issn: 2278-067X, p-issn: 2278-800X, www.ijerd.com Volume 6, Issue 7 (April 2013), PP. 23-27 Deploying File Based Security on Dynamic Honeypot
Comparative Study of Different Honeypots System
International Journal of Engineering Research and Development e-issn: 2278-067X, p-issn: 2278-800X, www.ijerd.com Volume 2, Issue 10 (August 2012), PP. 23-27 Ashish Girdhar 1, Sanmeet Kaur 2 1 Student
UTM 5000 WannaCry Technote
UTM 5000 WannaCry Technote The news is full of reports of the massive ransomware infection caused by WannaCry. Although these security threats are pervasive, and ransomware has been around for a decade,
Honey Pot Be afraid Be very afraid
Honey Pot Be afraid Be very afraid Presented By Shubha Joshi M.Tech(CS) Problems with internet Why? Problems The Internet security is hard New attacks every day Our computers are static targets What should